php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #46798 memory leaks in mssql extension
Submitted: 2008-12-08 17:49 UTC Modified: 2008-12-10 20:54 UTC
From: v dot orlov at ulab dot ru Assigned:
Status: Closed Package: MSSQL related
PHP Version: 5.2.7 OS: FreeBSD 6.3
Private report: No CVE-ID:
 [2008-12-08 17:49 UTC] v dot orlov at ulab dot ru
Description:
------------
When exec simple queries to 'MS SQL 2000'  I encounter warnings about memory leaks in apache error log, see below.

Versions:
System FreeBSD 6.3  i386
freetds-0.64_2 (from ports)
apache 1.3.41
php 5.2.6 (5.2.7 has been removed from distribution)
suhosin patch 5.2.6-0.9.6.2

apache & php builded manually (not from ports)

Note: without suhosin patch call mssql_query crashing apache (segfault).

Reproduce code:
---------------
./configure --with-mssql=/usr/local --with-unixODBC --with-apxs=/www/bin/apxs --enable-session --with-iconv --with-mm --with-pcre-regex   --with-pcre-dir --with-gd --with-png-dir --prefix=/www --enable-debug

code like:
msql_connect("dbserver")
$res = mssql_query("select NewsID from News");


Expected result:
----------------
workable mssql module

Actual result:
--------------
error log with suhosin patch and --debug flag

/root/apache-install/php-5.2.6/Zend/zend_variables.h(35) : Block 0x08123528 status:
/root/apache-install/php-5.2.6/Zend/zend_variables.c(36) : Actual location (location was relayed)
Beginning:      OK (allocated on /root/apache-install/php-5.2.6/ext/mssql/php_mssql.c:980, 5 bytes)
    Start:      OK
      End:      Overflown (magic=0x00000000 instead of 0xFBA28207)
                1 byte(s) overflown
---------------------------------------
[Mon Dec  8 19:55:01 2008]  Script:  '/usr/local/www/infopin/index.php'
---------------------------------------
/root/apache-install/php-5.2.6/Zend/zend_variables.h(35) : Block 0x08123498 status:
/root/apache-install/php-5.2.6/Zend/zend_variables.c(36) : Actual location (location was relayed)
Beginning:      OK (allocated on /root/apache-install/php-5.2.6/ext/mssql/php_mssql.c:980, 5 bytes)
    Start:      OK
      End:      Overflown (magic=0x00000000 instead of 0xFBA28207)
                1 byte(s) overflown
---------------------------------------
[Mon Dec  8 19:55:01 2008]  Script:  '/usr/local/www/infopin/index.php'
/root/apache-install/php-5.2.6/ext/mssql/php_mssql.c(980) :  Freeing 0x0810F1B0 (5 bytes), script=/usr/local/www/infopin/index.php
Last leak repeated 16 times
=== Total 17 memory leaks detected ===

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-12-09 16:53 UTC] iliaa@php.net
What is the value of NewsID when a query is executed, is it NULL?
 [2008-12-10 12:47 UTC] v dot orlov at ulab dot ru
I make demo example, see below.
Some fields are NULL in result.

Strange: count($row) return 36, but fields in result only 18
I add condition ($j<22) to loop for less "Notices".

-----------------------
SAMPLE CODE:

<?
$base=mssql_connect("mssql", "web", "xxxxx");
mssql_select_db("ttttt");
$res = mssql_query("select top 1 * from Accounts where DateStart is not null order by AccountID ");
print "<PRE>\n";
$num_res=mssql_num_rows($res);
for($i=0; $i<$num_res; $i++)
{
        $row=mssql_fetch_array($res);
        print $i." - ".$row[0]." count=".count($row)."\n";
        for ($j=0; $j<count($row) && $j<22; $j++)
          print " - [".$row[$j]."]";
        print "\n";
};
print "</PRE>\n";
mssql_close();
?>

-----------------------

OUTPUT


0 - 1659 count=36
 - [1659] - [20121] - [1] - [12000629] - [4] - [1] - [0] - [2005-02-01 00:00:00] - [] - [0.0000] - [0.0000] - [] - [] - [] - [] - [] - [] - [2574]

Notice:  Undefined offset:  18 in /usr/local/www/infopin/test_sql3.php on line 12

 - []

Notice:  Undefined offset:  19 in /usr/local/www/infopin/test_sql3.php on line 12

 - []

Notice:  Undefined offset:  20 in /usr/local/www/infopin/test_sql3.php on line 12

 - []

Notice:  Undefined offset:  21 in /usr/local/www/infopin/test_sql3.php on line 12

 - []

--------------------

APACHE LOG:

/usr/local/www/infopin/test_sql3.php(12) : Notice - Undefined offset:  18
/usr/local/www/infopin/test_sql3.php(12) : Notice - Undefined offset:  19
/usr/local/www/infopin/test_sql3.php(12) : Notice - Undefined offset:  20
/usr/local/www/infopin/test_sql3.php(12) : Notice - Undefined offset:  21
[Wed Dec 10 15:35:33 2008]  Script:  '/usr/local/www/infopin/test_sql3.php'
---------------------------------------
/root/apache-install/php-5.2.6/Zend/zend_variables.h(35) : Block 0x0810ccd4 status:
/root/apache-install/php-5.2.6/Zend/zend_variables.c(36) : Actual location (location was relayed)
Beginning:  	OK (allocated on /root/apache-install/php-5.2.6/ext/mssql/php_mssql.c:980, 5 bytes)
    Start:	OK
      End:	Overflown (magic=0x00000000 instead of 0xFBA28207)
          	1 byte(s) overflown
---------------------------------------
[Wed Dec 10 15:35:33 2008]  Script:  '/usr/local/www/infopin/test_sql3.php'
/root/apache-install/php-5.2.6/ext/mssql/php_mssql.c(980) :  Freeing 0x0810CCD4 (5 bytes), script=/usr/local/www/infopin/test_sql3.php
=== Total 1 memory leaks detected ===
 [2008-12-10 20:54 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sun Apr 20 19:01:51 2014 UTC