ID: 44710
User updated by: proactive1 at gmail dot com
Reported By: proactive1 at gmail dot com
-Status: Open
+Status: Closed
Bug Type: MSSQL related
Operating System: Debian Linux 4
PHP Version: 5.2.5
New Comment:
Upgraded to PHP 5.3 which had resolved the issues that I was having.
The current version free of described issues is:
PHP 5.2.3-1+lenny1 (cli) (built: Oct 3 2007 19:22:40)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
Previous Comments:
------------------------------------------------------------------------
[2008-04-13 15:39:07] proactive1 at gmail dot com
Description:
------------
Environement:
apache2,
PHP 5.2.5-3 with Suhosin-Patch 0.9.6.2 (cli) (built: Feb 21 2008
02:03:40)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
Issue:
When the attached php code is executed against mssql stored procedure
with certain set of variables ($dateFrom & $dateTo) it causes the canary
mismatch error to appear in apache error.log and "page cannot be
displayed" in the browser. The stored procedure runs perfectly with any
set of dates data from the mssql server.
For example: when $dateFrom = 2008-01-01 and $dateTo = 2008-02-14, I am
getting an expected result as per attached. However, when $dateFrom =
2008-01-01 and $dateTo = 2008-02-15, there is a "canary mismatch on
efree() - heap overflow detected" error is being generated and page
cannot be displayed.
I have applied a patch to php_mssql.c as per Iliya's suggestion in bug
#43861. Here is a header from the current php_mssql.c: /* $Id:
php_mssql.c,v 1.152.2.13.2.8 2008/03/05 23:53:23 iliaa Exp $ */ .
Do I need to provide more info? Any help would be greatly appreciated!
Reproduce code:
---------------
<?php
$dateFrom =
$_POST['yr_from']."-".$_POST['month_from']."-".$_POST['dt_from'];
$dateTo = $_POST['yr_to']."-".$_POST['month_to']."-".$_POST['dt_to'];
$link = @mssql_connect("server_name", "uname", "pw") or die('Could not
connect: ' . mssql_error());
$db = "db_name";
@mssql_select_db($db, $link) or die("Couldn't open database $db");
$stmt = mssql_init("sp",$link) or die(mssql_get_last_message());
mssql_bind($stmt, "@dateFrom", &$dateFrom, SQLCHAR, FALSE) or
die(mssql_get_last_message());
mssql_bind($stmt, "@dateTo", &$dateTo, SQLCHAR, FALSE) or
die(mssql_get_last_message());
$res = mssql_execute($stmt);
echo "<pre>";
while ($row = mssql_fetch_assoc($res)){
printf
("%12.20s%12.20s%12.20s%12.20s%18.28s%18.28s%18.28s%18.28s%18.28s\n",$row['Symbol'],$row['Buys'],$row['Sells'],$row['Position
'],$row['TotalVolume'],$row['GrossPnL'],$row['ClrFees'],$row['ExFees'],$row['NetPnL']);
}
echo "</pre>";
mssql_free_result($res);
mssql_close($link);
?>
Expected result:
----------------
PnL Report for 2008-01-01 to 2008-02-14 period
Symbol: Buys: Sells: Position: TotalVolume:
GPnL: CFees: ExFees: NetPnL:
prod1 1154 1154 0 2308
2420.00 115.40 1477.12 827.48
prod2 15 15 0 30
118.75 1.50 17.70 99.55
prod3 13 13 0 26
100.00 1.30 15.34 83.36
prod4 4614 4614 0 9228
2812.50 461.40 5444.52 -3093.42
prod5 1130 1130 0 2260
8480.00 113.00 1107.40 7259.60
prod6 15 15 0 30
-165.00 1.50 19.20 -185.70
Generated on: Sunday April 13, 2008, 09:57 AM
Actual result:
--------------
[Sun Apr 13 09:38:22 2008] [error] [client 10.X.X.X] ALERT - canary
mismatch on efree() - heap overflow detected (attacker '10.
X.X.X, file '/var/www/apache2-default/phpproject/sql2.php'), referer:
http://10.X.X.X/apache2-default/phpproject/pnl_gen
erator.html
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=44710&edit=1
