#48193 [NEW]: ODBC crash from PHP

Fri, 08 May 2009 10:26:47 -0700 

From:             leo dot nnnaaarrrdddooo at gmail dot com
Operating system: Debian 5.0 "Lenny" AMD64
PHP version:      5.2CVS-2009-05-08 (CVS)
PHP Bug Type:     ODBC related
Bug description:  ODBC crash from PHP

Description:
------------
ODBC crashes when using php script included (using a MySQL database), and
an

ALERT - canary mismatch on efree() - heap overflow detected (attacker
'X.X.X.X', etc ...)

line pops up in the error.log for apache.

This happens on current stable Debian 5.0 "lenny" AMD64, with system up to
date as of today, running: apache2, php5, mysql-server.

Compiling latest MySQL odbc driver version 5.1.5 doesn't crash, but does
lock up the calling process if same script is run with php5 client from
command line.


Reproduce code:
---------------
$conn="DRIVER={MySQL}; DatabaseName='test';
CommLinks=tcpip(Host=localhost); ";
$conn=odbc_connect($conn, "user", "");
$sql='SELECT * FROM test.T1;';
echo $sql;
$pg_query=odbc_exec($pg_conn, $sql);
odbc_close($pg_conn);
echo "A";



-- 
Edit bug report at http://bugs.php.net/?id=48193&edit=1
-- 
Try a CVS snapshot (PHP 5.2):        
http://bugs.php.net/fix.php?id=48193&r=trysnapshot52
Try a CVS snapshot (PHP 5.3):        
http://bugs.php.net/fix.php?id=48193&r=trysnapshot53
Try a CVS snapshot (PHP 6.0):        
http://bugs.php.net/fix.php?id=48193&r=trysnapshot60
Fixed in CVS:                        
http://bugs.php.net/fix.php?id=48193&r=fixedcvs
Fixed in CVS and need be documented: 
http://bugs.php.net/fix.php?id=48193&r=needdocs
Fixed in release:                    
http://bugs.php.net/fix.php?id=48193&r=alreadyfixed
Need backtrace:                      
http://bugs.php.net/fix.php?id=48193&r=needtrace
Need Reproduce Script:               
http://bugs.php.net/fix.php?id=48193&r=needscript
Try newer version:                   
http://bugs.php.net/fix.php?id=48193&r=oldversion
Not developer issue:                 
http://bugs.php.net/fix.php?id=48193&r=support
Expected behavior:                   
http://bugs.php.net/fix.php?id=48193&r=notwrong
Not enough info:                     
http://bugs.php.net/fix.php?id=48193&r=notenoughinfo
Submitted twice:                     
http://bugs.php.net/fix.php?id=48193&r=submittedtwice
register_globals:                    
http://bugs.php.net/fix.php?id=48193&r=globals
PHP 4 support discontinued:          http://bugs.php.net/fix.php?id=48193&r=php4
Daylight Savings:                    http://bugs.php.net/fix.php?id=48193&r=dst
IIS Stability:                       
http://bugs.php.net/fix.php?id=48193&r=isapi
Install GNU Sed:                     
http://bugs.php.net/fix.php?id=48193&r=gnused
Floating point limitations:          
http://bugs.php.net/fix.php?id=48193&r=float
No Zend Extensions:                  
http://bugs.php.net/fix.php?id=48193&r=nozend
MySQL Configuration Error:           
http://bugs.php.net/fix.php?id=48193&r=mysqlcfg

Reply via email to