From: justin22 at v-biz dot net
Operating system: windows 2000
PHP version: 4.3.4
PHP Bug Type: Reproducible crash
Bug description: mssql money datatype in query crashes apache
Description:
------------
php 4.3.3 & 4.3.4 / sql server 2000 sp3 / win2k sp4 / apache 2.0.47
query contains a money field, after 30-40 rows, apache crashed.
apache log:
[Thu Dec 11 10:11:02 2003] [notice] Parent: child process exited with
status 3221225477 -- Restarting.
[Thu Dec 11 10:11:04 2003] [notice] Parent: Created child process 1008
dr watson log:
Application exception occurred:
App: (pid=1168)
When: 11/12/2003 @ 10:11:00.979
Exception number: c0000005 (access violation)
...
State Dump for Thread Id 0x544
eax=223d6504 ebx=000000e9 ecx=3e223335 edx=01ebb298 esi=01aa0000
edi=01ebab50
eip=77fcb032 esp=01a1da40 ebp=01a1dbd8 iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000246
function: _eFSQRT
77fcb00e 884705 mov [edi+0x5],al
ds:02944a36=??
77fcb011 ff75d0 push dword ptr [ebp+0xd0]
ss:024a7abe=????????
77fcb014 8b75a4 mov esi,[ebp+0xa4]
ss:024a7abe=????????
77fcb017 56 push esi
77fcb018 e81de5fbff call RtlConsoleMultiByteToUnicodeN+0x348
(77f8953a)
77fcb01d 8b4dd0 mov ecx,[ebp+0xd0]
ss:024a7abe=????????
77fcb020 8b4108 mov eax,[ecx+0x8]
ds:3ecad21b=????????
77fcb023 8985d8feffff mov [ebp+0xfffffed8],eax
ss:01a1dab0=223d6504
77fcb029 8b490c mov ecx,[ecx+0xc]
ds:3ecad21b=????????
77fcb02c 898dd4feffff mov [ebp+0xfffffed4],ecx
ss:01a1daac=3e223335
FAULT ->77fcb032 8901 mov [ecx],eax
ds:3e223335=????????
77fcb034 894804 mov [eax+0x4],ecx
ds:22e603ea=????????
77fcb037 3bc1 cmp eax,ecx
77fcb039 0f84b7240000 je RtlFreeHeap+0xd23 (77fcd4f6)
77fcb03f 8b45d0 mov eax,[ebp+0xd0]
ss:024a7abe=????????
77fcb042 0fb708 movzx ecx,word ptr [eax]
ds:223d6504=????
77fcb045 294e28 sub [esi+0x28],ecx
ds:02529ee6=????????
77fcb048 0fb700 movzx eax,word ptr [eax]
ds:223d6504=????
77fcb04b 03d8 add ebx,eax
77fcb04d 895da8 mov [ebp+0xa8],ebx
ss:024a7abe=????????
77fcb050 81fb00fe0000 cmp ebx,0xfe00
77fcb056 0f86d4240000 jbe RtlFreeHeap+0xd5d (77fcd530)
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
01A1DBD8 00F4EEB2 01AA0000 00000001 000000B0 000000A0 ntdll!_eFSQRT
000000A0 00000000 00000000 00000000 00000000 00000000 !emalloc
fault is 100% repeatable on a particular dataset.
the problem goes away if I change the source query to convert to a float:
select CONVERT(float, dbo.Payments.Amount) AS Amount
Reproduce code:
---------------
$sql="select amount from fred";
if (!db_connect()) return false;
$result = mssql_query($sql);
// Crash
$sql="select CONVERT(float, dbo.Payments.Amount) AS Amount from fred"
$result = mssql_query($sql);
// OK
Sample table Fred has 1 column, Amount(money) with 236 rows, can be
supplied on request
--
Edit bug report at http://bugs.php.net/?id=26589&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=26589&r=trysnapshot4
Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=26589&r=trysnapshot5
Fixed in CVS: http://bugs.php.net/fix.php?id=26589&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=26589&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=26589&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=26589&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=26589&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=26589&r=support
Expected behavior: http://bugs.php.net/fix.php?id=26589&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=26589&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=26589&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=26589&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=26589&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=26589&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=26589&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=26589&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=26589&r=float
