#33201 [NEW]: segfault in _emalloc called from php_mssql_get_column_content_with_type

[skissane at iips dot mq dot edu dot au]

From:             skissane at iips dot mq dot edu dot au
Operating system: Linux
PHP version:      5.0.4
PHP Bug Type:     MSSQL related
Bug description:  segfault in _emalloc called from 
php_mssql_get_column_content_with_type

Description:
------------
Segmentation fault.



Reproduce code:
---------------
<?
$q = mssql_connect("<server>","<username>","<password>");
$i = mssql_query("SELECT * FROM MSSQLTrace_99",$q);
while (mssql_fetch_row($i) !== FALSE);

Where the  MSSQLTrace_99 table is created by the following MSSQL script (a
bit too big for a bug database):
http://www.iips.mq.edu.au/php_mssql_bug.txt

Expected result:
----------------
No output.

Actual result:
--------------
Backtrace:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 29878)]
0x40440bef in _int_malloc () from /lib/i686/libc.so.6
(gdb) bt
#0  0x40440bef in _int_malloc () from /lib/i686/libc.so.6
#1  0x404422ac in malloc () from /lib/i686/libc.so.6
#2  0x0815ac58 in _emalloc (size=1078913472) at
/home/skissane/php-5.0.4/Zend/zend_alloc.c:182
#3  0x0809151e in php_mssql_get_column_content_with_type
(mssql_ptr=0x827079c, offset=1078913472, result=0x828319c,
column_type=1078910980)
    at /home/skissane/php-5.0.4/ext/mssql/php_mssql.c:877
#4  0x08091daf in _mssql_fetch_batch (mssql_ptr=0x827079c,
result=0x826b5cc, retvalue=-1) at
/home/skissane/php-5.0.4/ext/mssql/php_mssql.c:1104
#5  0x0809222e in zif_mssql_query (ht=33, return_value=0x8270a54,
this_ptr=0x0, return_value_used=1) at
/home/skissane/php-5.0.4/ext/mssql/php_mssql.c:1225
#6  0x081882ce in zend_do_fcall_common_helper (execute_data=0xbfffd510,
opline=0x826f980, op_array=0x826b53c)
    at /home/skissane/php-5.0.4/Zend/zend_execute.c:2727
#7  0x081858ca in execute (op_array=0x826b53c) at
/home/skissane/php-5.0.4/Zend/zend_execute.c:1406
#8  0x0816b79f in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at /home/skissane/php-5.0.4/Zend/zend.c:1069
#9  0x0813eb73 in php_execute_script (primary_file=0xbffff8d0) at
/home/skissane/php-5.0.4/main/main.c:1632
#10 0x0818ebe8 in main (argc=2, argv=0xbffff954) at
/home/skissane/php-5.0.4/sapi/cli/php_cli.c:946
#11 0x403f3912 in __libc_start_main () from /lib/i686/libc.so.6

-- 
Edit bug report at http://bugs.php.net/?id=33201&edit=1
-- 
Try a CVS snapshot (php4):   http://bugs.php.net/fix.php?id=33201&r=trysnapshot4
Try a CVS snapshot (php5.0): 
http://bugs.php.net/fix.php?id=33201&r=trysnapshot50
Try a CVS snapshot (php5.1): 
http://bugs.php.net/fix.php?id=33201&r=trysnapshot51
Fixed in CVS:                http://bugs.php.net/fix.php?id=33201&r=fixedcvs
Fixed in release:            http://bugs.php.net/fix.php?id=33201&r=alreadyfixed
Need backtrace:              http://bugs.php.net/fix.php?id=33201&r=needtrace
Need Reproduce Script:       http://bugs.php.net/fix.php?id=33201&r=needscript
Try newer version:           http://bugs.php.net/fix.php?id=33201&r=oldversion
Not developer issue:         http://bugs.php.net/fix.php?id=33201&r=support
Expected behavior:           http://bugs.php.net/fix.php?id=33201&r=notwrong
Not enough info:             
http://bugs.php.net/fix.php?id=33201&r=notenoughinfo
Submitted twice:             
http://bugs.php.net/fix.php?id=33201&r=submittedtwice
register_globals:            http://bugs.php.net/fix.php?id=33201&r=globals
PHP 3 support discontinued:  http://bugs.php.net/fix.php?id=33201&r=php3
Daylight Savings:            http://bugs.php.net/fix.php?id=33201&r=dst
IIS Stability:               http://bugs.php.net/fix.php?id=33201&r=isapi
Install GNU Sed:             http://bugs.php.net/fix.php?id=33201&r=gnused
Floating point limitations:  http://bugs.php.net/fix.php?id=33201&r=float
No Zend Extensions:          http://bugs.php.net/fix.php?id=33201&r=nozend
MySQL Configuration Error:   http://bugs.php.net/fix.php?id=33201&r=mysqlcfg