#39134 [Fbk->Opn]: PHP + FreeTDS 0.64 crashes when TEXT field with empty string encountered

jr-phpbugs at cedric dot unob dot cz Thu, 12 Oct 2006 03:32:18 -0700

 ID:               39134
 User updated by:  jr-phpbugs at cedric dot unob dot cz
 Reported By:      jr-phpbugs at cedric dot unob dot cz
-Status:           Feedback
+Status:           Open
 Bug Type:         MSSQL related
 Operating System: linux (irrelevant)
 PHP Version:      4.4.4
 New Comment:


(gdb) bt
#0  0x003e830f in memcpy () from /lib/libc.so.6
#1  0x0816d0ca in _estrndup (s=0x838a4ac "", length=137940992,
    __zend_filename=0x8235d40
"/usr/local/src/php/php-4.4.4/ext/sybase_ct/php_sybase_ct.c",
__zend_lineno=1185, __zend_orig_filename=0x0, __zend_orig_lineno=0)
    at /usr/local/src/php/php-4.4.4/Zend/zend_alloc.c:409
#2  0x0813627c in php_sybase_fetch_result_row (result=0x838b450,
numrows=-1)
    at /usr/local/src/php/php-4.4.4/ext/sybase_ct/php_sybase_ct.c:1185
#3  0x08136857 in php_sybase_fetch_result_set (sybase_ptr=0x8352334,
    buffered=0, store=-1)
    at /usr/local/src/php/php-4.4.4/ext/sybase_ct/php_sybase_ct.c:1333
#4  0x08136ed3 in php_sybase_query (ht=-1, return_value=0x8389c14,
    this_ptr=0x0, return_value_used=1, buffered=0)
    at /usr/local/src/php/php-4.4.4/ext/sybase_ct/php_sybase_ct.c:1497
#5  0x081371e9 in zif_sybase_query (ht=2, return_value=0x8389c14,
    this_ptr=0x0, return_value_used=1)
    at /usr/local/src/php/php-4.4.4/ext/sybase_ct/php_sybase_ct.c:1626
#6  0x0818819c in execute (op_array=0x83522ac)
    at /usr/local/src/php/php-4.4.4/Zend/zend_execute.c:1675
#7  0x0817a183 in zend_execute_scripts (type=8, retval=0x0,
file_count=3)
    at /usr/local/src/php/php-4.4.4/Zend/zend.c:934
#8  0x0815336b in php_execute_script (primary_file=0xbfffdbe0)
    at /usr/local/src/php/php-4.4.4/main/main.c:1752
#9  0x0818c938 in main (argc=4, argv=0xbfffdc74)
    at /usr/local/src/php/php-4.4.4/sapi/cli/php_cli.c:832
#10 0x00381bb4 in __libc_start_main () from /lib/libc.so.6

(gdb) frame 6
#6  0x0818819c in execute (op_array=0x83522ac)
    at /usr/local/src/php/php-4.4.4/Zend/zend_execute.c:1675
1675                                                           
((zend_internal_function *)
EX(function_state).function)->handler(EX(opline)->extended_value,
EX(Ts)[EX(opline)->result.u.var].var.ptr, EX(object).ptr,
return_value_used TSRMLS_CC);

(gdb) print (char
*)(executor_globals.function_state_ptr->function)->common.function_name
$4 = 0x82358ed "mssql_query"

(gdb) print (char *)executor_globals.active_op_array->function_name
$5 = 0x0

(gdb) print (char *)executor_globals.active_op_array->filename
$6 = 0x83563b4 "/root/crash.php3"


Previous Comments:
------------------------------------------------------------------------

[2006-10-12 09:58:03] [EMAIL PROTECTED]

Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.



------------------------------------------------------------------------

[2006-10-12 09:32:09] jr-phpbugs at cedric dot unob dot cz

Since I omitted double-quotes at the end of the query, here's the
corrected one:

$query="SELECT test_text FROM test WHERE test_id=2";

------------------------------------------------------------------------

[2006-10-12 08:45:07] jr-phpbugs at cedric dot unob dot cz

Description:
------------
PHP, compiled with --with-sybase-ct=/usr/localFreeTDS crashes with
segmentation fault on SELECT from column of type TEXT with empty string
value.

Observed on PHP compiled with
--with-sybase-ct=/path/to/freetds-0.64/prefix , against MSSQL server
2000

Affects FreeTDS 0.64 and 0.64.1 (with 'post64.patch.gz' applied). Has
not been observed with FreeTDS 0.63.

FreeTDS 0.64 alone (without PHP) is not affected.

Possible bug in ext/sybase_ct/php_sybase_ct.c


Reproduce code:
---------------
in MSSQL Enterprise manager:

CREATE TABLE [dbo].[TEST] (
        [TEST_ID] [int] IDENTITY (1, 1) NOT NULL ,
        [TEST_VALUE] [int] NOT NULL ,
        [TEST_TEXT] [text] NULL
) 
insert into TEST (TEST_VALUE) values ('5');
insert into TEST (TEST_VALUE,TEST_TEXT) values ('6','');

in PHP script:
...
$query="SELECT test_text FROM test WHERE test_id=2;
$res=mssql_query($query,$db);


Expected result:
----------------
Empty string.

Actual result:
--------------
PHP crashes with segmentation fault.

CLI version:
- crash with "segmentation fault" message

libphp4.so version:
- affected thread produces a line "[notice] child pid XXXXX exit signal
Segmentation fault (11)"  in Apache's error log.



------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=39134&edit=1

#39134 [Fbk->Opn]: PHP + FreeTDS 0.64 crashes when TEXT field with empty string encountered

Reply via email to