On Tue, 3 Dec 2002, Michael Sisolak wrote: > Frank Kromann has investigated these issues and has made fixes in the > CVS version of ext/mssql.
Are these fixes merged into the branch? Derick > --- Michael Sisolak <[EMAIL PROTECTED]> wrote: > > Testing my existing SQL Server based sites with 4.3.0RC2 resulted in > > many memory access violations and crashes. I believe that I have > > tracked these down to two different changes made to the MSSQL > > extension > > since 4.2.3: > > > > 1) In version 1.82 of php_mssql.c there were 6 mallocs that were > > changed from "emalloc(res_length + 1);" to "emalloc(res_length);". I > > believe, however, that the code that uses those memory blocks in at > > least four of the cases required that extra space. This is the code > > as > > it is now for two of the changes in 4.3.0RC2: > > > > res_buf = (unsigned char *) emalloc(res_length); > > bin = ((DBBINARY *)dbdata(mssql_ptr->link, offset)); > > memcpy(res_buf, bin, res_length); > > res_buf[res_length] = '\0'; > > > > It's the setting of res_buf[res_length] illegal, as that would be > > beyond the bounds of emalloc(res_length)? Also this code (appearing > > in > > two of the changes): > > > > res_length = 19; > > res_buf = (unsigned char *) emalloc(res_length); > > sprintf(res_buf, "%d-%02d-%02d %02d:%02d:%02d" , . . . > > > > Since the length of the character string is going to be 19 > > characters, > > isn't the sprintf going to write an ASCIIZ ending beyond the size of > > res_buf? > > > > Does the way emalloc() works take care of these problems? Adding the > > "+ 1" back to these four emalloc() calls stopped one set of crashes. > > > > 2) In version 1.83 of php_mssql.c the mssql_query() function was > > altered from: > > > > if ((num_fields = dbnumcols(mssql_ptr->link)) <= 0) { > > RETURN_TRUE; > > } > > > > to: > > > > if ((num_fields = dbnumcols(mssql_ptr->link)) <= 0 && > > !dbdataready(mssql_ptr->link)) { > > RETURN_TRUE; > > } > > > > The CVS comment indicates that this change was for "fixing the > > mssql_query to handle multiple results correct if the first result > > does > > not return any data." If I now call mssql_query() with a query that > > doesn't return any values (like a SQL-T EXEC call), however, PHP will > > crash (removing the new dbdataready() check eliminates the crash). > > > > Michael Sisolak > > [EMAIL PROTECTED] > > > > __________________________________________________ > > Do you Yahoo!? > > Yahoo! Mail Plus - Powerful. Affordable. Sign up now. > > http://mailplus.yahoo.com > > > > > __________________________________________________ > Do you Yahoo!? > Yahoo! Mail Plus - Powerful. Affordable. Sign up now. > http://mailplus.yahoo.com > > -- > PHP Development Mailing List <http://www.php.net/> > To unsubscribe, visit: http://www.php.net/unsub.php > -- ------------------------------------------------------------------------- Derick Rethans http://derickrethans.nl/ PHP Magazine - PHP Magazine for Professionals http://php-mag.net/ ------------------------------------------------------------------------- -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php