[PHP-BUG] Bug #61183 [NEW]: Firebird PDO memory corruption
From:
Operating system: Windows Server 2008 x86
PHP version: 5.3.10
Package: PDO related
Bug Type: Bug
Bug description:Firebird PDO memory corruption
Description:
Running Firebird 2.5, and trying to use PDO to run a few queries, I ran
into
memory corruption. I've tested the same code on a few other DBMSs via PDO
and they
run fine, so it seems related to the Firebird PDO module. It also doesn't
happen
on every table structure. For example, I tried a table consisting of a
single
integer field and the error wasn't triggered. Playing with the script a
bit, it
eventually output: zend_mm_heap corrupted
The structure for the table in the example script can be found here:
https://github.com/phpbb/phpbb3/blob/release-
3.0.10/phpBB/install/schemas/firebird_schema.sql#L1319
Test script:
---
?php
try
{
$dbh = new
PDO('firebird:host=localhost;dbname=C:\\phpbb_test_data\\tests.fdb',
'SYSDBA', 'masterkey');
for($i = 0; $i 5000; $i++)
{
$statement = $dbh-prepare('INSERT INTO PHPBB_USERS
(USER_ID,
USERNAME, USERNAME_CLEAN, USER_PERMISSIONS, USER_SIG, USER_OCC,
USER_INTERESTS) VALUES (?, ?, ?, ?, ?, ?, ?)');
$statement-execute(array (0 = '2', 1 = 'banned', 2 =
'banned', 3 =
'', 4 = '', 5 = '', 6 = ''));
echo 'Statement run: ' . $i . \n;
}
}
catch (PDOException $e)
{
echo 'Exception: ' . $e-getMessage();
}
Expected result:
The script should run 5000 times and exit cleanly.
Actual result:
--
The script runs through a few iterations and PHP crashes. Altercations to
the
script can make it run longer or shorter (without trailing ? crashes in 2
iterations, with it, crashes after 1998 iterations).
This first backtrace is from a 32bit Windows Server 2008 install running in
a
VirtualBox VM:
Entry point php!mainCRTStartup
Create time 2/25/2012 2:40:53 AM
Time spent in user mode 0 Days 0:0:0.15
Time spent in kernel mode 0 Days 0:0:0.781
Function Arg 1 Arg 2 Arg 3 Source
php5ts!zend_mm_set_custom_handlers+225 0001 0212fa20
0212e7e0
php5ts!_estrndup+35 02130770 02272f78
php5ts!_zval_copy_ctor_func+42 0212e7e0 0001 0212f490
php5ts!pdo_stmt_describe_columns+701 0001 02130810
php5ts!execute+1130 02160080 02272f01 634b7838
php5ts!execute+15ed 02272f78 0091f440
php5ts!execute+2e8 0212e548 02272f00 02272f78
php5ts!zend_execute_scripts+fe 0008 02272f78
php5ts!php_execute_script+24c 0091f6f0 02272f78 00ee742c
php!main+b9b 0002 02272f08 02271be0
php!memcpy+160 7ffd7000 0091f830 777b1603
kernel32!BaseThreadInitThunk+12 7ffd7000 75823a7e
ntdll!RtlInitializeExceptionChain+63 00ee3002 7ffd7000
ntdll!RtlInitializeExceptionChain+36 00ee3002 7ffd7000
PHP5TS!ZEND_MM_SET_CUSTOM_HANDLERS+225In
php__PID__4908__Date__02_25_2012__Time_02_41_07AM__420__Second_Chance_Exception_
C005.dmp the assembly instruction at
php5ts!zend_mm_set_custom_handlers+225 in C:\php\php5ts.dll from The PHP
Group
has caused an access violation exception (0xC005) when trying to read
from
memory location 0x6e6e616a on thread 0
Module Information
Image Name: C:\php\php5ts.dll Symbol Type: PDB
Base address: 0x6349 Time Stamp: Thu Feb 02 13:36:49 2012
Checksum: 0x005a3fb6 Comments:
COM DLL: False Company Name: The PHP Group
ISAPIExtension: False File Description: PHP Script Interpreter
ISAPIFilter: False File Version: 5.3.10
Managed DLL: False Internal Name: PHP Script Interpreter
VB DLL: False Legal Copyright: Copyright © 1997-2010 The PHP Group
Loaded Image Name: php5ts.dll Legal Trademarks: PHP
Mapped Image Name: Original filename: php5ts.dll
Module name: php5ts Private Build:
Single Threaded: False Product Name: PHP
Module Size: 5.77 MBytes Product Version: 5.3.10
Symbol File Name: C:\php_debug\php5ts.pdb Special Build:
Moving it to my main system, Windows 7 x64 (32bit Firebird 2.5 still), with
Visual Studio 2010, I captured the following stack trace when it crashed:
php5ts.dll!_zend_mm_alloc_int(_zend_mm_heap * heap=0x6e6e6162, unsigned int
size=1) Line 1835
php5ts.dll!_estrndup(const char * s=0x02cb1308, unsigned int length=0)
Line
2503 + 0x33 bytes
php5ts.dll!_zval_copy_ctor_func(_zval_struct * zvalue=0x02cb1d80) Line 120
+
0xc bytes
php5ts.dll!zim_PDOStatement_execute(int ht=1, _zval_struct *
return_value=0x02cb1028, _zval_struct * * return_value_ptr=0x,
_zval_struct *
this_ptr=0x02cb1088, int return_value_used=0, void * * *
tsrm_ls=0x02c91ad0)
Line 478 + 0x3f bytes
php5ts.dll!zend_do_fcall_common_helper_SPEC(_zend_execute_data *
[PHP-BUG] Req #51883 [NEW]: Update Visual Studio Solution
From: Operating system: Windows PHP version: 5.3.2 Package: *Compile Issues Bug Type: Feature/Change Request Bug description:Update Visual Studio Solution Description: Since both VC6 and VC9 versions are built, maybe it would be possible to include an updated version of the VC6 workspace as a VS 2008 Solution (.sln). In its current state, all projects except TSRM upgrade successfully. The Attach to Process feature would be handy, as well has just having an easy way to flip through all of the code. -- Edit bug report at http://bugs.php.net/bug.php?id=51883edit=1 -- Try a snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=51883r=trysnapshot52 Try a snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=51883r=trysnapshot53 Try a snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=51883r=trysnapshot60 Fixed in SVN: http://bugs.php.net/fix.php?id=51883r=fixed Fixed in SVN and need be documented: http://bugs.php.net/fix.php?id=51883r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=51883r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=51883r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=51883r=needscript Try newer version: http://bugs.php.net/fix.php?id=51883r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=51883r=support Expected behavior: http://bugs.php.net/fix.php?id=51883r=notwrong Not enough info: http://bugs.php.net/fix.php?id=51883r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=51883r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=51883r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=51883r=php4 Daylight Savings:http://bugs.php.net/fix.php?id=51883r=dst IIS Stability: http://bugs.php.net/fix.php?id=51883r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=51883r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=51883r=float No Zend Extensions: http://bugs.php.net/fix.php?id=51883r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=51883r=mysqlcfg
Bug #51298 [Com]: Error when loading php5apache2_2.dll
Edit report at http://bugs.php.net/bug.php?id=51298edit=1 ID: 51298 Comment by: noxwizard at gmail dot com Reported by: trotsky_icepick at hotmail dot com Summary: Error when loading php5apache2_2.dll Status: Assigned Type: Bug Package: Apache2 related Operating System: Windows Vista SP2 PHP Version: 5.3.2 Assigned To: jmertic New Comment: I can reproduce this on Windows 7 x64 using the zipped versions. Apache: httpd-2.2.15-win32-x86-ssl.zip (Apache Lounge) PHP: php-5.3.2-Win32-VC9-x86.zip (Thread Safe, php.net) No extensions enabled. Problem signature: Problem Event Name: APPCRASH Application Name: apache.exe Application Version: 2.2.15.0 Application Timestamp:4b916754 Fault Module Name:StackHash_0a9e Fault Module Version: 0.0.0.0 Fault Module Timestamp: Exception Code: c005 Exception Offset: 004bd5c9 Previous Comments: [2010-03-29 23:04:31] paj...@php.net As I said, please use the Zip version in the meantime. [2010-03-29 22:35:55] ficcionista at gmail dot com I'm receiving the same error. Here's what I could find out: Installed the following on a fresh Win XP SP3 machine: - httpd-2.2.15-win32-x86-openssl-0.9.8m-r2.msi - Defaults - php-5.3.2-Win32-VC6-x86.msi - Defaults As soon as I tried to start apache i get this error: The request operation has failed: Error signature: szAppName : httpd.exe szAppVer : 2.2.15.0 szModName : php5ts.dll szModVer : 5.3.2.0 offset : 000e6d2c On the Windows event viewer i got this: Faulting application httpd.exe, version 2.2.15.0, faulting module php5ts.dll, version 5.3.2.0, fault address 0x000e6d2c. I've also tried disabling PHP's extensions and then turning them on one by one. Here's the only PHP config that allowed me to start apache (Crippled, but running): Enabled extensions: php_bz2.dll php_curl.dll php_gd2.dll php_gettext.dll php_mysql.dll php_mysqli.dll php_openssl.dll php_soap.dll Disabled extensions php_dba.dll php_fdf.dll php_sockets.dll php_tidy.dll php_xmlrpc.dll php_xsl.dll php_zip.dll php_exif.dll php_gmp.dll php_imap.dll php_ldap.dll php_mbstring.dll php_mcrypt.dll php_mhash.dll php_mime_magic.dll php_ming.dll php_pspell.dll php_shmop.dll php_snmp.dll [2010-03-28 12:20:46] paj...@php.net It seems to be only a problem when you use the MSI. It does not happen if you install PHP manually using the zip releases. It also works if I completelly remove the PHP directory and run the MSI again. As it is critical that the MSI works smoothly, it is not like you don't have alternative right now to update to 5.3.2. The MSI maintainer is investigating the problem. [2010-03-28 06:39:11] jeftyneg at yahoo dot com Any update of this critical issue? I think thorough testing was not performed against Apache 2.2.15 due to the fact that Apache 2.2.15 was released 2 days after PHP 5.3.2 was released. Maybe there's a compatibility issue between Apache 2.2.15 and PHP 5.3.2. I personally considered this as a critical bug because this is a blocking issue. One can't proceed with testing the PHP scripts because installation can cause Apache 2.2.15 to crash. [2010-03-24 15:32:25] jeftyneg at yahoo dot com Did you perform any special steps why you can't reproduce it anymore? Because in my case, I can always replicate the bug. Other user also can replicate the bug as noted in [2010-03-23 13:05 UTC]. OS: Windows XP with SP3(Fresh installation with updates from Microsoft) PHP: 5.3.2 Apache: 2.2.15 Installation options used are all default. I just can't imagine why you can't replicate the bug but in our environment, it can easily be replicated. Please tell us more about your test environment. Thanks. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/bug.php?id=51298 -- Edit this bug report at http://bugs.php.net/bug.php?id=51298edit=1
