ID: 33201 Updated by: [EMAIL PROTECTED] Reported By: skissane at iips dot mq dot edu dot au -Status: Assigned +Status: Closed Bug Type: MSSQL related Operating System: Linux PHP Version: 5CVS-2005-11-07 (snap) Assigned To: fmk New Comment:
This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2005-11-07 15:55:32] [EMAIL PROTECTED] Frank, fix please? :) ------------------------------------------------------------------------ [2005-11-07 02:24:08] skissane at iips dot mq dot edu dot au With latest snapshot the segfault is no longer happening... but malloc corruption is still occuring, which makes me wonder whether it really has been fixed or just changed in some way which makes this testcase no longer trigger the bug... > ./configure --with-mssql --disable-cgi --enable-cli --disable-debug && make clean && make && sapi/cli/php bug33201.php *** glibc detected *** sapi/cli/php: malloc(): memory corruption: 0x09546be0 *** ======= Backtrace: ========= /lib/libc.so.6[0xc800ea] /lib/libc.so.6(malloc+0x74)[0xc81492] sapi/cli/php(_emalloc+0x2f)[0x81ccde3] sapi/cli/php[0x80a5a7d] sapi/cli/php[0x80a989c] sapi/cli/php(zif_mssql_query+0x2eb)[0x80a9e47] sapi/cli/php[0x8200588] sapi/cli/php(execute+0xf5)[0x81ffd89] sapi/cli/php(zend_execute_scripts+0x1f3)[0x81e09c3] sapi/cli/php(php_execute_script+0x21a)[0x81ad776] sapi/cli/php(main+0xd60)[0x8262160] /lib/libc.so.6(__libc_start_main+0xdf)[0xc30d5f] sapi/cli/php[0x807bc29] ======= Memory map: ======== <ommitted...> > ./configure --with-mssql --disable-cgi --enable-cli --enable-debug && make clean && make && sapi/cli/php bug33201.php [Mon Nov 7 12:12:37 2005] Script: 'bug33201.php' --------------------------------------- /home/skissane/unpacked/php5-200511062130/Zend/zend_variables.h(35) : Block 0x090E9980 status: /home/skissane/unpacked/php5-200511062130/Zend/zend_variables.c(36) : Actual location (location was relayed) Beginning: OK (allocated on /home/skissane/unpacked/php5-200511062130/ext/mssql/php_mssql.c:907, 19 bytes) End: Overflown (magic=0x2A8FCC00 instead of 0x2A8FCC84) 1 byte(s) overflown --------------------------------------- [Mon Nov 7 12:12:37 2005] Script: 'bug33201.php' --------------------------------------- /home/skissane/unpacked/php5-200511062130/Zend/zend_variables.h(35) : Block 0x090E9DB0 status: /home/skissane/unpacked/php5-200511062130/Zend/zend_variables.c(36) : Actual location (location was relayed) Beginning: OK (allocated on /home/skissane/unpacked/php5-200511062130/ext/mssql/php_mssql.c:907, 19 bytes) End: Overflown (magic=0x2A8FCC00 instead of 0x2A8FCC84) 1 byte(s) overflown --------------------------------------- [Mon Nov 7 12:12:37 2005] Script: 'bug33201.php' --------------------------------------- /home/skissane/unpacked/php5-200511062130/Zend/zend_variables.h(35) : Block 0x090EA268 status: /home/skissane/unpacked/php5-200511062130/Zend/zend_variables.c(36) : Actual location (location was relayed) Beginning: OK (allocated on /home/skissane/unpacked/php5-200511062130/ext/mssql/php_mssql.c:907, 19 bytes) End: Overflown (magic=0x2A8FCC00 instead of 0x2A8FCC84) 1 byte(s) overflown --------------------------------------- [Mon Nov 7 12:12:37 2005] Script: 'bug33201.php' --------------------------------------- /home/skissane/unpacked/php5-200511062130/Zend/zend_variables.h(35) : Block 0x090EA2B0 status: /home/skissane/unpacked/php5-200511062130/Zend/zend_variables.c(36) : Actual location (location was relayed) Beginning: OK (allocated on /home/skissane/unpacked/php5-200511062130/ext/mssql/php_mssql.c:907, 9 bytes) End: Overflown (magic=0x35373232 instead of 0x2A8FCC84) At least 4 bytes overflown --------------------------------------- [Mon Nov 7 12:12:37 2005] Script: 'bug33201.php' --------------------------------------- /home/skissane/unpacked/php5-200511062130/Zend/zend_variables.h(35) : Block 0x090EA828 status: /home/skissane/unpacked/php5-200511062130/Zend/zend_variables.c(36) : Actual location (location was relayed) Beginning: OK (allocated on /home/skissane/unpacked/php5-200511062130/ext/mssql/php_mssql.c:907, 19 bytes) End: Overflown (magic=0x2A8FCC00 instead of 0x2A8FCC84) 1 byte(s) overflown --------------------------------------- [Mon Nov 7 12:12:37 2005] Script: 'bug33201.php' --------------------------------------- /home/skissane/unpacked/php5-200511062130/Zend/zend_variables.h(35) : Block 0x090EAF18 status: /home/skissane/unpacked/php5-200511062130/Zend/zend_variables.c(36) : Actual location (location was relayed) Beginning: OK (allocated on /home/skissane/unpacked/php5-200511062130/ext/mssql/php_mssql.c:907, 19 bytes) End: Overflown (magic=0x2A8FCC00 instead of 0x2A8FCC84) 1 byte(s) overflown --------------------------------------- [Mon Nov 7 12:12:37 2005] Script: 'bug33201.php' --------------------------------------- /home/skissane/unpacked/php5-200511062130/Zend/zend_variables.h(35) : Block 0x090EAF60 status: /home/skissane/unpacked/php5-200511062130/Zend/zend_variables.c(36) : Actual location (location was relayed) Beginning: OK (allocated on /home/skissane/unpacked/php5-200511062130/ext/mssql/php_mssql.c:907, 9 bytes) End: Overflown (magic=0x36383934 instead of 0x2A8FCC84) At least 4 bytes overflown --------------------------------------- [Mon Nov 7 12:12:37 2005] Script: 'bug33201.php' --------------------------------------- /home/skissane/unpacked/php5-200511062130/Zend/zend_variables.h(35) : Block 0x090EA9A8 status: /home/skissane/unpacked/php5-200511062130/Zend/zend_variables.c(36) : Actual location (location was relayed) Beginning: OK (allocated on /home/skissane/unpacked/php5-200511062130/ext/mssql/php_mssql.c:907, 19 bytes) End: Overflown (magic=0x2A8FCC00 instead of 0x2A8FCC84) 1 byte(s) overflown --------------------------------------- [Mon Nov 7 12:12:37 2005] Script: 'bug33201.php' --------------------------------------- /home/skissane/unpacked/php5-200511062130/Zend/zend_variables.h(35) : Block 0x090EA9F0 status: /home/skissane/unpacked/php5-200511062130/Zend/zend_variables.c(36) : Actual location (location was relayed) Beginning: OK (allocated on /home/skissane/unpacked/php5-200511062130/ext/mssql/php_mssql.c:907, 9 bytes) End: Overflown (magic=0x37323331 instead of 0x2A8FCC84) At least 4 bytes overflown --------------------------------------- /home/skissane/unpacked/php5-200511062130/ext/mssql/php_mssql.c(907) : Freeing 0x090EAA14 (9 bytes), script=bug33201.php Last leak repeated 8 times === Total 9 memory leaks detected === ------------------------------------------------------------------------ [2005-11-06 23:58:32] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5-latest.tar.gz For Windows: http://snaps.php.net/win32/php5-win32-latest.zip ------------------------------------------------------------------------ [2005-05-31 13:53:08] skissane at iips dot mq dot edu dot au Description: ------------ Segmentation fault. Reproduce code: --------------- <? $q = mssql_connect("<server>","<username>","<password>"); $i = mssql_query("SELECT * FROM MSSQLTrace_99",$q); while (mssql_fetch_row($i) !== FALSE); Where the MSSQLTrace_99 table is created by the following MSSQL script (a bit too big for a bug database): http://www.iips.mq.edu.au/php_mssql_bug.txt Expected result: ---------------- No output. Actual result: -------------- Backtrace: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 16384 (LWP 29878)] 0x40440bef in _int_malloc () from /lib/i686/libc.so.6 (gdb) bt #0 0x40440bef in _int_malloc () from /lib/i686/libc.so.6 #1 0x404422ac in malloc () from /lib/i686/libc.so.6 #2 0x0815ac58 in _emalloc (size=1078913472) at /home/skissane/php-5.0.4/Zend/zend_alloc.c:182 #3 0x0809151e in php_mssql_get_column_content_with_type (mssql_ptr=0x827079c, offset=1078913472, result=0x828319c, column_type=1078910980) at /home/skissane/php-5.0.4/ext/mssql/php_mssql.c:877 #4 0x08091daf in _mssql_fetch_batch (mssql_ptr=0x827079c, result=0x826b5cc, retvalue=-1) at /home/skissane/php-5.0.4/ext/mssql/php_mssql.c:1104 #5 0x0809222e in zif_mssql_query (ht=33, return_value=0x8270a54, this_ptr=0x0, return_value_used=1) at /home/skissane/php-5.0.4/ext/mssql/php_mssql.c:1225 #6 0x081882ce in zend_do_fcall_common_helper (execute_data=0xbfffd510, opline=0x826f980, op_array=0x826b53c) at /home/skissane/php-5.0.4/Zend/zend_execute.c:2727 #7 0x081858ca in execute (op_array=0x826b53c) at /home/skissane/php-5.0.4/Zend/zend_execute.c:1406 #8 0x0816b79f in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/skissane/php-5.0.4/Zend/zend.c:1069 #9 0x0813eb73 in php_execute_script (primary_file=0xbffff8d0) at /home/skissane/php-5.0.4/main/main.c:1632 #10 0x0818ebe8 in main (argc=2, argv=0xbffff954) at /home/skissane/php-5.0.4/sapi/cli/php_cli.c:946 #11 0x403f3912 in __libc_start_main () from /lib/i686/libc.so.6 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=33201&edit=1