subject:"#39134 \[Opn\-Fbk\]\: PHP \+ FreeTDS 0.64 crashes when TEXT field with empty string encountered"

#39134 [Opn->Fbk]: PHP + FreeTDS 0.64 crashes when TEXT field with empty string encountered

2007-07-11 Thread jani

 ID:   39134
 Updated by:   [EMAIL PROTECTED]
 Reported By:  jr-phpbugs at cedric dot unob dot cz
-Status:   Open
+Status:   Feedback
 Bug Type: MSSQL related
 Operating System: linux (irrelevant)
 PHP Version:  4.4.4
 New Comment:

Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows (zip):
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip

For Windows (installer):

  http://snaps.php.net/win32/php5.2-win32-installer-latest.msi




Previous Comments:


[2007-06-07 17:01:28] tsidelinger at columbuslibrary dot org

We are experiencing a similar issue.  Our php scripts will segment
fault when a NULL record is encountered.

PHP version: php4-4.3.4-43.77
OS: SLES9 x86_64
FreeTDS Version: 0.64
ODBC Version: unixODBC-2.2.12-13

Our development server is 32 bits, but otherwise identical.  Everything
works great in development.

We have tried the same sql queries via isql and the work just fine. 
Thus, this seems like a PHP issue.

Here is a sample PHP script below.





$field1");
}

# close the connection
odbc_close($connect);

?>







[2006-11-01 09:49:47] jr-phpbugs at cedric dot unob dot cz

Tested & confirmed: php_mssql extension does not have the problem
described. It is a php_sybase_ct extension bug in connection with
FreeTDS 0.64.



[2006-10-31 15:41:33] [EMAIL PROTECTED]

try using --with-mssql instead of --with-sybase-ct. When you are
compiling with the sybase option you are not using the MSSQL extension
but the sybase extension that happens to have aliasses so you can use
mssql_* when you call the functions.

- Frank



[2006-10-31 05:22:07] cameron dot mcshane at csiro dot au

I have also experienced this problem. Details:

SuSE SLES 9
php 4.4.2 ('./configure' '--with-apxs2=/usr/local/apache2/bin/apxs'
'--prefix=/usr/local/php' '--with-sybase-ct=/usr/local/freetds')
FreeTDS 0.64
MS MSL 2000

Have tested code as provided in original bug report.

CLI version:
- crash with "segmentation fault" message

libphp4.so version:
- affected thread produces a line "[notice] child pid X exit
signal
Segmentation fault (11)"  in Apache's error log.

backtrace included below:


Program received signal SIGSEGV, Segmentation fault.
0x4014c40c in memcpy () from /lib/tls/libc.so.6
(gdb) bt
#0  0x4014c40c in memcpy () from /lib/tls/libc.so.6
#1  0x0811d82b in _estrndup (s=0x820522c "", length=136454143) at
/usr/src/php-4.4.2/Zend/zend_alloc.c:387
#2  0x080e6c18 in php_sybase_fetch_result_row (result=0x81e825f,
numrows=-1) at /usr/src/php-4.4.2/ext/sybase_ct/php_sybase_ct.c:1185
#3  0x080e8586 in php_sybase_fetch_result_set (sybase_ptr=0x81caf7c,
buffered=0, store=)
at /usr/src/php-4.4.2/ext/sybase_ct/php_sybase_ct.c:1333
#4  0x080e8bbb in php_sybase_query (ht=,
return_value=0x81cdb1c, this_ptr=,
return_value_used=1, buffered=0)
at /usr/src/php-4.4.2/ext/sybase_ct/php_sybase_ct.c:1497
#5  0x0813ad3c in execute (op_array=0x81caf14) at
/usr/src/php-4.4.2/Zend/zend_execute.c:1675
#6  0x08129623 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /usr/src/php-4.4.2/Zend/zend.c:934
#7  0x0810181e in php_execute_script (primary_file=0xb3c0) at
/usr/src/php-4.4.2/main/main.c:1753
#8  0x0813bda2 in main (argc=2, argv=0xb484) at
/usr/src/php-4.4.2/sapi/cli/php_cli.c:830
(gdb) frame 5
#5  0x0813ad3c in execute (op_array=0x81caf14) at
/usr/src/php-4.4.2/Zend/zend_execute.c:1675
1675   
((zend_internal_function *)
EX(function_state).function)->handler(EX(opline)->extended_value,
EX(Ts)[EX(opline)->result.u.var].var.ptr, EX(object).ptr,
return_value_used TSRMLS_CC);
(gdb) print (char
*)(executor_globals.function_state_ptr->function)->common.function_name
$1 = 0x8150075 "mssql_query"
(gdb) print (char *)executor_globals.active_op_array->function_name
$2 = 0x0
(gdb) print (char *)executor_globals.active_op_array->filename
$3 = 0x81cefdc ""
(gdb)



[2006-10-12 10:32:07] jr-phpbugs at cedric dot unob dot cz

(gdb) bt
#0  0x003e830f in memcpy () from /lib/libc.so.6
#1  0x0816d0ca in _estrndup (s=0x838a4ac "", length=137940992,
__zend_filename=0x8235d40
"/usr/local/src/php/php-4.4.4/ext/sybase_ct/php_sybase_ct.c",
__zend_lineno=1185, __zend_orig_filename=0x0, __zend_orig_lineno=0)
at /usr/local/src/php/php-4.4.4/Zend/zend_alloc.c:409
#2  0x0813627c in php_sybase_fetch_result_row (result=0x838b450,
numrows=-1)
at /usr/local/src/php/php-4.4.4/ext/sybase_ct/php_sybase_ct.c:1185
#3  0x08136857 in php_sybase_fetch_result_set (sybase_ptr=0x8352334,
buffered=0, store=-1)
at /usr/local/src/p

#39134 [Opn->Fbk]: PHP + FreeTDS 0.64 crashes when TEXT field with empty string encountered

2006-10-31 Thread fmk

 ID:   39134
 Updated by:   [EMAIL PROTECTED]
 Reported By:  jr-phpbugs at cedric dot unob dot cz
-Status:   Open
+Status:   Feedback
 Bug Type: MSSQL related
 Operating System: linux (irrelevant)
 PHP Version:  4.4.4
 New Comment:

try using --with-mssql instead of --with-sybase-ct. When you are
compiling with the sybase option you are not using the MSSQL extension
but the sybase extension that happens to have aliasses so you can use
mssql_* when you call the functions.

- Frank


Previous Comments:


[2006-10-31 05:22:07] cameron dot mcshane at csiro dot au

I have also experienced this problem. Details:

SuSE SLES 9
php 4.4.2 ('./configure' '--with-apxs2=/usr/local/apache2/bin/apxs'
'--prefix=/usr/local/php' '--with-sybase-ct=/usr/local/freetds')
FreeTDS 0.64
MS MSL 2000

Have tested code as provided in original bug report.

CLI version:
- crash with "segmentation fault" message

libphp4.so version:
- affected thread produces a line "[notice] child pid X exit
signal
Segmentation fault (11)"  in Apache's error log.

backtrace included below:


Program received signal SIGSEGV, Segmentation fault.
0x4014c40c in memcpy () from /lib/tls/libc.so.6
(gdb) bt
#0  0x4014c40c in memcpy () from /lib/tls/libc.so.6
#1  0x0811d82b in _estrndup (s=0x820522c "", length=136454143) at
/usr/src/php-4.4.2/Zend/zend_alloc.c:387
#2  0x080e6c18 in php_sybase_fetch_result_row (result=0x81e825f,
numrows=-1) at /usr/src/php-4.4.2/ext/sybase_ct/php_sybase_ct.c:1185
#3  0x080e8586 in php_sybase_fetch_result_set (sybase_ptr=0x81caf7c,
buffered=0, store=)
at /usr/src/php-4.4.2/ext/sybase_ct/php_sybase_ct.c:1333
#4  0x080e8bbb in php_sybase_query (ht=,
return_value=0x81cdb1c, this_ptr=,
return_value_used=1, buffered=0)
at /usr/src/php-4.4.2/ext/sybase_ct/php_sybase_ct.c:1497
#5  0x0813ad3c in execute (op_array=0x81caf14) at
/usr/src/php-4.4.2/Zend/zend_execute.c:1675
#6  0x08129623 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /usr/src/php-4.4.2/Zend/zend.c:934
#7  0x0810181e in php_execute_script (primary_file=0xb3c0) at
/usr/src/php-4.4.2/main/main.c:1753
#8  0x0813bda2 in main (argc=2, argv=0xb484) at
/usr/src/php-4.4.2/sapi/cli/php_cli.c:830
(gdb) frame 5
#5  0x0813ad3c in execute (op_array=0x81caf14) at
/usr/src/php-4.4.2/Zend/zend_execute.c:1675
1675   
((zend_internal_function *)
EX(function_state).function)->handler(EX(opline)->extended_value,
EX(Ts)[EX(opline)->result.u.var].var.ptr, EX(object).ptr,
return_value_used TSRMLS_CC);
(gdb) print (char
*)(executor_globals.function_state_ptr->function)->common.function_name
$1 = 0x8150075 "mssql_query"
(gdb) print (char *)executor_globals.active_op_array->function_name
$2 = 0x0
(gdb) print (char *)executor_globals.active_op_array->filename
$3 = 0x81cefdc ""
(gdb)



[2006-10-12 10:32:07] jr-phpbugs at cedric dot unob dot cz

(gdb) bt
#0  0x003e830f in memcpy () from /lib/libc.so.6
#1  0x0816d0ca in _estrndup (s=0x838a4ac "", length=137940992,
__zend_filename=0x8235d40
"/usr/local/src/php/php-4.4.4/ext/sybase_ct/php_sybase_ct.c",
__zend_lineno=1185, __zend_orig_filename=0x0, __zend_orig_lineno=0)
at /usr/local/src/php/php-4.4.4/Zend/zend_alloc.c:409
#2  0x0813627c in php_sybase_fetch_result_row (result=0x838b450,
numrows=-1)
at /usr/local/src/php/php-4.4.4/ext/sybase_ct/php_sybase_ct.c:1185
#3  0x08136857 in php_sybase_fetch_result_set (sybase_ptr=0x8352334,
buffered=0, store=-1)
at /usr/local/src/php/php-4.4.4/ext/sybase_ct/php_sybase_ct.c:1333
#4  0x08136ed3 in php_sybase_query (ht=-1, return_value=0x8389c14,
this_ptr=0x0, return_value_used=1, buffered=0)
at /usr/local/src/php/php-4.4.4/ext/sybase_ct/php_sybase_ct.c:1497
#5  0x081371e9 in zif_sybase_query (ht=2, return_value=0x8389c14,
this_ptr=0x0, return_value_used=1)
at /usr/local/src/php/php-4.4.4/ext/sybase_ct/php_sybase_ct.c:1626
#6  0x0818819c in execute (op_array=0x83522ac)
at /usr/local/src/php/php-4.4.4/Zend/zend_execute.c:1675
#7  0x0817a183 in zend_execute_scripts (type=8, retval=0x0,
file_count=3)
at /usr/local/src/php/php-4.4.4/Zend/zend.c:934
#8  0x0815336b in php_execute_script (primary_file=0xbfffdbe0)
at /usr/local/src/php/php-4.4.4/main/main.c:1752
#9  0x0818c938 in main (argc=4, argv=0xbfffdc74)
at /usr/local/src/php/php-4.4.4/sapi/cli/php_cli.c:832
#10 0x00381bb4 in __libc_start_main () from /lib/libc.so.6

(gdb) frame 6
#6  0x0818819c in execute (op_array=0x83522ac)
at /usr/local/src/php/php-4.4.4/Zend/zend_execute.c:1675
1675   
((zend_internal_function *)
EX(function_state).function)->handler(EX(opline)->extended_value,
EX(Ts)[EX(opline)->result.u.var].var.ptr, EX(object).ptr,
return_value_used TSRMLS_CC);

(gdb) print

#39134 [Opn->Fbk]: PHP + FreeTDS 0.64 crashes when TEXT field with empty string encountered

2006-10-12 Thread tony2001

 ID:   39134
 Updated by:   [EMAIL PROTECTED]
 Reported By:  jr-phpbugs at cedric dot unob dot cz
-Status:   Open
+Status:   Feedback
 Bug Type: MSSQL related
 Operating System: linux (irrelevant)
 PHP Version:  4.4.4
 New Comment:

Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.




Previous Comments:


[2006-10-12 09:32:09] jr-phpbugs at cedric dot unob dot cz

Since I omitted double-quotes at the end of the query, here's the
corrected one:

$query="SELECT test_text FROM test WHERE test_id=2";



[2006-10-12 08:45:07] jr-phpbugs at cedric dot unob dot cz

Description:

PHP, compiled with --with-sybase-ct=/usr/localFreeTDS crashes with
segmentation fault on SELECT from column of type TEXT with empty string
value.

Observed on PHP compiled with
--with-sybase-ct=/path/to/freetds-0.64/prefix , against MSSQL server
2000

Affects FreeTDS 0.64 and 0.64.1 (with 'post64.patch.gz' applied). Has
not been observed with FreeTDS 0.63.

FreeTDS 0.64 alone (without PHP) is not affected.

Possible bug in ext/sybase_ct/php_sybase_ct.c


Reproduce code:
---
in MSSQL Enterprise manager:

CREATE TABLE [dbo].[TEST] (
[TEST_ID] [int] IDENTITY (1, 1) NOT NULL ,
[TEST_VALUE] [int] NOT NULL ,
[TEST_TEXT] [text] NULL
) 
insert into TEST (TEST_VALUE) values ('5');
insert into TEST (TEST_VALUE,TEST_TEXT) values ('6','');

in PHP script:
...
$query="SELECT test_text FROM test WHERE test_id=2;
$res=mssql_query($query,$db);


Expected result:

Empty string.

Actual result:
--
PHP crashes with segmentation fault.

CLI version:
- crash with "segmentation fault" message

libphp4.so version:
- affected thread produces a line "[notice] child pid X exit signal
Segmentation fault (11)"  in Apache's error log.






-- 
Edit this bug report at http://bugs.php.net/?id=39134&edit=1

#39134 [Opn->Fbk]: PHP + FreeTDS 0.64 crashes when TEXT field with empty string encountered

#39134 [Opn->Fbk]: PHP + FreeTDS 0.64 crashes when TEXT field with empty string encountered

#39134 [Opn->Fbk]: PHP + FreeTDS 0.64 crashes when TEXT field with empty string encountered

3 matches

Site Navigation

Mail list logo

Footer information