Home Original page

PHP :: Bug #30312 :: sybase_unbuffered_query calls

Bug #30312 sybase_unbuffered_query calls
Submitted: 2004-10-02 20:44 UTC Modified: 2008-11-08 14:08 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: dfleury2 at libertysurf dot fr Assigned: thekid (profile)
Status: Closed Package: Sybase-ct (ctlib) related
PHP Version: 5.1.3, 4.4.2 OS: *
Private report: No CVE-ID: None

 [2004-10-02 20:44 UTC] dfleury2 at libertysurf dot fr

Description:
------------
Two calls to sybase_unbuffered_query core Apache.

To correct the problem before somelse those it
perfectly, I had add a return after
php_sybase_finish_results(result);


/* Forward declaration */
static int php_sybase_finish_results (sybase_result *result);

static void php_free_sybase_result(zend_rsrc_list_entry *rsrc TSRMLS_DC)
{
    sybase_result *result = (sybase_result *)rsrc->ptr;

    /* Check to see if we've read all rows */
    if (result->sybase_ptr && result->sybase_ptr->active_result_index) {
        if (result->sybase_ptr->cmd) {
            ct_cancel(NULL, result->sybase_ptr->cmd, CS_CANCEL_ALL);
        }
        php_sybase_finish_results(result);
        return;    // correction
    }

    _free_sybase_result(result);
}


Reproduce code:
---------------
<?php
    $db     = sybase_connect( 'LOCALHOST', 'sa', '' );

    $query  = sybase_unbuffered_query( 'select getdate()' );
    $array  = sybase_fetch_array( $query );

    echo $array[ 0 ];
    echo '<br>';

    $query  = sybase_unbuffered_query( 'select getdate()' );
    $array  = sybase_fetch_array( $query );
    echo $array[ 0 ];
?>


Expected result:
----------------
2-Oct-2004 18:42:50
2-Oct-2004 18:42:50


Actual result:
--------------
Core dump

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

 [2004-10-03 20:21 UTC] dfleury2 at libertysurf dot fr

Description:
------------
Two calls to sybase_unbuffered_query core Apache.

To correct the problem before somelse those it
perfectly, I had add a return after
php_sybase_finish_results(result);

/* Forward declaration */
static int php_sybase_finish_results (sybase_result *result);

static void php_free_sybase_result(zend_rsrc_list_entry *rsrc
TSRMLS_DC)
{
    sybase_result *result = (sybase_result *)rsrc->ptr;

    /* Check to see if we've read all rows */
    if (result->sybase_ptr && result->sybase_ptr->active_result_index)
{
        if (result->sybase_ptr->cmd) {
            ct_cancel(NULL, result->sybase_ptr->cmd, CS_CANCEL_ALL);
        }
        php_sybase_finish_results(result);
        return;    // correction
    }

    _free_sybase_result(result);
}

Reproduce code:
---------------
<?php
    $db     = sybase_connect( 'LOCALHOST', 'sa', '' );

    $query  = sybase_unbuffered_query( 'select getdate()' );
    $array  = sybase_fetch_array( $query );

    echo $array[ 0 ];
    echo '<br>';

    $query  = sybase_unbuffered_query( 'select getdate()' );
    $array  = sybase_fetch_array( $query );
    echo $array[ 0 ];
?>

Expected result:
----------------
2-Oct-2004 18:42:50
2-Oct-2004 18:42:50

Actual result:
--------------
Core dump

(gdb) bt
#0  0x080e2890 in _free_sybase_result (result=0x81cb89c)
    at /home/david/Documents/php-4.3.9/ext/sybase_ct/php_sybase_ct.c:128
#1  0x080e2acc in php_free_sybase_result (rsrc=0x81b86f4)
    at /home/david/Documents/php-4.3.9/ext/sybase_ct/php_sybase_ct.c:161
#2  0x0812cfa0 in list_entry_destructor (ptr=0x81b86f4)
    at /home/david/Documents/php-4.3.9/Zend/zend_list.c:177
#3  0x0812add1 in zend_hash_del_key_or_index (ht=0x8177ce8, arKey=0x0, nKeyLength=0, h=5, flag=1)
    at /home/david/Documents/php-4.3.9/Zend/zend_hash.c:527
#4  0x0812cc92 in _zend_list_delete (id=5) at /home/david/Documents/php-4.3.9/Zend/zend_list.c:56
#5  0x08123a95 in _zval_dtor (zvalue=0x81c6a2c, 
    __zend_filename=0x8163dc4 "/home/david/Documents/php-4.3.9/Zend/zend_execute_API.c", 
    __zend_lineno=291) at /home/david/Documents/php-4.3.9/Zend/zend_variables.c:69
#6  0x0811a9eb in _zval_ptr_dtor (zval_ptr=0xbfffcad0, 
    __zend_filename=0x814dd58 "/home/david/Documents/php-4.3.9/ext/sybase_ct/php_sybase_ct.c", 
    __zend_lineno=1426) at /home/david/Documents/php-4.3.9/Zend/zend_execute_API.c:291
#7  0x080e6ffd in php_sybase_query (ht=1, return_value=0x81c69ec, this_ptr=0x0, return_value_used=1, 
    buffered=1) at /home/david/Documents/php-4.3.9/ext/sybase_ct/php_sybase_ct.c:1426
#8  0x080e74f7 in zif_sybase_unbuffered_query (ht=1, return_value=0x81c69ec, this_ptr=0x0, 
    return_value_used=1) at /home/david/Documents/php-4.3.9/ext/sybase_ct/php_sybase_ct.c:1634
#9  0x08137694 in execute (op_array=0x81c3b84)
    at /home/david/Documents/php-4.3.9/Zend/zend_execute.c:1640
#10 0x08125735 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /home/david/Documents/php-4.3.9/Zend/zend.c:891
#11 0x080ef2c6 in php_execute_script (primary_file=0xbffff240)
---Type <return> to continue, or q <return> to quit---
    at /home/david/Documents/php-4.3.9/main/main.c:1735
#12 0x0813d2fa in main (argc=2, argv=0xbffff304)
    at /home/david/Documents/php-4.3.9/sapi/cli/php_cli.c:822

 [2005-02-03 21:11 UTC] dfleury2 at libertysurf dot fr

The problem still here. (php_sybase_ct.c didn't move)

A free avoid the core, but the array is corrupted for the second fetch.

<?php
    $db     = sybase_connect( 'LOCALHOST', 'sa', '' );
 
    $query  = sybase_unbuffered_query( 'select getdate()' );
    $array  = sybase_fetch_array( $query );
    var_dump( $array );
    sybase_free_result( $query );
 
    $query  = sybase_unbuffered_query( 'select getdate(), getdate()' );
    while( $array  = sybase_fetch_array( $query ) )
        var_dump( $array );
//    sybase_free_result( $query );
?>

 [2005-02-07 22:01 UTC] dfleury2 at libertysurf dot fr

The patch seems to work for the first example but not this one.
<?php
    $db   = sybase_connect( 'LOCALHOST', 'sa', '' );
 
    $query= sybase_unbuffered_query( 'select getdate()' );
    $array= sybase_fetch_array( $query );
    var_dump( $array );
    sybase_free_result( $query );
 
    $query  = sybase_unbuffered_query( 'select getdate(), getdate()' );
    $array  = sybase_fetch_array( $query );
    var_dump( $array );
 
    sybase_free_result( $query );
?>
 
OUTPUT
------------
array(2) {
  [0]=>
  string(19) "Feb  7 2005  2:18PM"
  ["computed"]=>
  string(19) "Feb  7 2005  2:18PM"
}
array(4) {
  [0]=>
  string(19) "Feb  7 2005  2:18PM"
  ["8"]=>
  string(19) "Feb  7 2005  2:18PM"
  [1]=>
  string(19) "Feb  7 2005  2:18PM"
  ["?"]=>
  string(19) "Feb  7 2005  2:18PM"
}
Bus error
 
with the patch a sample like this didn't work.
(I not sure if it's a legitimate code)
 
<?php
    $db     = sybase_connect( 'LOCAHOST', 'sa', '' );
 
    $i = 0;
    while( 1 )
    {
        $query = sybase_unbuffered_query( 'select * from big_table' );
        $array = sybase_fetch_array( $query );
        echo $i++." \n";
    }
?>
 

but I got :
Warning: sybase_fetch_array(): supplied argument is not a valid Sybase result resource in /tmp_mnt/users/fxa/fle
ury/divers/php/test2.php on line 8
 
(work fine in 4.3.8 but with memory leaks).

 [2006-05-02 16:36 UTC] dfleury2 at libertysurf dot fr

The bugs are still here in the 5.1.3 release.

 [2007-01-19 19:40 UTC] lobster2 at xs4all dot nl

The use of sybase_query instead of sybase_unbuffered_query solved the core dumps in my case (PHP 4.4.0 & 5.2.0 CLI with Sybase 12.5.3 on AIX 5.2).

I used the sybase_unbuffered_query calls with the third parameter = false. The second sql query call in the script would crash the process every time, surviving only the first fetch on the result set.

 [2008-11-08 14:08 UTC] thekid@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Looks as if a double-free caused this problem. Tests from ext/sybase_ct/tests now all work.

Fixed in PHP_5_3 branch, PHP_5_2 will follow.