Hi all,
I’ve got a function in one of my php scripts that periodically errors out with
[Wed Jan 21 11:20:21 2009] [error] [client 10.0.10.13] ALERT - canary mismatch on efree() - heap overflow detected (attacker '10.0.10.13', file '/srv/www/htdocs/sales_by_department.php', line 1335), referer: http://linux-aqep/sales_by_department.php
the line 1335 is the line calling the function get_LY_Non_Merch($Location, $FromDate, $ToDate) (see below).
I’ve added a couple of usleep(xx)'s into the code which seems to help as the error isn’t consistant (i.e., it only happens occasionally). Most of the time the script completes.
The reason I use the pear::DB module for one database and odbc_connect() for the other is that originally I had them both connecting with pear::DB but couldn’t figure out how to set the ‘SQL_CUR_USE_IF_NEEDED’ with it so I just switched it to odbc_connect().
Here’s the function:
function get_LY_Non_Merch($Location, $FromDate, $ToDate){
$sql = "
SELECT DISTINCT
((SUM((SalesHistoryDetail.SaleAmt)) + SUM((SalesHistoryDetail.SaleDisc))) - (SUM((SalesHistoryDetail.RtnAmt))
+ SUM((SalesHistoryDetail.RtnDisc))) - (SUM((SalesHistoryDetail.SaleDisc)) - SUM((SalesHistoryDetail.RtnDisc)))) AS NonMerch
FROM
SalesHistoryHeader
INNER JOIN
SalesHistoryDetail
ON
SalesHistoryHeader.SHMID = SalesHistoryDetail.SHMID
INNER JOIN
Location
ON
SalesHistoryHeader.LocationID = Location.LocationID
INNER JOIN
SalesTypes
ON
SalesHistoryDetail.TypeID = SalesTypes.TypeID
WHERE
SalesTypes.Description = 'Non-Merch'
AND
SalesHistoryHeader.PostDate >= '$FromDate'
AND
SalesHistoryHeader.PostDate <= '$ToDate'
AND
Location.Description = '$Location'
";
$dsn = "Winprism";
$user = "readonly";
$pass = "passwd";
$db = odbc_connect($dsn, $user, $pass, SQL_CUR_USE_IF_NEEDED);
$q = odbc_exec($db, $sql);
$db2 = DB::connect("mysql://klucas:passwd@localhost/sales_by_department");
if (DB::iserror($db2)) {
die($db2->getMessage());
}
while (odbc_fetch_into($q, $row)){
$sql3 = "
UPDATE
sales_by_department.dcc_sales
SET
dcc_sales.LYNetSales = '$row[0]'
WHERE
dcc_sales.Department = 'NM'
";
usleep(4);
send_query($sql3, $db2);
} // end while
//disconnect($db2);
//odbc_close($db);
return 0;
usleep(20);
} // end function definition for get_LY_Non_Merch()
Any ideas?
Thanks in advance.
kev.