ID: 48240 Updated by: fel...@php.net Reported By: VJTD3 at VJTD3 dot com -Status: Open +Status: Closed Bug Type: DBM/DBA related Operating System: linux redhat fedora 10 PHP Version: 5.2.9 -Assigned To: +Assigned To: felipe New Comment:
This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Fixed in 5.2, 5.3 and HEAD. FALSE is returned now. Previous Comments: ------------------------------------------------------------------------ [2009-05-12 14:31:58] VJTD3 at VJTD3 dot com [New Thread 0xb7ff56c0 (LWP 10754)] Program received signal SIGSEGV, Segmentation fault. 0x080d0c66 in dba_nextkey_db4 (info=0x84d75f0, newlen=0xbfffb360) at php-5.2.9/ext/dba/dba_db4.c:222 222 if (dba->cursor->c_get(dba->cursor, &gkey, &gval, DB_NEXT) == 0) { (gdb) bt #0 0x080d0c66 in dba_nextkey_db4 (info=0x84d75f0, newlen=0xbfffb360) at php-5.2.9/ext/dba/dba_db4.c:222 #1 0x080cf3cc in zif_dba_nextkey (ht=1, return_value=0x84d6e78, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1) at php-5.2.9/ext/dba/dba.c:1101 #2 0x08304280 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfffb548) at php-5.2.9/Zend/zend_vm_execute.h:200 #3 0x08309bba in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xbfffb548) at php-5.2.9/Zend/zend_vm_execute.h:1729 #4 0x08303dfd in execute (op_array=0x84d7538) at php-5.2.9/Zend/zend_vm_execute.h:92 #5 0x082df04e in zend_execute_scripts (type=8, retval=0x0, file_count=3) at php-5.2.9/Zend/zend.c:1134 #6 0x0828dd81 in php_execute_script (primary_file=0xbfffd8c4) at php-5.2.9/main/main.c:2023 #7 0x0835a851 in main (argc=2, argv=0xbfffda04) at php-5.2.9/sapi/cli/php_cli.c:1133 (gdb) frame 0 #0 0x080d0c66 in dba_nextkey_db4 (info=0x84d75f0, newlen=0xbfffb360) at php-5.2.9/ext/dba/dba_db4.c:222 222 if (dba->cursor->c_get(dba->cursor, &gkey, &gval, DB_NEXT) == 0) { (gdb) frame 1 #1 0x080cf3cc in zif_dba_nextkey (ht=1, return_value=0x84d6e78, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1) at php-5.2.9/ext/dba/dba.c:1101 1101 nkey = info->hnd->nextkey(info, &len TSRMLS_CC); (gdb) frame 2 #2 0x08304280 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfffb548) at php-5.2.9/Zend/zend_vm_execute.h:200 200 ((zend_internal_function *) EX(function_state).f unction)->handler(opline->extended_value, EX_T(opline->result.u.var).var.ptr, EX (function_state).function->common.return_reference?&EX_T(opline->result.u.var).v ar.ptr:NULL, EX(object), return_value_used TSRMLS_CC); (gdb) frame 3 #3 0x08309bba in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xbfffb548) at php-5.2.9/Zend/zend_vm_execute.h:1729 1729 return zend_do_fcall_common_helper_SPEC(ZEND_OPCODE_HANDLER_ARGS _PASSTHRU); (gdb) frame 4 #4 0x08303dfd in execute (op_array=0x84d7538) at php-5.2.9/Zend/zend_vm_execute.h:92 92 if (EX(opline)->handler(&execute_data TSRMLS_CC) > 0) { (gdb) frame 5 #5 0x082df04e in zend_execute_scripts (type=8, retval=0x0, file_count=3) at php-5.2.9/Zend/zend.c:1134 1134 zend_execute(EG(active_op_array) TSRMLS_CC); (gdb) frame 6 #6 0x0828dd81 in php_execute_script (primary_file=0xbfffd8c4) at php-5.2.9/main/main.c:2023 2023 retval = (zend_execute_scripts(ZEND_REQUIRE TSRMLS_CC, N ULL, 3, prepend_file_p, primary_file, append_file_p) == SUCCESS); (gdb) frame 7 #7 0x0835a851 in main (argc=2, argv=0xbfffda04) at php-5.2.9/sapi/cli/php_cli.c:1133 1133 php_execute_script(&file_handle TSRMLS_CC); (gdb) if you need me to go into more i can. it looks like it's just referencing a value not set till dba_firstkey is called. (does not have a previous index to find the next.) ------------------------------------------------------------------------ [2009-05-12 13:30:59] VJTD3 at VJTD3 dot com <?php $dba = dba_open('database', 'c', 'db4'); dba_insert('php', 'crashed', $dba); $key = dba_nextkey($dba); echo $key.':'.dba_fetch($key, $dba)."\n"; ?> that alone will seg fault. it's happens on any database driver when dba_nextkey is used before dba_firstkey. that snippet will create a fresh database and crash to test easier. ------------------------------------------------------------------------ [2009-05-12 05:25:49] j...@php.net Could you provide a test db (or does this happen with any?) somewhere? And/or a gdb backtrace of the crash? ------------------------------------------------------------------------ [2009-05-12 03:29:22] VJTD3 at VJTD3 dot com Description: ------------ DBA Segmentation fault on function dba_nextkey without dba_firstkey before dba_nextkey. Reproduce code: --------------- ./configure --enable-dba --with-db4 --disable-libxml --disable-dom --disable-simplexml --disable-libxml --disable-xml --disable-xmlreader --disable-xmlwriter --without-pear <?php $dba = dba_open('database', 'r', 'db4'); $key = dba_nextkey($dba); echo $key.':'.dba_fetch($key, $dba)."\n"; ?> db4-4.7.25-7 Expected result: ---------------- the first key by default or at least a error vs seg fault. (yes, i know dba_firstkey should be before dba_nextkey however segfaults are probably not a good reaction, defaulting to the first record or a error is better...) Actual result: -------------- seg fault ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=48240&edit=1