#33915 [Asn]: Crash in _oci_close_session

jfbustarret at tf1 dot fr Tue, 02 Aug 2005 23:51:29 -0700

 ID:               33915
 User updated by:  jfbustarret at tf1 dot fr
 Reported By:      jfbustarret at tf1 dot fr
 Status:           Assigned
 Bug Type:         OCI8 related
 Operating System: Linux
 PHP Version:      5CVS-2005-08-02
 Assigned To:      tony2001
 New Comment:


This new patch should be better :

diff -u php-5.0.4-orig/ext/oci8/oci8.c php
-5.0.4/ext/oci8/oci8.c
--- php-5.0.4-orig/ext/oci8/oci8.c        2005-07-27 20:24:40.000000000
+0
200
+++ php-5.0.4/ext/oci8/oci8.c   2005-08-02 09:33:55.000000000 +0200
@@ -2941,7 +2941,7 @@

        oci_debug("START _oci_close_session: logging-off
sess=%d",session->num);

-       if (session->is_open) {
+       if (session->pEnv && session->is_open) {
                /* Temporary Service Context */
                CALL_OCI_RETURN(OCI(error),
                        OCIHandleAlloc(
@@ -3032,12 +3032,13 @@

 #ifdef HAVE_OCI_9_2
        /* free environment handle (and fix bug #29652 with growing
.msb FD numb
er under weirdie Solarises) */
-       CALL_OCI(
-               OCIHandleFree(
-                               (dvoid *) session->pEnv,
-                               OCI_HTYPE_ENV
-               )
-       );
+       if (session->pEnv)
+               CALL_OCI(
+                       OCIHandleFree(
+                                       (dvoid *) session->pEnv,
+                                       OCI_HTYPE_ENV
+                       )
+               );
 #endif

        if (session->exclusive) {


Previous Comments:
------------------------------------------------------------------------

[2005-08-01 09:52:42] jfbustarret at tf1 dot fr

This bug is :
- time dependant,
- load dependant,
- random.

I certainly would not be able to find a piece of code that reproduces
the crash.

All I know is that _oci_close_session is called with session->server ==
NULL and that obviously crashes the function because it assumes that
session->server is a valid pointer.

------------------------------------------------------------------------

[2005-07-29 16:21:57] [EMAIL PROTECTED]

Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc.

If possible, make the script source available online and provide
an URL to it here. Try to avoid embedding huge scripts into the report.



------------------------------------------------------------------------

[2005-07-29 16:15:34] jfbustarret at tf1 dot fr

The bug exists with the CVS version of ext/oci8.

------------------------------------------------------------------------

[2005-07-29 09:56:15] [EMAIL PROTECTED]

Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip



------------------------------------------------------------------------

[2005-07-29 08:25:19] jfbustarret at tf1 dot fr

Description:
------------
Using php 5.0.4, with the oci8 extension from CVS & the oci_ping code
activated in _oci_open_server, I have random segfaults on my production
servers.

Here is the back trace :
#0  0xb78f3779 in _oci_close_session (session=0x8382a20)
    at /soft/sources/php/php-5.0.4/ext/oci8/oci8.c:2961
2961                    CALL_OCI_RETURN(OCI(error),
(gdb) bt
#0  0xb78f3779 in _oci_close_session (session=0x8382a20)
    at /soft/sources/php/php-5.0.4/ext/oci8/oci8.c:2961
#1  0xb79f0d5e in list_entry_destructor (ptr=0x83590f0)
    at /soft/sources/php/php-5.0.4/Zend/zend_list.c:173
#2  0xb79eef48 in zend_hash_apply_deleter (ht=0xb7a72560, p=0x836a4c8)
    at /soft/sources/php/php-5.0.4/Zend/zend_hash.c:618
#3  0xb79ef227 in zend_hash_graceful_reverse_destroy (ht=0xb7a72560)
    at /soft/sources/php/php-5.0.4/Zend/zend_hash.c:684
#4  0xb79e144a in shutdown_executor ()
    at /soft/sources/php/php-5.0.4/Zend/zend_execute_API.c:284
#5  0xb79e8c86 in zend_deactivate ()
    at /soft/sources/php/php-5.0.4/Zend/zend.c:902
#6  0xb79b544c in php_request_shutdown (dummy=0x0)
[...]
(gdb) print *session
$1 = {num = 137800016, persistent = 0 '\0', is_open = 253 'ý',
  exclusive = 49 '1', thread = 8 '\b', sessions_list = 0x0, server =
0x0,
  pSession = 0x0, pEnv = 0x0, charsetId = 0}

I'll try this patch in _oci_close_session :

        if (!session) {
                return;
        }

+        if (!session->server) {
+                return;
+        }

        oci_debug("START _oci_close_session: logging-off
sess=%d",session->num);



Reproduce code:
---------------
No reproducing code. The crashes are random & time/traffic dependant.



------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=33915&edit=1

#33915 [Asn]: Crash in _oci_close_session

Reply via email to