From: geoffwa at cs dot rmit dot edu dot au
Operating system: Solaris 10
PHP version: 5.1.4
PHP Bug Type: OCI8 related
Bug description: Freeing nested cursors caused PHP to segfault
Description:
------------
Freeing nested cursors returned by a query crashes PHP.
I can reproduce this on-demand.
PHP built with: Sun C 5.8 Patch 121015-02 2006/03/29
Configure: (some directories culled for size)
./configure --with-zlib --with-bz2 --with-mysql \
--with-dom --with-zlib-dir --with-oci8 --enable-sigchild \
--with-filepro --with-dbase \
--with-curl=shared,/usr/local \
--with-openssl=shared,/usr/local \
--with-gd --with-freetype-dir --with-jpeg-dir \
--with-png-dir --with-xpm-dir --with-ttf --enable-xml \
--with-expat-dir --enable-dba --with-db4 \
--with-flatfile --enable-trans-id \
--enable-force-cgi-redirect --enable-fastcgi \
--enable-discard-path --enable-safe-mode \
--with-exec-dir=/usr/local/pkg/php-safe/bin \
--disable-short-tags --enable-sysvsem --enable-sysvshm \
--enable-memory-limit --without-snmp --with-apxs \
--with-config-file-path=/var/httpd/etc \
--with-ldap --with-xsl
Reproduce code:
---------------
<?php
$dbh = oci_connect('geoffwa','XXX', 'DB');
$query =<<<EOQUERY
SELECT
t1.*,
CURSOR( SELECT t2.* FROM all_tables t2 ) AS cursor
FROM
all_tables t1
EOQUERY;
$sth = oci_parse($dbh, $query);
// dies on oci_free_statement on 2nd pass through loop
while ( $row = oci_fetch_assoc($sth) ) {
print "Got row!\n";
oci_free_statement($row['CURSOR']);
}
oci_free_statement($sth);
oci_close($dbh);
?>
Expected result:
----------------
A whole lot of "Got row!" lines.
Freeing nested cursors certainly shouldn't a seg fault.
Actual result:
--------------
Program output with oci_internal_debug on:
OCINlsEnvironmentVariableGet at (/php-5.1.4/ext/oci8/oci8.c:995).
OCIEnvNlsCreate at (/php-5.1.4/ext/oci8/oci8.c:1151).
OCIHandleAlloc at (/php-5.1.4/ext/oci8/oci8.c:1176).
OCIServerAttach at (/php-5.1.4/ext/oci8/oci8.c:1185).
OCIHandleAlloc at (/php-5.1.4/ext/oci8/oci8.c:1195).
OCIHandleAlloc at (/php-5.1.4/ext/oci8/oci8.c:1204).
OCIHandleAlloc at (/php-5.1.4/ext/oci8/oci8.c:1213).
OCIAttrSet at (/php-5.1.4/ext/oci8/oci8.c:1223).
OCIAttrSet at (/php-5.1.4/ext/oci8/oci8.c:1234).
OCIAttrSet at (/php-5.1.4/ext/oci8/oci8.c:1244).
OCIAttrSet at (/php-5.1.4/ext/oci8/oci8.c:1253).
OCISessionBegin at (/php-5.1.4/ext/oci8/oci8.c:1284).
OCIHandleAlloc at (/php-5.1.4/ext/oci8/oci8_statement.c:61).
OCIStmtPrepare2 at (/php-5.1.4/ext/oci8/oci8_statement.c:65).
OCIAttrSet at (/php-5.1.4/ext/oci8/oci8_statement.c:119).
OCIAttrSet at (/php-5.1.4/ext/oci8/oci8_statement.c:128).
OCIAttrGet at (/php-5.1.4/ext/oci8/oci8_statement.c:297).
OCIStmtExecute at (/php-5.1.4/ext/oci8/oci8_statement.c:321).
OCIAttrGet at (/php-5.1.4/ext/oci8/oci8_statement.c:350).
OCIParamGet at (/php-5.1.4/ext/oci8/oci8_statement.c:372).
OCIAttrGet at (/php-5.1.4/ext/oci8/oci8_statement.c:381).
OCIAttrGet at (/php-5.1.4/ext/oci8/oci8_statement.c:391).
OCIAttrGet at (/php-5.1.4/ext/oci8/oci8_statement.c:404).
OCIAttrGet at (/php-5.1.4/ext/oci8/oci8_statement.c:414).
OCIAttrGet at (/php-5.1.4/ext/oci8/oci8_statement.c:424).
OCIDescriptorFree at (/php-5.1.4/ext/oci8/oci8_statement.c:432).
OCIHandleAlloc at (/php-5.1.4/ext/oci8/oci8_statement.c:55).
OCIHandleAlloc at (/php-5.1.4/ext/oci8/oci8_statement.c:61).
OCIAttrSet at (/php-5.1.4/ext/oci8/oci8_statement.c:119).
OCIAttrSet at (/php-5.1.4/ext/oci8/oci8_statement.c:128).
OCIDefineByPos at (/php-5.1.4/ext/oci8/oci8_statement.c:557).
OCIStmtFetch at (/php-5.1.4/ext/oci8/oci8_statement.c:147).
Got row.
OCIStmtFetch at (/php-5.1.4/ext/oci8/oci8_statement.c:147).
Got row.
OCIHandleFree at (/php-5.1.4/ext/oci8/oci8_statement.c:592).
OCIHandleFree at (/php-5.1.4/ext/oci8/oci8_statement.c:601).
Segmentation fault (core dumped)
Backtrace:
(dbx) where
current thread: [EMAIL PROTECTED]
=>[1] kpcxc2r(0x6181ac, 0x0, 0x612314, 0x0, 0x40e940, 0x13), at
0xfe108a00
[2] kpcxk2u(0x612314, 0xffbfc414, 0xfe6266f8, 0x0, 0xffbfc40c,
0x6ef90c), at 0xfe10b814
[3] ttccDefineConvert(0x18, 0xffbfc414, 0xffbfc420, 0xffbfc40c, 0x0,
0x75), at 0xfe10715c
[4] ttccfpg(0x0, 0x6143a0, 0x0, 0x0, 0x6ef948, 0x4), at 0xfe1076d0
[5] ttcfour(0x605e9c, 0x612314, 0x0, 0x0, 0x618c78, 0xffbfe800), at
0xfe106770
[6] kpufCopyPrefRows(0x605e9c, 0x0, 0x0, 0x1a18, 0x2, 0xffbfe800), at
0xfde09d34
[7] kpufch0(0x0, 0x61a2d8, 0xffbfe8e4, 0x2, 0x0, 0x20000), at
0xfde0a654
[8] kpufch(0x0, 0x61ae60, 0x0, 0x161c, 0xfe604a48, 0x0), at 0xfde0c11c
[9] php_oci_statement_fetch(0x6e8670, 0x1, 0x489180, 0x0, 0x40e940,
0x13), at 0x14ac30
[10] php_oci_fetch_row(0x1, 0x61e738, 0x6e8670, 0x7a838, 0x1, 0x9cc00),
at 0x1461b4
[11] zif_oci_fetch_assoc(0x1, 0x61e738, 0x0, 0x0, 0x1, 0x1), at
0x15585c
[12] zend_do_fcall_common_helper_SPEC(0xffbfebf0, 0x0, 0x4e1468,
0x59c390, 0x4a5d60, 0x1), at 0x37396c
[13] execute(0xffbfebf4, 0x0, 0x376a3c, 0x59c390, 0x4a9c10, 0x4a9d80),
at 0x3735dc
[14] zend_execute_scripts(0x8, 0x0, 0x5954e0, 0x0, 0x40e940, 0x4a9c9c),
at 0x33ec04
[15] php_execute_script(0xffbff330, 0x4aa1b4, 0x2, 0x40e940, 0x40e940,
0x9b1f8), at 0x2ca414
[16] main(0x3, 0x0, 0xffbff464, 0x9b874, 0x1, 0x9b6fc), at 0x3ba020
--
Edit bug report at http://bugs.php.net/?id=38173&edit=1
--
Try a CVS snapshot (PHP 4.4):
http://bugs.php.net/fix.php?id=38173&r=trysnapshot44
Try a CVS snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=38173&r=trysnapshot52
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=38173&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=38173&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=38173&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=38173&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=38173&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=38173&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=38173&r=support
Expected behavior: http://bugs.php.net/fix.php?id=38173&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=38173&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=38173&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=38173&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=38173&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=38173&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=38173&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=38173&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=38173&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=38173&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=38173&r=mysqlcfg
