From:             geoffwa at cs dot rmit dot edu dot au
Operating system: Solaris 10
PHP version:      5.1.4
PHP Bug Type:     OCI8 related
Bug description:  Freeing nested cursors caused PHP to segfault

Description:
------------
Freeing nested cursors returned by a query crashes PHP.
I can reproduce this on-demand.

PHP built with: Sun C 5.8 Patch 121015-02 2006/03/29
Configure: (some directories culled for size)
./configure --with-zlib --with-bz2 --with-mysql \ 
--with-dom --with-zlib-dir --with-oci8 --enable-sigchild \
--with-filepro --with-dbase \
--with-curl=shared,/usr/local \
--with-openssl=shared,/usr/local \
--with-gd --with-freetype-dir --with-jpeg-dir \
--with-png-dir --with-xpm-dir --with-ttf --enable-xml \
--with-expat-dir --enable-dba --with-db4 \
--with-flatfile --enable-trans-id \
--enable-force-cgi-redirect --enable-fastcgi \
--enable-discard-path --enable-safe-mode \
--with-exec-dir=/usr/local/pkg/php-safe/bin \
--disable-short-tags --enable-sysvsem --enable-sysvshm \
--enable-memory-limit --without-snmp --with-apxs \
--with-config-file-path=/var/httpd/etc \
--with-ldap --with-xsl

Reproduce code:
---------------
<?php
$dbh = oci_connect('geoffwa','XXX', 'DB');
$query =<<<EOQUERY
SELECT
  t1.*,
  CURSOR( SELECT t2.* FROM all_tables t2 ) AS cursor
FROM
  all_tables t1
EOQUERY;

$sth = oci_parse($dbh, $query);

// dies on oci_free_statement on 2nd pass through loop
while ( $row = oci_fetch_assoc($sth) ) {
  print "Got row!\n";
  oci_free_statement($row['CURSOR']);
}

oci_free_statement($sth);
oci_close($dbh);
?>

Expected result:
----------------
A whole lot of "Got row!" lines.

Freeing nested cursors certainly shouldn't a seg fault.

Actual result:
--------------
Program output with oci_internal_debug on:
OCINlsEnvironmentVariableGet at (/php-5.1.4/ext/oci8/oci8.c:995).
OCIEnvNlsCreate at (/php-5.1.4/ext/oci8/oci8.c:1151).
OCIHandleAlloc at (/php-5.1.4/ext/oci8/oci8.c:1176).
OCIServerAttach at (/php-5.1.4/ext/oci8/oci8.c:1185).
OCIHandleAlloc at (/php-5.1.4/ext/oci8/oci8.c:1195).
OCIHandleAlloc at (/php-5.1.4/ext/oci8/oci8.c:1204).
OCIHandleAlloc at (/php-5.1.4/ext/oci8/oci8.c:1213).
OCIAttrSet at (/php-5.1.4/ext/oci8/oci8.c:1223).
OCIAttrSet at (/php-5.1.4/ext/oci8/oci8.c:1234).
OCIAttrSet at (/php-5.1.4/ext/oci8/oci8.c:1244).
OCIAttrSet at (/php-5.1.4/ext/oci8/oci8.c:1253).
OCISessionBegin at (/php-5.1.4/ext/oci8/oci8.c:1284).
OCIHandleAlloc at (/php-5.1.4/ext/oci8/oci8_statement.c:61).
OCIStmtPrepare2 at (/php-5.1.4/ext/oci8/oci8_statement.c:65).
OCIAttrSet at (/php-5.1.4/ext/oci8/oci8_statement.c:119).
OCIAttrSet at (/php-5.1.4/ext/oci8/oci8_statement.c:128).
OCIAttrGet at (/php-5.1.4/ext/oci8/oci8_statement.c:297).
OCIStmtExecute at (/php-5.1.4/ext/oci8/oci8_statement.c:321).
OCIAttrGet at (/php-5.1.4/ext/oci8/oci8_statement.c:350).
OCIParamGet at (/php-5.1.4/ext/oci8/oci8_statement.c:372).
OCIAttrGet at (/php-5.1.4/ext/oci8/oci8_statement.c:381).
OCIAttrGet at (/php-5.1.4/ext/oci8/oci8_statement.c:391).
OCIAttrGet at (/php-5.1.4/ext/oci8/oci8_statement.c:404).
OCIAttrGet at (/php-5.1.4/ext/oci8/oci8_statement.c:414).
OCIAttrGet at (/php-5.1.4/ext/oci8/oci8_statement.c:424).
OCIDescriptorFree at (/php-5.1.4/ext/oci8/oci8_statement.c:432).
OCIHandleAlloc at (/php-5.1.4/ext/oci8/oci8_statement.c:55).
OCIHandleAlloc at (/php-5.1.4/ext/oci8/oci8_statement.c:61).
OCIAttrSet at (/php-5.1.4/ext/oci8/oci8_statement.c:119).
OCIAttrSet at (/php-5.1.4/ext/oci8/oci8_statement.c:128).
OCIDefineByPos at (/php-5.1.4/ext/oci8/oci8_statement.c:557).
OCIStmtFetch at (/php-5.1.4/ext/oci8/oci8_statement.c:147).
Got row.
OCIStmtFetch at (/php-5.1.4/ext/oci8/oci8_statement.c:147).
Got row.
OCIHandleFree at (/php-5.1.4/ext/oci8/oci8_statement.c:592).
OCIHandleFree at (/php-5.1.4/ext/oci8/oci8_statement.c:601).
Segmentation fault (core dumped)

Backtrace:
(dbx) where
current thread: [EMAIL PROTECTED]
=>[1] kpcxc2r(0x6181ac, 0x0, 0x612314, 0x0, 0x40e940, 0x13), at
0xfe108a00
  [2] kpcxk2u(0x612314, 0xffbfc414, 0xfe6266f8, 0x0, 0xffbfc40c,
0x6ef90c), at 0xfe10b814
  [3] ttccDefineConvert(0x18, 0xffbfc414, 0xffbfc420, 0xffbfc40c, 0x0,
0x75), at 0xfe10715c
  [4] ttccfpg(0x0, 0x6143a0, 0x0, 0x0, 0x6ef948, 0x4), at 0xfe1076d0
  [5] ttcfour(0x605e9c, 0x612314, 0x0, 0x0, 0x618c78, 0xffbfe800), at
0xfe106770
  [6] kpufCopyPrefRows(0x605e9c, 0x0, 0x0, 0x1a18, 0x2, 0xffbfe800), at
0xfde09d34
  [7] kpufch0(0x0, 0x61a2d8, 0xffbfe8e4, 0x2, 0x0, 0x20000), at
0xfde0a654
  [8] kpufch(0x0, 0x61ae60, 0x0, 0x161c, 0xfe604a48, 0x0), at 0xfde0c11c
  [9] php_oci_statement_fetch(0x6e8670, 0x1, 0x489180, 0x0, 0x40e940,
0x13), at 0x14ac30
  [10] php_oci_fetch_row(0x1, 0x61e738, 0x6e8670, 0x7a838, 0x1, 0x9cc00),
at 0x1461b4
  [11] zif_oci_fetch_assoc(0x1, 0x61e738, 0x0, 0x0, 0x1, 0x1), at
0x15585c
  [12] zend_do_fcall_common_helper_SPEC(0xffbfebf0, 0x0, 0x4e1468,
0x59c390, 0x4a5d60, 0x1), at 0x37396c
  [13] execute(0xffbfebf4, 0x0, 0x376a3c, 0x59c390, 0x4a9c10, 0x4a9d80),
at 0x3735dc
  [14] zend_execute_scripts(0x8, 0x0, 0x5954e0, 0x0, 0x40e940, 0x4a9c9c),
at 0x33ec04
  [15] php_execute_script(0xffbff330, 0x4aa1b4, 0x2, 0x40e940, 0x40e940,
0x9b1f8), at 0x2ca414
  [16] main(0x3, 0x0, 0xffbff464, 0x9b874, 0x1, 0x9b6fc), at 0x3ba020


-- 
Edit bug report at http://bugs.php.net/?id=38173&edit=1
-- 
Try a CVS snapshot (PHP 4.4): 
http://bugs.php.net/fix.php?id=38173&r=trysnapshot44
Try a CVS snapshot (PHP 5.2): 
http://bugs.php.net/fix.php?id=38173&r=trysnapshot52
Try a CVS snapshot (PHP 6.0): 
http://bugs.php.net/fix.php?id=38173&r=trysnapshot60
Fixed in CVS:                 http://bugs.php.net/fix.php?id=38173&r=fixedcvs
Fixed in release:             
http://bugs.php.net/fix.php?id=38173&r=alreadyfixed
Need backtrace:               http://bugs.php.net/fix.php?id=38173&r=needtrace
Need Reproduce Script:        http://bugs.php.net/fix.php?id=38173&r=needscript
Try newer version:            http://bugs.php.net/fix.php?id=38173&r=oldversion
Not developer issue:          http://bugs.php.net/fix.php?id=38173&r=support
Expected behavior:            http://bugs.php.net/fix.php?id=38173&r=notwrong
Not enough info:              
http://bugs.php.net/fix.php?id=38173&r=notenoughinfo
Submitted twice:              
http://bugs.php.net/fix.php?id=38173&r=submittedtwice
register_globals:             http://bugs.php.net/fix.php?id=38173&r=globals
PHP 3 support discontinued:   http://bugs.php.net/fix.php?id=38173&r=php3
Daylight Savings:             http://bugs.php.net/fix.php?id=38173&r=dst
IIS Stability:                http://bugs.php.net/fix.php?id=38173&r=isapi
Install GNU Sed:              http://bugs.php.net/fix.php?id=38173&r=gnused
Floating point limitations:   http://bugs.php.net/fix.php?id=38173&r=float
No Zend Extensions:           http://bugs.php.net/fix.php?id=38173&r=nozend
MySQL Configuration Error:    http://bugs.php.net/fix.php?id=38173&r=mysqlcfg

Reply via email to