ID: 38173 User updated by: geoffwa at cs dot rmit dot edu dot au Reported By: geoffwa at cs dot rmit dot edu dot au Status: Open Bug Type: OCI8 related Operating System: Solaris 10 PHP Version: 5.1.4 Assigned To: tony2001 New Comment:
Recompiling sans -O for a better backtrace yields: [EMAIL PROTECTED] ([EMAIL PROTECTED]) program terminated by signal SEGV (no mapping at the fault address) 0xfe108a00: kpcxc2r+0x003c: ld [%i1 + 84], %g2 Current function is php_oci_statement_fetch 147 statement->errcode = PHP_OCI_CALL(OCIStmtFetch, (statement->stmt, statement->err, nrows, OCI_FETCH_NEXT, OCI_DEFAULT)); (dbx) where current thread: [EMAIL PROTECTED] [1] kpcxc2r(0xb6187c, 0x5a5a5a5a, 0xb5b9e4, 0x0, 0x1, 0x13), at 0xfe108a00 [2] kpcxk2u(0xb5b9e4, 0xffbfc3a4, 0xfe6266f8, 0x0, 0xffbfc39c, 0xc38c9c), at 0xfe10b814 [3] ttccDefineConvert(0x18, 0xffbfc3a4, 0xffbfc3b0, 0xffbfc39c, 0x5a5a5a5a, 0x75), at 0xfe10715c [4] ttccfpg(0x0, 0xb5da70, 0x5a5a5a5a, 0x0, 0xc38cd8, 0x4), at 0xfe1076d0 [5] ttcfour(0xb4de2c, 0xb5b9e4, 0x0, 0x0, 0xb62348, 0xffbfe790), at 0xfe106770 [6] kpufCopyPrefRows(0xb4de2c, 0x0, 0x0, 0x1a18, 0x2, 0xffbfe790), at 0xfde09d34 [7] kpufch0(0x0, 0xb639a8, 0xffbfe874, 0x2, 0x0, 0x20000), at 0xfde0a654 [8] kpufch(0x0, 0xb64530, 0x0, 0x161c, 0xfe604a48, 0x0), at 0xfde0c11c =>[9] php_oci_statement_fetch(statement = 0x9d7868, nrows = 1U), line 147 in "oci8_statement.c" [10] php_oci_fetch_row(ht = 1, return_value = 0x9d7320, return_value_ptr = (nil), this_ptr = (nil), return_value_used = 1, mode = 5, expected_args = 1), line 1667 in "oci8.c" [11] zif_oci_fetch_assoc(ht = 1, return_value = 0x9d7320, return_value_ptr = (nil), this_ptr = (nil), return_value_used = 1), line 1462 in "oci8_interface.c" [12] zend_do_fcall_common_helper_SPEC(execute_data = 0xffbfec80), line 200 in "zend_vm_execute.h" [13] ZEND_DO_FCALL_SPEC_CONST_HANDLER(execute_data = 0xffbfec80), line 1642 in "zend_vm_execute.h" [14] execute(op_array = 0x9d7050), line 92 in "zend_vm_execute.h" [15] zend_execute_scripts(type = 8, retval = (nil), file_count = 3, ... = (nil), ...), line 1095 in "zend.c" [16] php_execute_script(0xffbff428, 0x878a44, 0xff386bbd, 0xfffffffd, 0x80808080, 0x1010101), at 0x5def0c [17] main(argc = 3, argv = 0xffbff4bc), line 1097 in "php_cli.c" Previous Comments: ------------------------------------------------------------------------ [2006-07-28 13:37:04] geoffwa at cs dot rmit dot edu dot au Still dies (and the error is in oci_fetch_assoc() not oci_free_statement(), my bad): $ ./php -v PHP 5.2.0RC2-dev (cli) (built: Jul 28 2006 23:00:59) Copyright (c) 1997-2006 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2006 Zend Technologies $ ./php -e test.php OCI8 DEBUG: OCINlsEnvironmentVariableGet at (/work/php-5.2/ext/oci8/oci8.c:1000) OCI8 DEBUG: OCIEnvNlsCreate at (/work/php-5.2/ext/oci8/oci8.c:1160) OCI8 DEBUG: OCIHandleAlloc at (/work/php-5.2/ext/oci8/oci8.c:1185) OCI8 DEBUG: OCIServerAttach at (/work/php-5.2/ext/oci8/oci8.c:1194) OCI8 DEBUG: OCIHandleAlloc at (/work/php-5.2/ext/oci8/oci8.c:1204) OCI8 DEBUG: OCIHandleAlloc at (/work/php-5.2/ext/oci8/oci8.c:1213) OCI8 DEBUG: OCIHandleAlloc at (/work/php-5.2/ext/oci8/oci8.c:1222) OCI8 DEBUG: OCIAttrSet at (/work/php-5.2/ext/oci8/oci8.c:1232) OCI8 DEBUG: OCIAttrSet at (/work/php-5.2/ext/oci8/oci8.c:1243) OCI8 DEBUG: OCIAttrSet at (/work/php-5.2/ext/oci8/oci8.c:1253) OCI8 DEBUG: OCIAttrSet at (/work/php-5.2/ext/oci8/oci8.c:1262) OCI8 DEBUG: OCISessionBegin at (/work/php-5.2/ext/oci8/oci8.c:1293) OCI8 DEBUG: OCIHandleAlloc at (/work/php-5.2/ext/oci8/oci8_statement.c:61) OCI8 DEBUG: OCIStmtPrepare2 at (/work/php-5.2/ext/oci8/oci8_statement.c:65) OCI8 DEBUG: OCIAttrSet at (/work/php-5.2/ext/oci8/oci8_statement.c:119) OCI8 DEBUG: OCIAttrSet at (/work/php-5.2/ext/oci8/oci8_statement.c:128) OCI8 DEBUG: OCIAttrGet at (/work/php-5.2/ext/oci8/oci8_statement.c:297) OCI8 DEBUG: OCIStmtExecute at (/work/php-5.2/ext/oci8/oci8_statement.c:321) OCI8 DEBUG: OCIAttrGet at (/work/php-5.2/ext/oci8/oci8_statement.c:350) OCI8 DEBUG: OCIParamGet at (/work/php-5.2/ext/oci8/oci8_statement.c:372) OCI8 DEBUG: OCIAttrGet at (/work/php-5.2/ext/oci8/oci8_statement.c:381) OCI8 DEBUG: OCIAttrGet at (/work/php-5.2/ext/oci8/oci8_statement.c:391) OCI8 DEBUG: OCIAttrGet at (/work/php-5.2/ext/oci8/oci8_statement.c:404) OCI8 DEBUG: OCIAttrGet at (/work/php-5.2/ext/oci8/oci8_statement.c:414) OCI8 DEBUG: OCIAttrGet at (/work/php-5.2/ext/oci8/oci8_statement.c:424) OCI8 DEBUG: OCIDescriptorFree at (/work/php-5.2/ext/oci8/oci8_statement.c:432) OCI8 DEBUG: OCIHandleAlloc at (/work/php-5.2/ext/oci8/oci8_statement.c:55) OCI8 DEBUG: OCIHandleAlloc at (/work/php-5.2/ext/oci8/oci8_statement.c:61) OCI8 DEBUG: OCIAttrSet at (/work/php-5.2/ext/oci8/oci8_statement.c:119) OCI8 DEBUG: OCIAttrSet at (/work/php-5.2/ext/oci8/oci8_statement.c:128) OCI8 DEBUG: OCIDefineByPos at (/work/php-5.2/ext/oci8/oci8_statement.c:557) OCI8 DEBUG: OCIStmtFetch at (/work/php-5.2/ext/oci8/oci8_statement.c:147) Got row OCI8 DEBUG: OCIStmtFetch at (/work/php-5.2/ext/oci8/oci8_statement.c:147) Got row OCI8 DEBUG: OCIHandleFree at (/work/php-5.2/ext/oci8/oci8_statement.c:592) OCI8 DEBUG: OCIHandleFree at (/work/php-5.2/ext/oci8/oci8_statement.c:601) Segmentation fault (core dumped) Backtrace (now with --enable-debug): [EMAIL PROTECTED] ([EMAIL PROTECTED]) program terminated by signal SEGV (no mapping at the fault address) 0xfe108a00: kpcxc2r+0x003c: ld [%i1 + 84], %g2 Current function is php_oci_statement_fetch (optimized) 147 statement->errcode = PHP_OCI_CALL(OCIStmtFetch, (statement->stmt, statement->err, nrows, OCI_FETCH_NEXT, OCI_DEFAULT)); (dbx) where current thread: [EMAIL PROTECTED] [1] kpcxc2r(0x8bcd4c, 0x5a5a5a5a, 0x8b6eb4, 0x0, 0x5ff21c, 0x13), at 0xfe108a00 [2] kpcxk2u(0x8b6eb4, 0xffbfc3e4, 0xfe6266f8, 0x0, 0xffbfc3dc, 0x99416c), at 0xfe10b814 [3] ttccDefineConvert(0x18, 0xffbfc3e4, 0xffbfc3f0, 0xffbfc3dc, 0x5a5a5a5a, 0x75), at 0xfe10715c [4] ttccfpg(0x0, 0x8b8f40, 0x5a5a5a5a, 0x0, 0x9941a8, 0x4), at 0xfe1076d0 [5] ttcfour(0x8a92fc, 0x8b6eb4, 0x0, 0x0, 0x8bd818, 0xffbfe7d0), at 0xfe106770 [6] kpufCopyPrefRows(0x8a92fc, 0x0, 0x0, 0x1a18, 0x2, 0xffbfe7d0), at 0xfde09d34 [7] kpufch0(0x0, 0x8bee78, 0xffbfe8b4, 0x2, 0x0, 0x20000), at 0xfde0a654 [8] kpufch(0x0, 0x8bfa00, 0x0, 0x161c, 0xfe604a48, 0x0), at 0xfde0c11c =>[9] php_oci_statement_fetch(statement = ???, nrows = ???) (optimized), at 0x256c7c (line ~147) in "oci8_statement.c" [10] php_oci_fetch_row(ht = ???, return_value = ???, return_value_ptr = ???, this_ptr = ???, return_value_used = ???, mode = ???, expected_args = ???) (optimized), at 0x25180c (line ~1667) in "oci8.c" [11] zif_oci_fetch_assoc(ht = ???, return_value = ???, return_value_ptr = ???, this_ptr = ???, return_value_used = ???) (optimized), at 0x2624c8 (line ~1462) in "oci8_interface.c" [12] zend_do_fcall_common_helper_SPEC(execute_data = ???) (optimized), at 0x4ca168 (line ~200) in "zend_vm_execute.h" [13] ZEND_DO_FCALL_SPEC_CONST_HANDLER(execute_data = ???) (optimized), at 0x4cd6b4 (line ~1642) in "zend_vm_execute.h" [14] execute(op_array = ???) (optimized), at 0x4c9d74 (line ~92) in "zend_vm_execute.h" [15] zend_execute_scripts(type = ???, retval = ???, file_count = ???, ... = ???, ...) (optimized), at 0x48e5a4 (line ~1095) in "zend.c" [16] php_execute_script(0xccc00, 0x0, 0x6c1, 0x5ff21c, 0x6cbf64, 0x11fc74), at 0x408f54 [17] main(argc = ???, argv = ???) (optimized), at 0x51a790 (line ~1097) in "php_cli.c" ------------------------------------------------------------------------ [2006-07-28 10:27:28] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5.2-latest.tar.gz For Windows: http://snaps.php.net/win32/php5.2-win32-latest.zip Can't reproduce, ------------------------------------------------------------------------ [2006-07-21 12:04:16] geoffwa at cs dot rmit dot edu dot au Description: ------------ Freeing nested cursors returned by a query crashes PHP. I can reproduce this on-demand. PHP built with: Sun C 5.8 Patch 121015-02 2006/03/29 Configure: (some directories culled for size) ./configure --with-zlib --with-bz2 --with-mysql \ --with-dom --with-zlib-dir --with-oci8 --enable-sigchild \ --with-filepro --with-dbase \ --with-curl=shared,/usr/local \ --with-openssl=shared,/usr/local \ --with-gd --with-freetype-dir --with-jpeg-dir \ --with-png-dir --with-xpm-dir --with-ttf --enable-xml \ --with-expat-dir --enable-dba --with-db4 \ --with-flatfile --enable-trans-id \ --enable-force-cgi-redirect --enable-fastcgi \ --enable-discard-path --enable-safe-mode \ --with-exec-dir=/usr/local/pkg/php-safe/bin \ --disable-short-tags --enable-sysvsem --enable-sysvshm \ --enable-memory-limit --without-snmp --with-apxs \ --with-config-file-path=/var/httpd/etc \ --with-ldap --with-xsl Reproduce code: --------------- <?php $dbh = oci_connect('geoffwa','XXX', 'DB'); $query =<<<EOQUERY SELECT t1.*, CURSOR( SELECT t2.* FROM all_tables t2 ) AS cursor FROM all_tables t1 EOQUERY; $sth = oci_parse($dbh, $query); // dies on oci_free_statement on 2nd pass through loop while ( $row = oci_fetch_assoc($sth) ) { print "Got row!\n"; oci_free_statement($row['CURSOR']); } oci_free_statement($sth); oci_close($dbh); ?> Expected result: ---------------- A whole lot of "Got row!" lines. Freeing nested cursors certainly shouldn't a seg fault. Actual result: -------------- Program output with oci_internal_debug on: OCINlsEnvironmentVariableGet at (/php-5.1.4/ext/oci8/oci8.c:995). OCIEnvNlsCreate at (/php-5.1.4/ext/oci8/oci8.c:1151). OCIHandleAlloc at (/php-5.1.4/ext/oci8/oci8.c:1176). OCIServerAttach at (/php-5.1.4/ext/oci8/oci8.c:1185). OCIHandleAlloc at (/php-5.1.4/ext/oci8/oci8.c:1195). OCIHandleAlloc at (/php-5.1.4/ext/oci8/oci8.c:1204). OCIHandleAlloc at (/php-5.1.4/ext/oci8/oci8.c:1213). OCIAttrSet at (/php-5.1.4/ext/oci8/oci8.c:1223). OCIAttrSet at (/php-5.1.4/ext/oci8/oci8.c:1234). OCIAttrSet at (/php-5.1.4/ext/oci8/oci8.c:1244). OCIAttrSet at (/php-5.1.4/ext/oci8/oci8.c:1253). OCISessionBegin at (/php-5.1.4/ext/oci8/oci8.c:1284). OCIHandleAlloc at (/php-5.1.4/ext/oci8/oci8_statement.c:61). OCIStmtPrepare2 at (/php-5.1.4/ext/oci8/oci8_statement.c:65). OCIAttrSet at (/php-5.1.4/ext/oci8/oci8_statement.c:119). OCIAttrSet at (/php-5.1.4/ext/oci8/oci8_statement.c:128). OCIAttrGet at (/php-5.1.4/ext/oci8/oci8_statement.c:297). OCIStmtExecute at (/php-5.1.4/ext/oci8/oci8_statement.c:321). OCIAttrGet at (/php-5.1.4/ext/oci8/oci8_statement.c:350). OCIParamGet at (/php-5.1.4/ext/oci8/oci8_statement.c:372). OCIAttrGet at (/php-5.1.4/ext/oci8/oci8_statement.c:381). OCIAttrGet at (/php-5.1.4/ext/oci8/oci8_statement.c:391). OCIAttrGet at (/php-5.1.4/ext/oci8/oci8_statement.c:404). OCIAttrGet at (/php-5.1.4/ext/oci8/oci8_statement.c:414). OCIAttrGet at (/php-5.1.4/ext/oci8/oci8_statement.c:424). OCIDescriptorFree at (/php-5.1.4/ext/oci8/oci8_statement.c:432). OCIHandleAlloc at (/php-5.1.4/ext/oci8/oci8_statement.c:55). OCIHandleAlloc at (/php-5.1.4/ext/oci8/oci8_statement.c:61). OCIAttrSet at (/php-5.1.4/ext/oci8/oci8_statement.c:119). OCIAttrSet at (/php-5.1.4/ext/oci8/oci8_statement.c:128). OCIDefineByPos at (/php-5.1.4/ext/oci8/oci8_statement.c:557). OCIStmtFetch at (/php-5.1.4/ext/oci8/oci8_statement.c:147). Got row. OCIStmtFetch at (/php-5.1.4/ext/oci8/oci8_statement.c:147). Got row. OCIHandleFree at (/php-5.1.4/ext/oci8/oci8_statement.c:592). OCIHandleFree at (/php-5.1.4/ext/oci8/oci8_statement.c:601). Segmentation fault (core dumped) Backtrace: (dbx) where current thread: [EMAIL PROTECTED] =>[1] kpcxc2r(0x6181ac, 0x0, 0x612314, 0x0, 0x40e940, 0x13), at 0xfe108a00 [2] kpcxk2u(0x612314, 0xffbfc414, 0xfe6266f8, 0x0, 0xffbfc40c, 0x6ef90c), at 0xfe10b814 [3] ttccDefineConvert(0x18, 0xffbfc414, 0xffbfc420, 0xffbfc40c, 0x0, 0x75), at 0xfe10715c [4] ttccfpg(0x0, 0x6143a0, 0x0, 0x0, 0x6ef948, 0x4), at 0xfe1076d0 [5] ttcfour(0x605e9c, 0x612314, 0x0, 0x0, 0x618c78, 0xffbfe800), at 0xfe106770 [6] kpufCopyPrefRows(0x605e9c, 0x0, 0x0, 0x1a18, 0x2, 0xffbfe800), at 0xfde09d34 [7] kpufch0(0x0, 0x61a2d8, 0xffbfe8e4, 0x2, 0x0, 0x20000), at 0xfde0a654 [8] kpufch(0x0, 0x61ae60, 0x0, 0x161c, 0xfe604a48, 0x0), at 0xfde0c11c [9] php_oci_statement_fetch(0x6e8670, 0x1, 0x489180, 0x0, 0x40e940, 0x13), at 0x14ac30 [10] php_oci_fetch_row(0x1, 0x61e738, 0x6e8670, 0x7a838, 0x1, 0x9cc00), at 0x1461b4 [11] zif_oci_fetch_assoc(0x1, 0x61e738, 0x0, 0x0, 0x1, 0x1), at 0x15585c [12] zend_do_fcall_common_helper_SPEC(0xffbfebf0, 0x0, 0x4e1468, 0x59c390, 0x4a5d60, 0x1), at 0x37396c [13] execute(0xffbfebf4, 0x0, 0x376a3c, 0x59c390, 0x4a9c10, 0x4a9d80), at 0x3735dc [14] zend_execute_scripts(0x8, 0x0, 0x5954e0, 0x0, 0x40e940, 0x4a9c9c), at 0x33ec04 [15] php_execute_script(0xffbff330, 0x4aa1b4, 0x2, 0x40e940, 0x40e940, 0x9b1f8), at 0x2ca414 [16] main(0x3, 0x0, 0xffbff464, 0x9b874, 0x1, 0x9b6fc), at 0x3ba020 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=38173&edit=1
