Bug #44852 [Fbk->NoF]: PDO_OCI crashes

php-bugs Sun, 17 Feb 2013 16:34:48 -0800

Edit report at https://bugs.php.net/bug.php?id=44852&edit=1


 ID:               44852
 Updated by:       php-bugs@lists.php.net
 Reported by:      der...@php.net
 Summary:          PDO_OCI crashes
-Status:           Feedback
+Status:           No Feedback
 Type:             Bug
 Package:          PDO related
 Operating System: Linux
 PHP Version:      5.*, 6CVS (2009-04-25)

 New Comment:

No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.


Previous Comments:
------------------------------------------------------------------------
[2013-01-16 04:24:02] s...@php.net

See if this is resolved now that https://bugs.php.net/bug.php?id=57702 is fixed.

------------------------------------------------------------------------
[2009-04-25 15:01:13] j...@php.net

See also bug #44589

------------------------------------------------------------------------
[2008-04-28 09:14:12] der...@php.net

Issue #44589 is the same, but has a bit more information. Keeping both open as 
they complement each other. (The other one has a test script)

------------------------------------------------------------------------
[2008-04-28 09:12:12] der...@php.net

Description:
------------
PDO/OCI segfaults while describing columns. I gave a stab at a quick 
reproducing script, but did not manage unfortunately. I get this issue by 
running the WorkflowDatabaseTiein component test suite with:

php -dmemory_limit=-1 UnitTest/src/runtests.php -v -D 
oracle://ezc:wee123@ezctest/ezctest 
WorkflowDatabaseTiein/tests/execution_test.php

Reproduce code:
---------------
Database schema:

CREATE TABLE "execution" (
        "execution_id" number NOT NULL,
        "execution_next_thread_id" number NOT NULL,
        "execution_parent" number NOT NULL,
        "execution_started" number NOT NULL,
        "execution_threads" clob,
        "execution_variables" clob,
        "execution_waiting_for" clob,
        "workflow_id" number NOT NULL
)
CREATE SEQUENCE "execution_execution_id_seq" start with 1 increment by 1 
nomaxvalue
CREATE OR REPLACE TRIGGER "execution_execution_id_trg" before insert on 
"execution" for each row begin select "execution_execution_id_seq".nextval into 
:new."execution_id" from dual; end;
ALTER TABLE "execution" ADD CONSTRAINT "execution_pkey" PRIMARY KEY ( 
"execution_id" )
CREATE INDEX "execution_parent" ON "execution" ( "execution_parent" )
CREATE TABLE "execution_state" (
        "execution_id" number NOT NULL,
        "node_activated_from" clob NOT NULL,
        "node_id" number NOT NULL,
        "node_state" clob,
        "node_thread_id" number NOT NULL
)
ALTER TABLE "execution_state" ADD CONSTRAINT "execution_state_pkey" PRIMARY KEY 
( "execution_id", "node_id" )
CREATE TABLE "node" (
        "node_class" varchar2(255) NOT NULL,
        "node_configuration" clob,
        "node_id" number NOT NULL,
        "workflow_id" number NOT NULL
)
CREATE SEQUENCE "node_node_id_seq" start with 1 increment by 1 nomaxvalue
CREATE OR REPLACE TRIGGER "node_node_id_trg" before insert on "node" for each 
row begin select "node_node_id_seq".nextval into :new."node_id" from dual; end;
ALTER TABLE "node" ADD CONSTRAINT "node_pkey" PRIMARY KEY ( "node_id" )
CREATE INDEX "workflow_id" ON "node" ( "workflow_id" )
CREATE TABLE "node_connection" (
        "in_node_id" number NOT NULL,
        "out_node_id" number NOT NULL
)
CREATE INDEX "in_node_id" ON "node_connection" ( "in_node_id" )
CREATE TABLE "variable_handler" (
        "class" varchar2(255) NOT NULL,
        "variable" varchar2(255) NOT NULL,
        "workflow_id" number NOT NULL
)
ALTER TABLE "variable_handler" ADD CONSTRAINT "variable_handler_pkey" PRIMARY 
KEY ( "class", "workflow_id" )
CREATE TABLE "workflow" (
        "workflow_created" number NOT NULL,
        "workflow_id" number NOT NULL,
        "workflow_name" varchar2(64) NOT NULL,
        "workflow_version" number DEFAULT 1 NOT NULL
)
CREATE SEQUENCE "workflow_workflow_id_seq" start with 1 increment by 1 
nomaxvalue
CREATE OR REPLACE TRIGGER "workflow_workflow_id_trg" before insert on 
"workflow" for each row begin select "workflow_workflow_id_seq".nextval into 
:new."workflow_id" from dual; end;
ALTER TABLE "workflow" ADD CONSTRAINT "workflow_pkey" PRIMARY KEY ( 
"workflow_id" )
CREATE UNIQUE INDEX "name_version" ON "workflow" ( "workflow_name", 
"workflow_version" )


Actual result:
--------------
Segfault:

backtrace:

#0  0xb7447574 in kghualloc () from 
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1
No symbol table info available.
#1  0xb73e865f in kohalc () from 
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1
No symbol table info available.
#2  0xb73e7f4f in kohalc () from 
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1
No symbol table info available.
#3  0xb73e8902 in kohalw () from 
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1
No symbol table info available.
#4  0xb7283b83 in kollalfn () from 
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1
No symbol table info available.
#5  0xb6d401d3 in kpugdesc () from 
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1
No symbol table info available.
#6  0xb6e0e5a6 in OCIDescriptorAlloc () from 
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1
No symbol table info available.
#7  0x08209985 in oci_stmt_describe (stmt=0xb30291a8, colno=2) at 
/root/src/php-5.2.5/ext/pdo_oci/oci_statement.c:553
        S = (pdo_oci_stmt *) 0xb32c384c
        param = (OCIParam *) 0x8959404
        colname = (text *) 0x8963b4c "node_configuration"
        dtype = 112
        data_size = 4000
        scale = 0
        precis = 0
        namelen = 18
        col = (struct pdo_column_data *) 0xb3031b40
        dyn = 0 '\0'
#8  0x081f94c0 in pdo_stmt_describe_columns (stmt=0xb30291a8) at 
/root/src/php-5.2.5/ext/pdo/pdo_stmt.c:198
        col = 2
#9  0x081fa38c in zim_PDOStatement_execute (ht=0, return_value=0xb3027f54, 
return_value_ptr=0x0, this_ptr=0xb32cb20c, return_value_used=0)
    at /root/src/php-5.2.5/ext/pdo/pdo_stmt.c:509
        input_params = (zval *) 0x0
        ret = 1
        stmt = (pdo_stmt_t *) 0xb30291a8
#10 0x0847d9e6 in execute_internal (execute_data_ptr=0xbfbd4f14, 
return_value_used=0) at /root/src/php-5.2.5/Zend/zend_execute.c:1385
        return_value_ptr = (zval **) 0xbfbd3f94
#11 0xb6525765 in xdebug_execute_internal (current_execute_data=0xbfbd4f14, 
return_value_used=0) at /tmp/pear/cache/xdebug-2.0.3/xdebug.c:1605
        edata = (zend_execute_data *) 0xbfbd4f14
        fse = (function_stack_entry *) 0x89d1ca8
        cur_opcode = (zend_op *) 0x0
        do_return = 1
        function_nr = 9158
#12 0x0847e093 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfbd4f14) at 
/root/src/php-5.2.5/Zend/zend_vm_execute.h:202
        return_reference = 0 '\0'
        opline = (zend_op *) 0xb31a6400
        original_return_value = (zval **) 0x847fa09
        current_scope = (zend_class_entry *) 0xb3197098
        current_this = (zval *) 0xb3021d94
        return_value_used = 0
        should_change_scope = 1 '\001'
        ctor_opline = (zend_op *) 0xb654c19c
#13 0x0847ecc7 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbfbd4f14) 
at /root/src/php-5.2.5/Zend/zend_vm_execute.h:322
No locals.
#14 0x0847dbe0 in execute (op_array=0xb3215f08) at 
/root/src/php-5.2.5/Zend/zend_vm_execute.h:92
        execute_data = {opline = 0xb31a6400, function_state = 
{function_symbol_table = 0xb32c2504, function = 0x88125e0, reserved = 
{0xbfbd7274, 0xbfbd50d4, 0xbfbd4f58, 
      0xb6523748}}, fbc = 0x88125e0, op_array = 0xb3215f08, object = 
0xb32cb20c, Ts = 0xbfbd3860, CVs = 0xbfbd3810, original_in_execution = 1 
'\001', 
  symbol_table = 0xb32ab6f8, prev_execute_data = 0xbfbd5f34, 
old_error_reporting = 0x0}
#15 0xb65253f7 in xdebug_execute (op_array=0xb3215f08) at 
/tmp/pear/cache/xdebug-2.0.3/xdebug.c:1541
        dummy = (zval **) 0x0
        edata = (zend_execute_data *) 0xbfbd5f34
        fse = (function_stack_entry *) 0x89ce800
        xfse = (function_stack_entry *) 0x5
        magic_cookie = 0x0
        do_return = 1
        function_nr = 9032
        le = (xdebug_llist_element *) 0xbfbd5038
        eval_id = 0
#16 0x0847e1f7 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfbd5f34) at 
/root/src/php-5.2.5/Zend/zend_vm_execute.h:234
        opline = (zend_op *) 0xb309d7f8
        original_return_value = (zval **) 0xbfbd61a8
        current_scope = (zend_class_entry *) 0xb310be10
        current_this = (zval *) 0xb302b098
        return_value_used = 1
        should_change_scope = 1 '\001'
        ctor_opline = (zend_op *) 0xb654c19c
#17 0x0847ecc7 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbfbd5f34) 
at /root/src/php-5.2.5/Zend/zend_vm_execute.h:322
No locals.
#18 0x0847dbe0 in execute (op_array=0xb3096670) at 
/root/src/php-5.2.5/Zend/zend_vm_execute.h:92
        execute_data = {opline = 0xb309d7f8, function_state = 
{function_symbol_table = 0xb32ab6f8, function = 0xb3215f08, reserved = 
{0xbfbd7274, 0xbfbd60d8, 0xbfbd5f78, 
      0xb6523748}}, fbc = 0xb3215f08, op_array = 0xb3096670, object = 
0xb3021d94, Ts = 0xbfbd50f0, CVs = 0xbfbd50b0, original_in_execution = 1 
'\001', 
  symbol_table = 0xb32ab8fc, prev_execute_data = 0xbfbd61d4, 
old_error_reporting = 0x0}
#19 0xb65253f7 in xdebug_execute (op_array=0xb3096670) at 
/tmp/pear/cache/xdebug-2.0.3/xdebug.c:1541
        dummy = (zval **) 0x0
        edata = (zend_execute_data *) 0xbfbd61d4
        fse = (function_stack_entry *) 0x89c3760
        xfse = (function_stack_entry *) 0x19
        magic_cookie = 0x0
        do_return = 1
        function_nr = 8930
        le = (xdebug_llist_element *) 0xbfbd6058
        eval_id = 0
#20 0x0847e1f7 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfbd61d4) at 
/root/src/php-5.2.5/Zend/zend_vm_execute.h:234
        opline = (zend_op *) 0xb3105fa0
        original_return_value = (zval **) 0xbfbd67b8
        current_scope = (zend_class_entry *) 0xb310be10
        current_this = (zval *) 0xb302b098
        return_value_used = 0
        should_change_scope = 1 '\001'
        ctor_opline = (zend_op *) 0xb654c19c
#21 0x0847ecc7 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbfbd61d4) 
at /root/src/php-5.2.5/Zend/zend_vm_execute.h:322
No locals.

(goes on for a bit - it's not a stack overflow)

The functions that I am calling just around it segfaulting:

 -> ezcQuerySelectOracle->prepare() 
/root/ezcomponents/trunk/WorkflowDatabaseTiein/src/definition_storage.php:94
   -> ezcQuery->prepare() 
/root/ezcomponents/trunk/Database/src/sqlabstraction/implementations/query_select_oracle.php:176
     -> ezcQuerySelectOracle->getQuery() 
/root/ezcomponents/trunk/Database/src/sqlabstraction/query.php:432
       -> ezcQuerySelect->getQuery() 
/root/ezcomponents/trunk/Database/src/sqlabstraction/implementations/query_select_oracle.php:143
        >=> 'SELECT "node_id", "node_class", "node_configuration" FROM "node" 
WHERE "workflow_id" = :ezcValue1'
      >=> 'SELECT "node_id", "node_class", "node_configuration" FROM "node" 
WHERE "workflow_id" = :ezcValue1'
     -> PDO->prepare('SELECT "node_id", "node_class", "node_configuration" FROM 
"node" WHERE "workflow_id" = :ezcValue1') 
/root/ezcomponents/trunk/Database/src/sqlabstraction/query.php:432
      >=> class PDOStatement { public $queryString = 'SELECT "node_id", 
"node_class", "node_configuration" FROM "node" WHERE "workflow_id" = 
:ezcValue1' }
     -> ezcQuery->doBind($stmt = class PDOStatement { public $queryString = 
'SELECT "node_id", "node_class", "node_configuration" FROM "node" WHERE 
"workflow_id" = :ezcValue1' }) 
/root/ezcomponents/trunk/Database/src/sqlabstraction/query.php:433
       -> PDOStatement->bindValue(':ezcValue1', 1, 2) 
/root/ezcomponents/trunk/Database/src/sqlabstraction/query.php:393
        >=> TRUE
      >=> NULL
    >=> class PDOStatement { public $queryString = 'SELECT "node_id", 
"node_class", "node_configuration" FROM "node" WHERE "workflow_id" = 
:ezcValue1' }
  >=> class PDOStatement { public $queryString = 'SELECT "node_id", 
"node_class", "node_configuration" FROM "node" WHERE "workflow_id" = 
:ezcValue1' }
 -> PDOStatement->execute() 
/root/ezcomponents/trunk/WorkflowDatabaseTiein/src/definition_storage.php:95


valgrind:

==8810== 
==8810== Invalid write of size 4
==8810==    at 0x4EC3574: kghualloc (in 
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810==    by 0x4E6465E: (within 
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810==    by 0x4E63F4E: kohalc (in 
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810==    by 0x4E64901: kohalw (in 
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810==    by 0x4CFFB82: kollalfn (in 
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810==    by 0x47BC1D2: kpugdesc (in 
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810==    by 0x488A5A5: OCIDescriptorAlloc (in 
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810==    by 0x8209984: oci_stmt_describe (oci_statement.c:553)
==8810==    by 0x81F94BF: pdo_stmt_describe_columns (pdo_stmt.c:198)
==8810==    by 0x81FA38B: zim_PDOStatement_execute (pdo_stmt.c:509)
==8810==    by 0x847D9E5: execute_internal (zend_execute.c:1385)
==8810==    by 0x5AB6764: xdebug_execute_internal (xdebug.c:1605)
==8810==  Address 0x3D34 is not stack'd, malloc'd or (recently) free'd
==8810== 
==8810== Process terminating with default action of signal 11 (SIGSEGV)
==8810==  Access not within mapped region at address 0x3D34
==8810==    at 0x4EC3574: kghualloc (in 
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810==    by 0x4E6465E: (within 
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810==    by 0x4E63F4E: kohalc (in 
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810==    by 0x4E64901: kohalw (in 
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810==    by 0x4CFFB82: kollalfn (in 
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810==    by 0x47BC1D2: kpugdesc (in 
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810==    by 0x488A5A5: OCIDescriptorAlloc (in 
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810==    by 0x8209984: oci_stmt_describe (oci_statement.c:553)
==8810==    by 0x81F94BF: pdo_stmt_describe_columns (pdo_stmt.c:198)
==8810==    by 0x81FA38B: zim_PDOStatement_execute (pdo_stmt.c:509)
==8810==    by 0x847D9E5: execute_internal (zend_execute.c:1385)
==8810==    by 0x5AB6764: xdebug_execute_internal (xdebug.c:1605)
==8810== 
==8810== Invalid free() / delete / delete[]
==8810==    at 0x401CFA5: free (vg_replace_malloc.c:233)
==8810==    by 0x560CE4D: (within /lib/tls/libc-2.3.6.so)
==8810==    by 0x560C601: __libc_freeres (in /lib/tls/libc-2.3.6.so)
==8810==    by 0x40191F6: _vgnU_freeres (vg_preloaded.c:60)
==8810==    by 0x5393863: (within 
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810==    by 0x4E6465E: (within 
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810==    by 0x4E63F4E: kohalc (in 
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810==    by 0x4E64901: kohalw (in 
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810==    by 0x4CFFB82: kollalfn (in 
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810==    by 0x47BC1D2: kpugdesc (in 
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810==    by 0x488A5A5: OCIDescriptorAlloc (in 
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810==    by 0x8209984: oci_stmt_describe (oci_statement.c:553)
==8810==  Address 0x5722720 is not stack'd, malloc'd or (recently) free'd




------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=44852&edit=1

Bug #44852 [Fbk->NoF]: PDO_OCI crashes

Reply via email to