php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #10756 segfault. php tried to work with non-existent pgsql connection
Submitted: 2001-05-09 12:11 UTC Modified: 2001-05-27 19:26 UTC
From: stask at tiger dot unisquad dot com Assigned:
Status: Closed Package: PostgreSQL related
PHP Version: 4.0.5 OS: linux-2.2.19
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2001-05-09 12:11 UTC] stask at tiger dot unisquad dot com 
Concerning script. It is big, it uses mysql, and it
does not use postgres.

./configure  --with-pgsql=/usr/local/pgsql --with-mysql=/usr/local --disable-debug --enable-ftp --with-gd=/usr/local --enable-force-cgi-redirect --enable-sigchild
When I compile php without pgsql support, I see no segfault.

backtrace:
Program received signal SIGSEGV, Segmentation fault.
0x13822b in resetPQExpBuffer () from /usr/local/pgsql/lib/libpq.so.2
#0  0x13822b in resetPQExpBuffer () from /usr/local/pgsql/lib/libpq.so.2
#1  0x13382c in PQsendQuery () from /usr/local/pgsql/lib/libpq.so.2
#2  0x1342ef in PQexec () from /usr/local/pgsql/lib/libpq.so.2
#3  0x8079919 in _rollback_transactions (rsrc=0x81977c0) at pgsql.c:168
#4  0x80c9f11 in zend_hash_apply (ht=0x81569bc, 
    apply_func=0x80798fc <_rollback_transactions>) at zend_hash.c:692
#5  0x8079a7e in php_rshutdown_pgsql (type=1, module_number=5) at pgsql.c:246
#6  0x80c88ae in module_registry_cleanup (module=0x817ac00) at zend_API.c:785
#7  0x80c9f11 in zend_hash_apply (ht=0x8156b2c, 
    apply_func=0x80c8888 <module_registry_cleanup>) at zend_hash.c:692
#8  0x80c6b77 in zend_deactivate_modules () at zend.c:522
#9  0x80601b5 in php_request_shutdown (dummy=0x0) at main.c:670
#10 0x805f556 in main (argc=1, argv=0xbffff734) at cgi_main.c:763

(gdb) down
#4  0x80c9f11 in zend_hash_apply (ht=0x81569bc,
    apply_func=0x80798fc <_rollback_transactions>) at zend_hash.c:692
692                     if (apply_func(p->pData)) {
(gdb) p p->pData
$42 = (void *) 0x81bafd8
(gdb) down
#3  0x8079919 in _rollback_transactions (rsrc=0x81bafd8) at pgsql.c:168
168             PQexec(link,"BEGIN;ROLLBACK;");
(gdb) p *(zend_rsrc_list_entry *)0x81bafd8
$48 = {ptr = 0x81b85c0, type = 13, refcount = 135949652, valid = 9 '\t'}
             ^^^^^^^^^ - ptr to PGconn
(gdb) x/10 0x081b85c0
0x81b85c0:      0x081982f0      0x00000004      0x00000000      0x081b8f68
                ^^^^^^^^^^ - ptr to hostname
0x81b85d0:      0x081baf68      0x081b8f68      0x081b8f68      0x00000000
0x81b85e0:      0x00000000      0x00000000
(gdb) x/10 0x081982f0 (there should go hostname)
0x81982f0:      0x00000004      0x00000000      0x00000001      0x00000002
0x8198300:      0x00000000      0x00000000      0x00000000      0x00000000
0x8198310:      0x00000000      0x00000000
(gdb) x/10 0x081baf68 (a lot of those values in "PGconn")
0x81baf68:      0x00000000      0x00000019      0x5f736363      0x6e776f64
0x81baf78:      0x64616f6c      0x00000000      0x00000000      0x00000051
0x81baf88:      0x07815f70      0x00000026
(gdb) p (char *) 0x081baf70
$52 = 0x81baf70 "ccs_download"

"ccs_download" is a name of mysql database used by script.
So it looks like newly-written php_rshutdown_pgsql()
tries to use mysql connection or junk pointer instead of postgres connection.
I can't imagine where can I put breakpoints to see
when persistent_list is corrupt, so I ask you to fix this
bug.

Of course, I can add any information you need.

Thank you.

\bye
Stas

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-05-14 07:51 UTC] stask at tiger dot unisquad dot com 
Well, I don't see any reply. Did I missed something?

Software versions:
apache-1.3.19
mysql-3.23.33
postgres-7.1.1

Also, I've shortened script which triggers the bug:
<?php
  $Link_ID=mysql_pconnect("localhost", "my_user", "my_password");
  if (!$Link_ID) {
    print("pconnect() failed.");
    return 0;
  }
  // When I remove all code below, php eats 100% CPU
  // and exits after 30 seconds with the error message
  if (!@mysql_select_db("ccs_download",$Link_ID)) {
    print("cannot use database ");
    return 0;
  }
?>
 [2001-05-21 18:05 UTC] sniper@php.net 
Could you please try with the PHP 4.0.6RC1 found here:

http://www.php.net/~andi/php-4.0.6RC1.tar.gz

--Jani
 [2001-05-21 19:33 UTC] stask at tiger dot unisquad dot com 
Jani,

Thank you for reply :)
php-4.0.6RC1 taken at given URL produces almost the same segfault:

Program received signal SIGSEGV, Segmentation fault.
0x13822b in resetPQExpBuffer () from /usr/local/pgsql71/lib/libpq.so.2
#0  0x13822b in resetPQExpBuffer () from /usr/local/pgsql71/lib/libpq.so.2
#1  0x13382c in PQsendQuery () from /usr/local/pgsql71/lib/libpq.so.2
#2  0x1342ef in PQexec () from /usr/local/pgsql71/lib/libpq.so.2
#3  0x807a2f5 in _rollback_transactions (rsrc=0x8189e10) at pgsql.c:175
#4  0x80cba39 in zend_hash_apply (ht=0x8158308, 
    apply_func=0x807a2d8 <_rollback_transactions>) at zend_hash.c:688
#5  0x807a462 in php_rshutdown_pgsql (type=1, module_number=5) at pgsql.c:254
#6  0x80ca3f6 in module_registry_cleanup (module=0x817cd68) at zend_API.c:785
#7  0x80cba39 in zend_hash_apply (ht=0x8158478, 
    apply_func=0x80ca3d0 <module_registry_cleanup>) at zend_hash.c:688
#8  0x80c8687 in zend_deactivate_modules () at zend.c:522
#9  0x805feb5 in php_request_shutdown (dummy=0x0) at main.c:657
#10 0x805f27a in main (argc=1, argv=0xbffff844) at cgi_main.c:751

\bye
Stas
 [2001-05-25 13:17 UTC] sniper@php.net 
Reproduceable also with PHP 4.0.6RC1.

--Jani
 [2001-05-27 19:26 UTC] sniper@php.net 
Should be fixed in CVS now. Fix will be in PHP 4.0.6.
If this happens with it too, reopen this bug report.

--Jani
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Apr 25 01:01:30 2024 UTC