php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #61885 dba_fetch() segfaults with db-4.8
Submitted: 2012-05-01 03:41 UTC Modified: 2014-12-30 10:41 UTC
From: james at jamesreno dot com Assigned:
Status: No Feedback Package: DBM/DBA related
PHP Version: 5.3.11 OS: Linux-2.6 / CentOS 5.8
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: james at jamesreno dot com
New email:
PHP Version: OS:

 

 [2012-05-01 03:41 UTC] james at jamesreno dot com
Description:
------------
When using dba_fetch with a db4 database a segfault is generated and php 
crashes.

Important Notes:
We use db48 rpm from ZeroC for IcePHP Support. At the time of testing we did not 
have the IcePHP.so loaded to ensure that it was not a conflict with that module.

dba.so is linked against this db4 rpm:
http://www.zeroc.com/download/Ice/3.4/rhel5/x86_64/db48-devel-4.8.30-
1ice.rhel5.x86_64.rpm
[root@web2 ~]# ldd /usr/local/php/lib/php/extensions/no-debug-non-zts-
20090626/dba.so 
        linux-vdso.so.1 =>  (0x00007fff62deb000)
        libdb-4.8.so => /usr/lib64/libdb-4.8.so (0x00002b024cad9000)
        libc.so.6 => /lib64/libc.so.6 (0x00002b024ce43000)
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00002b024d19b000)
        /lib64/ld-linux-x86-64.so.2 (0x00002b024c6a3000)



Test script:
---------------
<?php
 $dbh = dba_open("/root/test.db","c","db4");
 $str = sha1("this is a test");
 $ret = dba_exists($str,$dbh);
 # <segfault>
?>


Expected result:
----------------
PHP to return the fetched dba result

Actual result:
--------------
Segfault


Program received signal SIGSEGV, Segmentation fault.
0x000000000171f190 in ?? ()
(gdb) bt
#0  0x000000000171f190 in ?? ()
#1  0x00002aaab1a347a6 in dba_exists_db4 (info=0x16ed090, key=<value optimized 
out>, keylen=<value optimized out>)
    at /usr/src/redhat/BUILD/lsgphp-1.0.6/php-5.3.11/ext/dba/dba_db4.c:211
#2  0x00002aaab1a33c48 in zif_dba_exists (ht=<value optimized out>, 
return_value=0x16d1318, return_value_ptr=<value optimized out>,
    this_ptr=<value optimized out>, return_value_used=<value optimized out>)
    at /usr/src/redhat/BUILD/lsgphp-1.0.6/php-5.3.11/ext/dba/dba.c:984
#3  0x00000000006e9bf9 in zend_do_fcall_common_helper_SPEC ()
#4  0x00000000006e8d4e in execute ()
#5  0x00000000006c2459 in zend_execute_scripts ()
#6  0x000000000066f0c8 in php_execute_script ()
#7  0x000000000074b27e in main ()


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-05-01 20:13 UTC] james at jamesreno dot com
dba_fetch() and dba_exists() are the same function under the hood, with 
different return values.  I noticed my example said dba_exists() while the 
subject said dba_fetch()... 

Both functions crash/segfault at the same code:
dba_fetch(): line 172: if (!dba->dbp->get(dba->dbp, NULL, &gkey, &gval, 0)) {
dba_exists():line 211: if (!dba->dbp->get(dba->dbp, NULL, &gkey, &gval, 0)) {

I am not sure how to debug this any further. would this indicate a problem in 
the db4 library or php?  I am (probably wrongfully) assuming it has something to 
do with the way the gkey and gval are passed by reference.

I am not sure what frame 0 is in the stack trace - gdb was not very useful here 
-- most likely its the actual dba->dbp "get"...

One additional note:
While we do use the rpm provided by ZeroC after further research it seems to 
simply be an UNMODIFIED version of the db-4.8.30.NC tarball provided by Oracle. 
Potentially the BDB API changed between 4.3 and 4.8 resulting in the segfult 
when get() is called?
 [2013-12-03 13:56 UTC] mike@php.net
-Status: Open +Status: Feedback
 [2013-12-03 13:56 UTC] mike@php.net
Cannot reproduce. Is this still an issue for you?
 [2014-12-30 10:41 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved.
Last updated: Fri Jan 03 08:01:28 2025 UTC