PHP :: Bug #41043 :: pdo_oci crash when freeing error text with persistent connection

Bug #41043	pdo_oci crash when freeing error text with persistent connection
Submitted:	2007-04-10 19:29 UTC	Modified:	2016-03-08 01:42 UTC
From:	bpd at keynetics dot com	Assigned:	sixd (profile)
Status:	Closed	Package:	PDO OCI
PHP Version:	5.2.1	OS:	linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	bpd at keynetics dot com
New email:
PHP Version:		OS:

New Comment:

[2007-04-10 19:29 UTC] bpd at keynetics dot com

Description:
------------
A segmentation fault results when the pdo_oci driver receives an error message from the oracle server.

Reproduce code:
---------------
<?php
try {
  $pdo = new PDO("oci:dbname=instance", "bad_user", "bad_pass",
      array(PDO::ATTR_PERSISTENT => true));
} catch (Exception $e) {
  echo "Caught exception: ", $e->getMessage(), "\n";
}


Expected result:
----------------
Caught exception: SQLSTATE[42S02]: pdo_oci_handle_factory: ORA-12154: TNS:could not resolve the connect identifier specified
 (/opt/php/src/ext/pdo_oci/oci_driver.c:462)


Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1235028304 (LWP 19840)]
0xb6920a2f in free () from /lib/tls/i686/cmov/libc.so.6
(gdb) bt
#0  0xb6920a2f in free () from /lib/tls/i686/cmov/libc.so.6
#1  0x08212c8c in oci_handle_closer ()
#2  0x08213db1 in pdo_oci_handle_factory ()
#3  0x082068b1 in zim_PDO_dbh_constructor ()
#4  0x084978b9 in execute_internal ()
#5  0xb6589b51 in xdebug_execute_internal (current_execute_data=0xbfaf1d40,
    return_value_used=0, tsrm_ls=0x87b5038)
    at /tmp/pear/cache/xdebug-2.0.0RC3/xdebug.c:1550
#6  0x0849810f in zend_do_fcall_common_helper_SPEC ()
#7  0x08498f87 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER ()
#8  0x08497bcb in execute ()
#9  0xb6589594 in xdebug_execute (op_array=0xb65f8d84, tsrm_ls=0x87b5038)
    at /tmp/pear/cache/xdebug-2.0.0RC3/xdebug.c:1487
#10 0x08474758 in zend_execute_scripts ()
#11 0x08415e88 in php_execute_script ()
#12 0x084f920e in main ()

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2007-04-10 19:34 UTC] bpd at keynetics dot com

This patch seems to fix the problem. I think that the pefree() macro is being used incorrectly as the code which populates the einfo.errmsg member is not persistent aware.

--- oci_driver.c.orig   2007-04-10 11:33:52.000000000 -0600
+++ oci_driver.c        2007-04-10 11:33:59.000000000 -0600
@@ -206,7 +206,7 @@
        }

        if (H->einfo.errmsg) {
-               pefree(H->einfo.errmsg, dbh->is_persistent);
+               efree(H->einfo.errmsg);
                H->einfo.errmsg = NULL;
        }

[2007-04-10 20:28 UTC] tony2001@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

[2016-03-08 01:42 UTC] sixd@php.net

-Package: PDO related +Package: PDO OCI -Assigned To: +Assigned To: sixd

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Feb 01 21:01:33 2025 UTC