PHP :: Bug #58416 :: Segmentation fault in command-line PHP

Bug #58416

Segmentation fault in command-line PHP

Submitted:

2008-11-17 18:13 UTC

Modified:

2018-08-27 09:36 UTC

Votes:	1
Avg. Score:	4.0 ± 0.0
Reproduced:	0 of 0 (0.0%)

From:

james dot jones at firstinvestors dot com

Assigned:

vnkbabu (profile)

Status:

Closed

Package:

ibm_db2 (PECL)

PHP Version:

5.2.5

OS:

Linux

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	james dot jones at firstinvestors dot com
New email:
PHP Version:		OS:

New Comment:

[2008-11-17 18:13 UTC] james dot jones at firstinvestors dot com

Description:
------------
When running the code (in "Reproduce code" section below), I get a segmentation fault during cleanup (after the final echo).


Reproduce code:
---------------
<?php
echo "Connecting...\n";
$db = db2_connect('BOSS', 'bossweb', 'Htw2PsU2');
print_r($db);
echo "\nClosing...\n";
if(FALSE===db2_close($db)) {
	echo "Error while closing...";
}
echo "Closed.\n";
?>

Expected result:
----------------
Connecting...
Resource id #4
Closing...
Closed.


Actual result:
--------------
Connecting...
Resource id #4
Closing...
Closed.
Segmentation fault

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2008-11-18 04:17 UTC] abhargav at in dot ibm dot com

Hi,

I want to know on which platform you are getting this SegV. I tried it on Ubuntu server and it is working fine. Please send the machine/OS/platform details.

Regards,
Ambrish Bhargava

[2008-11-18 08:37 UTC] james dot jones at firstinvestors dot com

This is RHEL. uname -a returns:

Linux <omitted> 2.6.18-92.1.6.el5 #1 SMP Fri Jun 20 0
2:36:16 EDT 2008 i686

It's running as a VMWare image on a quad-core Intel box.

[2009-03-10 17:18 UTC] abhargav at in dot ibm dot com

Hi,

Try latest release.

Regards,
Ambrish Bhargava

[2009-03-12 16:57 UTC] james dot jones at firstinvestors dot com

Installed ibm_db2 1.8.2, and I'm still getting the Seg fault.

[2009-04-29 02:27 UTC] timothy dot j dot gustafson at gmail dot com

I am getting the same error on a FreeBSD 7.1 box even after updating to the latest port:

foo@bar$ php -v
PHP 5.2.9 (cli) (built: Apr  7 2009 16:56:45) 
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies
Segmentation fault: 11

I get a segfault even when I run just the "-v" command.  Scripts return the same segfault:

foo@bar$ ~/scripts/check-replicator.php 
Segmentation fault: 11

[2009-05-06 03:28 UTC] abhargav at in dot ibm dot com

Hi,

Can you try following patch (v1.8.2 of IBM_DB2) on ibm_db2.c file and check for SegV.

350,355d349
< 	/* Disconnect from DB. If stmt is allocated, it is freed automatically*/
< 	if ( handle->handle_active ) {
< 		rc = SQLDisconnect((SQLHDBC)handle->hdbc);
< 		rc = SQLFreeHandle(SQL_HANDLE_DBC, handle->hdbc);
< 		rc = SQLFreeHandle(SQL_HANDLE_ENV, handle->henv);
< 	}
356a351,356
> 		/* Disconnect from DB. If stmt is allocated, it is freed automatically*/
> 		if ( handle->handle_active ) {
> 			rc = SQLDisconnect((SQLHDBC)handle->hdbc);
> 			rc = SQLFreeHandle(SQL_HANDLE_DBC, handle->hdbc);
> 			rc = SQLFreeHandle(SQL_HANDLE_ENV, handle->henv);
> 		}
604,605d603
< 	le_conn_struct = zend_register_list_destructors_ex( _php_db2_free_conn_struct, NULL, DB2_CONN_NAME, module_number);
< 	le_pconn_struct = zend_register_list_destructors_ex(NULL, _php_db2_free_pconn_struct, DB2_PCONN_NAME, module_number);
606a605,606
> 	le_conn_struct = zend_register_list_destructors_ex( _php_db2_free_conn_struct, NULL, DB2_CONN_NAME, module_number);
> 	le_pconn_struct = zend_register_list_destructors_ex(NULL, _php_db2_free_pconn_struct, DB2_PCONN_NAME, module_number);	
2535a2536,2541
> 				RETURN_FALSE;
> 			}
> 
> 			rc = SQLFreeHandle( SQL_HANDLE_ENV, conn_res->henv);
> 			if ( rc == SQL_ERROR ) {
> 				_php_db2_check_sql_errors(conn_res->henv, SQL_HANDLE_DENV, rc, 1, NULL, -1, 1 TSRMLS_CC);

Regards,
Ambrish Bhargava

[2009-05-06 06:11 UTC] abhargav at in dot ibm dot com

Hi,

There is small correction in the patch. Please take following patch to verify:

350,355d349
< 	/* Disconnect from DB. If stmt is allocated, it is freed automatically*/
< 	if ( handle->handle_active ) {
< 		rc = SQLDisconnect((SQLHDBC)handle->hdbc);
< 		rc = SQLFreeHandle(SQL_HANDLE_DBC, handle->hdbc);
< 		rc = SQLFreeHandle(SQL_HANDLE_ENV, handle->henv);
< 	}
356a351,356
> 		/* Disconnect from DB. If stmt is allocated, it is freed automatically*/
> 		if ( handle->handle_active ) {
> 			rc = SQLDisconnect((SQLHDBC)handle->hdbc);
> 			rc = SQLFreeHandle(SQL_HANDLE_DBC, handle->hdbc);
> 			rc = SQLFreeHandle(SQL_HANDLE_ENV, handle->henv);
> 		}
499,500d498
< 	rc = SQLFreeHandle( SQL_HANDLE_STMT, handle->hstmt);
< 
501a500
> 		rc = SQLFreeHandle( SQL_HANDLE_STMT, handle->hstmt);
604,605d602
< 	le_conn_struct = zend_register_list_destructors_ex( _php_db2_free_conn_struct, NULL, DB2_CONN_NAME, module_number);
< 	le_pconn_struct = zend_register_list_destructors_ex(NULL, _php_db2_free_pconn_struct, DB2_PCONN_NAME, module_number);
606a604,605
> 	le_conn_struct = zend_register_list_destructors_ex( _php_db2_free_conn_struct, NULL, DB2_CONN_NAME, module_number);
> 	le_pconn_struct = zend_register_list_destructors_ex(NULL, _php_db2_free_pconn_struct, DB2_PCONN_NAME, module_number);	
2535a2535,2540
> 				RETURN_FALSE;
> 			}
> 
> 			rc = SQLFreeHandle( SQL_HANDLE_ENV, conn_res->henv);
> 			if ( rc == SQL_ERROR ) {
> 				_php_db2_check_sql_errors(conn_res->henv, SQL_HANDLE_ENV, rc, 1, NULL, -1, 1 TSRMLS_CC);

Regards,
Ambrish Bhargava

[2009-05-11 10:47 UTC] james dot jones at firstinvestors dot com

I applied the patch and I'm still getting the segfault.

[2009-05-13 05:28 UTC] abhargav at in dot ibm dot com

Hi,

I have added few more checks and also few print statements in the code (as the problem is not reproduced at my end). Please apply following in v1.8.2 of IBM_DB2 extension and send me back the output of the "Repo code" provided by you. The patch is:

347,361c347,366
<       int rc;
<
<       conn_handle *handle = (conn_handle*) rsrc->ptr;
<       /* Disconnect from DB. If stmt is allocated, it is freed automatically*/
<       if ( handle->handle_active ) {
<               rc = SQLDisconnect((SQLHDBC)handle->hdbc);
<               rc = SQLFreeHandle(SQL_HANDLE_DBC, handle->hdbc);
<               rc = SQLFreeHandle(SQL_HANDLE_ENV, handle->henv);
<       }
<       if ( handle != NULL ) {
<               if ( handle->flag_pconnect ) {
<                       /* Important to use regular free, we don't want the handled collected by efree */
<                       pefree(handle, 1);
<               } else {
<                       efree(handle);
---
>       if(rsrc != NULL) {
>               int rc;
>               conn_handle *handle = (conn_handle*) rsrc->ptr;
>               if ( handle != NULL ) {
>                       printf("_php_db2_free_conn_struct\n");
>                       /* Disconnect from DB. If stmt is allocated, it is freed automatically*/
>                       if ( handle->handle_active ) {
>                               rc = SQLDisconnect((SQLHDBC)handle->hdbc);
>                               rc = SQLFreeHandle(SQL_HANDLE_DBC, handle->hdbc);
>                               rc = SQLFreeHandle(SQL_HANDLE_ENV, handle->henv);
>                               printf("CLI handles free\n");
>                       }
>                       if ( handle->flag_pconnect ) {
>                               /* Important to use regular free, we don't want the handled collected by efree */
>                               pefree(handle, 1);
>                       } else {
>                               efree(handle);
>                               handle = NULL;
>                               printf("Handle memory free\n");
>                       }
495,503c500,510
<       int rc;
<
<       stmt_handle *handle = (stmt_handle*) rsrc->ptr;
<
<       rc = SQLFreeHandle( SQL_HANDLE_STMT, handle->hstmt);
<
<       if ( handle ) {
<               _php_db2_free_result_struct(handle);
<               efree(handle);
---
>       if(rsrc != NULL) {
>               int rc;
>               stmt_handle *handle = (stmt_handle*) rsrc->ptr;
>
>               if ( handle != NULL ) {
>                       printf("_php_db2_free_stmt_struct\n");
>                       rc = SQLFreeHandle( SQL_HANDLE_STMT, handle->hstmt);
>                       _php_db2_free_result_struct(handle);
>                       efree(handle);
>                       handle = NULL;
>               }
590c597
<               instance_name = (char *)malloc(strlen(DB2_VAR_INSTANCE) + strlen(tmp_name) + 1);
---
>               instance_name = (char *)emalloc(strlen(DB2_VAR_INSTANCE) + strlen(tmp_name) + 1);
604,606c611,613
<       le_conn_struct = zend_register_list_destructors_ex( _php_db2_free_conn_struct, NULL, DB2_CONN_NAME, module_number);
<       le_pconn_struct = zend_register_list_destructors_ex(NULL, _php_db2_free_pconn_struct, DB2_PCONN_NAME, module_number);
<       le_stmt_struct = zend_register_list_destructors_ex( _php_db2_free_stmt_struct, NULL, DB2_STMT_NAME, module_number);
---
>       le_stmt_struct = zend_register_list_destructors_ex(_php_db2_free_stmt_struct, NULL, DB2_STMT_NAME, module_number);
>       le_conn_struct = zend_register_list_destructors_ex(_php_db2_free_conn_struct, NULL, DB2_CONN_NAME, module_number);
>       le_pconn_struct = zend_register_list_destructors_ex(NULL,_php_db2_free_pconn_struct, DB2_PCONN_NAME, module_number);
618c625
<               free(_php_db2_instance_name);
---
>               efree(_php_db2_instance_name);
620a628
>       printf("PHP_MSHUTDOWN_FUNCTION\n");
2528a2537,2538
>                               SQLFreeHandle( SQL_HANDLE_DBC, conn_res->hdbc);
>                               SQLFreeHandle( SQL_HANDLE_ENV, conn_res->henv);
2534a2545
>                               rc = SQLFreeHandle( SQL_HANDLE_ENV, conn_res->henv);
2538a2550,2555
>                       rc = SQLFreeHandle( SQL_HANDLE_ENV, conn_res->henv);
>                       if ( rc == SQL_ERROR ) {
>                               _php_db2_check_sql_errors(conn_res->henv, SQL_HANDLE_ENV, rc, 1, NULL, -1, 1 TSRMLS_CC);
>                               RETURN_FALSE;
>                       }
>
2542c2559
<                       if (endpconnect) conn_res->flag_pconnect=1;
---
>                       if (endpconnect) conn_res->flag_pconnect = 1;

Regards,
Ambrish Bhargava

[2009-09-25 15:35 UTC] brent dot halsey at huntington dot com

Hello-  We are experiencing the same issues.  We are running Module release 	1.8.2
Module revision 	$Revision: 1.80 $
Binary data mode (ibm_db2.binmode) 	DB2_BINARY
DB2 instance name (ibm_db2.instance_name) 	db2inst1 

PHP 5.3.0:
System 	Linux pdlmole01 2.6.16.60-0.39.3-smp #1 SMP Mon May 11 11:46:34 UTC 2009 x86_64
Build Date 	Sep 18 2009 08:15:38
Configure Command 	'./configure' '--prefix=/opt/asa/php/php5.3.0/' '--with-apxs2=/opt/asa/apache/bin/apxs' '--with-mysql=/usr/local/mysql' '--with-libxml-dir=/usr/local' '--with-IBM_DB2=/opt/IBM/db2/V8.1' '--with-pdo-odbc=ibm-db2,/home/db2inst1/sqllib' 

I am running some code that worked on PHP 5.2.5 using :
Module release 	1.6.5
Module revision 	$Revision: 1.74 $
Binary data mode (ibm_db2.binmode) 	DB2_BINARY
DB2 instance name (ibm_db2.instance_name) 	db2inst2 
On that install I didn't compile it statically (also a different server, but same code I'm trying to execute):
System 	Linux pdlmid01 2.6.5-7.315-smp #1 SMP Wed Nov 26 13:03:18 UTC 2008 x86_64
Build Date 	May 16 2008 10:41:20
Configure Command 	'./configure' '--prefix=/opt/www/php' '--with-mysql=/usr/local/mysql' '--with-apxs2=/opt/www/apache/bin/apxs' '--with-libxml-dir=/usr/local' 


Any ideas why?  Let me know if you need any additional data.

Thanks!

[2009-10-07 06:47 UTC] abhargav at in dot ibm dot com

Hi,

Did you get similar issue when using PHP v5.2.5 and IBM_DB2 v1.8.2? And also did you try the patch attached with this mail (This patch is for v1.8.2 of IBM_DB2)?

Regards,
Ambrish Bhargava

[2010-04-16 11:06 UTC] kontakt at beberlei dot de

I get segfaults too. I am on Ubuntu/Linux + self compiled PHP 5.3.2 with IBM Db2 1.84.

Is there any way I can offer more debug information than the segfault details per se?

I run our PHPUnit Testsuite of Doctrine Project against my branch with an IBM DB2 driver on the console and using xdebug trace I find it to happen in db2_execute()

[2010-04-16 12:04 UTC] kontakt at beberlei dot de

Ok, i did a gdb debugging session and got the following information regarding the segfault, I hope it helps:

Program received signal SIGSEGV, Segmentation fault.
0x08564373 in _zend_is_inconsistent (ht=0x0, file=0x8aa1b08 "/home/benny/downloads/php-5.3.2/Zend/zend_hash.c", 
    line=875) at /home/benny/downloads/php-5.3.2/Zend/zend_hash.c:53
53		if (ht->inconsistent==HT_OK) {

the backtrace is:

(gdb) bt
#0  0x08564373 in _zend_is_inconsistent (ht=0x0, file=0x8aa1b08 "/home/benny/downloads/php-5.3.2/Zend/zend_hash.c", 
    line=875) at /home/benny/downloads/php-5.3.2/Zend/zend_hash.c:53
#1  0x08566891 in zend_hash_find (ht=0x0, arKey=0xb6a8bb0 "variable", nKeyLength=9, pData=0xbfffcdbc)
    at /home/benny/downloads/php-5.3.2/Zend/zend_hash.c:875
#2  0x012e9e33 in _php_db2_execute_helper (stmt_res=0xb6957b0, data=0x0, bind_cmp_list=1, bind_params=0)
    at /home/whitewashing/downloads/ibm_db2-1.8.4/ibm_db2.c:3886
#3  0x012ea462 in zif_db2_execute (ht=1, return_value=0xb66c844, return_value_ptr=0x0, this_ptr=0x0, 
    return_value_used=1) at /home/whitewashing/downloads/ibm_db2-1.8.4/ibm_db2.c:4068
#4  0x085850ec in zend_do_fcall_common_helper_SPEC (execute_data=0x8ce976c)
    at /home/benny/downloads/php-5.3.2/Zend/zend_vm_execute.h:313
#5  0x085856a9 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x8ce976c)
    at /home/benny/downloads/php-5.3.2/Zend/zend_vm_execute.h:418
#6  0x08584789 in execute (op_array=0xa9b7154) at /home/benny/downloads/php-5.3.2/Zend/zend_vm_execute.h:104
#7  0x0854aa7a in zend_call_function (fci=0xbfffd10c, fci_cache=0xbfffd130)
    at /home/benny/downloads/php-5.3.2/Zend/zend_execute_API.c:947
#8  0x0832f87c in zim_reflection_method_invokeArgs (ht=2, return_value=0xb6866d8, return_value_ptr=0x0, 
    this_ptr=0xb62e12c, return_value_used=1) at /home/benny/downloads/php-5.3.2/ext/reflection/php_reflection.c:2738
#9  0x085850ec in zend_do_fcall_common_helper_SPEC (execute_data=0x8ce6de0)
    at /home/benny/downloads/php-5.3.2/Zend/zend_vm_execute.h:313
#10 0x085856a9 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x8ce6de0)
    at /home/benny/downloads/php-5.3.2/Zend/zend_vm_execute.h:418
#11 0x08584789 in execute (op_array=0x9c859e8) at /home/benny/downloads/php-5.3.2/Zend/zend_vm_execute.h:104
#12 0x0855831a in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /home/benny/downloads/php-5.3.2/Zend/zend.c:1194
#13 0x084ee9b2 in php_execute_script (primary_file=0xbffff5b4) at /home/benny/downloads/php-5.3.2/main/main.c:2260
#14 0x08615b2f in main (argc=5, argv=0xbffff744) at /home/benny/downloads/php-5.3.2/sapi/cli/php_cli.c:1192

[2010-04-19 02:57 UTC] abhargav at in dot ibm dot com

Hi,

Thanks for the trace. I am not able to repro this problem at my end, hence sending you the patch. Please apply following patch to the ibm_db2.c file (v1.8.4 of IBM_DB2 extension) and let me know your feed back. 

Here is the patch:
--- PATCH STARTS ---

3886,3899c3886,3906
<                       if ( zend_hash_find(EG(active_symbol_table), curr->varname,
<                               strlen(curr->varname)+1, (void **) &bind_data ) != FAILURE ) {
<                               rc = _php_db2_bind_data( stmt_res, curr, bind_data TSRMLS_CC);
<                               if ( rc == SQL_ERROR ) {
<                                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "Binding Error 1");
<                                       return rc;
<                               }
<                               curr = curr->next;
<                       } else if ( zend_hash_find(&EG(symbol_table), curr->varname,
<                                               strlen(curr->varname)+1, (void **) &bind_data ) != FAILURE ) {
<                               rc = _php_db2_bind_data( stmt_res, curr, bind_data TSRMLS_CC);
<                               if ( rc == SQL_ERROR ) {
<                                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "Binding Error 1");
<                                       return rc;
---
>                       if ( curr->varname != NULL) {
>                               if ( zend_hash_find(EG(active_symbol_table), curr->varname,
>                                                       strlen(curr->varname)+1, (void **) &bind_data ) != FAILURE ) {
>                                       rc = _php_db2_bind_data( stmt_res, curr, bind_data TSRMLS_CC);
>                                       if ( rc == SQL_ERROR ) {
>                                               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Binding Error 1");
>                                               return rc;
>                                       }
>                                       curr = curr->next;
>                               } else if ( zend_hash_find(&EG(symbol_table), curr->varname,
>                                                       strlen(curr->varname)+1, (void **) &bind_data ) != FAILURE ) {
>                                       rc = _php_db2_bind_data( stmt_res, curr, bind_data TSRMLS_CC);
>                                       if ( rc == SQL_ERROR ) {
>                                               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Binding Error 1");
>                                               return rc;
>                                       }
>                                       curr = curr->next;
>                               } else {
>                                       /* value not found in the active symbol table */
>                                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "Value Not Bound");
>                                       return SQL_ERROR;
3901d3907
<                               curr = curr->next;

--- PATCH ENDS ---

Regards,
Ambrish Bhargava

[2010-04-19 03:06 UTC] abhargav at in dot ibm dot com

Hi,

Here is my analysis: Looks like @ ibm_db2.c:3886, curr->varname is null and hence SegV is there.

Regards,
Ambrish Bhargava

[2010-04-19 15:36 UTC] kontakt at beberlei dot de

nope thats not it, sorry. it fails for the same reason:

#0  0x0835d4e6 in zend_hash_find (ht=0x0, arKey=0xabac7f0 "variable", nKeyLength=9, pData=0xbfffa8c4)
    at /home/benny/downloads/php-5.3.2/Zend/zend_hash.c:880
#1  0x023f0149 in _php_db2_execute_helper (stmt_res=<value optimized out>, data=<value optimized out>, bind_cmp_list=1, bind_params=0)
    at /home/benny/code/c/php/ibm_db2/trunk/ibm_db2.c:3887
#2  0x023f0929 in zif_db2_execute (ht=1, return_value=0xab8d544, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1)
    at /home/benny/code/c/php/ibm_db2/trunk/ibm_db2.c:4074
#3  0x0837230e in execute_internal (execute_data_ptr=0x8a54e80, return_value_used=1) at /home/benny/downloads/php-5.3.2/Zend/zend_execute.c:1260
#4  0x012eaafe in xdebug_execute_internal (current_execute_data=0x8a54e80, return_value_used=1) at /usr/local/zend/temp/xdebug/xdebug.c:1631

[2010-04-20 02:43 UTC] kontakt at beberlei dot de

What happens if the variable given to db2_bind_param falls out of scope? say i write an abstraction layer with:

public function bindParam($param, $value)
{
    db2_bind_param($this->_stmt, $param, "value", DB2_PARAM_IN);
}

I call it:

$stmt->bindParam(1, $value);
unset($value);
$stmt->execute();

It would be more than helpful if there were a way to pass a variable, not the name of a variable to db2_bind_param.

[2010-04-20 14:12 UTC] kontakt at beberlei dot de

I don't know if that is even valid to do, but the following fixes it for me:

Index: ibm_db2.c
===================================================================
--- ibm_db2.c	(revision 298119)
+++ ibm_db2.c	(working copy)
@@ -3883,7 +3883,7 @@
 
 		while (curr != NULL ) {
 			/* Fetch data from symbol table */
-			if ( zend_hash_find(EG(active_symbol_table), curr->varname,
+			if ( zend_hash_find(@EG(active_symbol_table), curr->varname,
 				strlen(curr->varname)+1, (void **) &bind_data ) != FAILURE ) {
 				rc = _php_db2_bind_data( stmt_res, curr, bind_data TSRMLS_CC);
 				if ( rc == SQL_ERROR ) {

[2018-08-27 09:36 UTC] vnkbabu@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: vnkbabu

[2018-08-27 09:36 UTC] vnkbabu@php.net

As this issue is very old. Closing this issue.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Thu Jul 03 12:01:33 2025 UTC