PHP :: Bug #60104 :: Segmentation Fault in pdo_sqlite when using sqliteCreateFunction()

Bug #60104	Segmentation Fault in pdo_sqlite when using sqliteCreateFunction()
Submitted:	2011-10-20 16:39 UTC	Modified:	2011-11-08 10:11 UTC
From:	patrickallaert@php.net	Assigned:	dmitry (profile)
Status:	Closed	Package:	Reproducible crash
PHP Version:	trunk-SVN-2011-10-20 (SVN)	OS:	Gentoo Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	patrickallaert@php.net
New email:
PHP Version:		OS:

New Comment:

[2011-10-20 16:39 UTC] patrickallaert@php.net

Description:
------------
PHP 5.4 / trunk segfault while using phpunit.
It only happens with one specific test, however, it looks like that test content 
is not relevant at all, emptying its content or putting a 
"die" at the end of that test avoid the segfault. It must happen in the phpunit 
code after the execution of that test.

Tested using trunk @rev 318251

See the backtrace which is more relevant.

Actual result:
--------------
(gdb) bt
#0  0x0000000000922721 in ZEND_SEND_VAL_SPEC_CONST_HANDLER 
(execute_data=0x7fcee7305910) at /home/patrick.allaert/Projets/php-
src/Zend/zend_vm_execute.h:2361
#1  0x0000000000919b46 in execute (op_array=0x7fcee5293f78) at 
/home/patrick.allaert/Projets/php-src/Zend/zend_vm_execute.h:410
#2  0x00000000008dbb61 in zend_execute_scripts (type=8, retval=0x0, file_count=3) 
at /home/patrick.allaert/Projets/php-src/Zend/zend.c:1272
#3  0x0000000000852760 in php_execute_script (primary_file=0x7ffff390c1a0) at 
/home/patrick.allaert/Projets/php-src/main/main.c:2414
#4  0x0000000000a25095 in do_cli (argc=6, argv=0x7ffff390c548) at 
/home/patrick.allaert/Projets/php-src/sapi/cli/php_cli.c:983
#5  0x0000000000a25fad in main (argc=6, argv=0x7ffff390c548) at 
/home/patrick.allaert/Projets/php-src/sapi/cli/php_cli.c:1356

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2011-10-20 23:55 UTC] felipe@php.net

Please, paste the test source at somewhere.

[2011-10-20 23:55 UTC] felipe@php.net

-Status: Open +Status: Feedback

[2011-10-21 07:30 UTC] patrickallaert@php.net

<?php
class SegfaultTest extends PHPUnit_Framework_TestCase
{
    protected $handler;

    public function setUp()
    {
        try
        {
            $this->handler = new PDO( "sqlite::memory:" );
            $this->handler->sqliteCreateFunction( 'md5', array( 
'ezcQuerySqliteFunctions', 'md5Impl' ), 1 );
        }
        catch ( PDOException $e )
        {
            $this->markTestSkipped(
                'PDO session could not be created: ' . $e->getMessage()
            );
        }
    }

    public function tearDown()
    {
        unset( $this->handler );
    }

    public function testOne()
    {
    }

    public function testTwo()
    {
    }
}

[2011-10-21 10:15 UTC] patrickallaert@php.net

The segfault appears the second time it executes $this->handler-
>sqliteCreateFunction() in the setUp().

If unset() isn't used in tearDown(), then there is no crash.

[2011-10-26 09:04 UTC] patrickallaert@php.net

-Summary: Segmentation Fault +Summary: Segmentation Fault in pdo_sqlite when using sqliteCreateFunction()

[2011-10-26 09:32 UTC] patrickallaert@php.net

Automatic comment from SVN on behalf of patrickallaert
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=318424
Log: Added test for #60104

[2011-10-26 09:34 UTC] patrickallaert@php.net

I have been able to reproduce it without PHPUnit.
I committed ext/pdo_sqlite/tests/bug60104.phpt to make it easier.

[2011-11-02 18:26 UTC] patrickallaert@php.net

-Status: Feedback +Status: Open

[2011-11-04 19:13 UTC] patrickallaert@php.net

Automatic comment from SVN on behalf of patrickallaert
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=318784
Log: Added test for #60104

[2011-11-04 19:51 UTC] tony2001@php.net

Dmitry, could you take a look at it?
Looks like something is wrong with that caching thingie in the executor.. 

(gdb) f 0
#0  ZEND_INIT_METHOD_CALL_SPEC_CV_CONST_HANDLER (execute_data=0x7ffff7f9d1c0) at /local/qa/5_4_valgrind/Zend/zend_vm_execute.h:28949
28949           if ((EX(fbc)->common.fn_flags & ZEND_ACC_STATIC) != 0) {
(gdb) p *execute_data.fbc 
$10 = {type = 90 'Z', common = {type = 90 'Z', function_name = 0x5a5a5a5a5a5a5a5a <Address 0x5a5a5a5a5a5a5a5a out of bounds>, scope = 0x5a5a5a5a5a5a5a5a, 
    fn_flags = 1515870810, prototype = 0x5a5a5a5a5a5a5a5a, num_args = 1515870810, required_num_args = 1515870810, arg_info = 0x5a5a5a5a5a5a5a5a}, 
  op_array = {type = 90 'Z', function_name = 0x5a5a5a5a5a5a5a5a <Address 0x5a5a5a5a5a5a5a5a out of bounds>, scope = 0x5a5a5a5a5a5a5a5a, 
    fn_flags = 1515870810, prototype = 0x5a5a5a5a5a5a5a5a, num_args = 1515870810, required_num_args = 1515870810, arg_info = 0x5a5a5a5a5a5a5a5a, 
    refcount = 0x5a5a5a5a5a5a5a5a, opcodes = 0x5a5a5a5a5a5a5a5a, last = 1515870810, vars = 0x5a5a5a5a5a5a5a5a, last_var = 1515870810, T = 1515870810, 
    brk_cont_array = 0x5a5a5a5a5a5a5a5a, last_brk_cont = 1515870810, try_catch_array = 0x5a5a5a5a5a5a5a5a, last_try_catch = 1515870810, 
    static_variables = 0x5a5a5a5a5a5a5a5a, this_var = 1515870810, filename = 0x5a5a5a5a5a5a5a5a <Address 0x5a5a5a5a5a5a5a5a out of bounds>, 
    line_start = 1515870810, line_end = 1515870810, doc_comment = 0x5a5a5a5a5a5a5a5a <Address 0x5a5a5a5a5a5a5a5a out of bounds>, 
    doc_comment_len = 1515870810, early_binding = 1515870810, literals = 0x5a5a5a5a5a5a5a5a, last_literal = 1515870810, 
    run_time_cache = 0x5a5a5a5a5a5a5a5a, last_cache_slot = 1515870810, reserved = {0x5a5a5a5a5a5a5a5a, 0x5a5a5a5a5a5a5a5a, 0x5a5a5a5a5a5a5a5a, 
      0x5a5a5a5a5a5a5a5a}}, internal_function = {type = 90 'Z', function_name = 0x5a5a5a5a5a5a5a5a <Address 0x5a5a5a5a5a5a5a5a out of bounds>, 
    scope = 0x5a5a5a5a5a5a5a5a, fn_flags = 1515870810, prototype = 0x5a5a5a5a5a5a5a5a, num_args = 1515870810, required_num_args = 1515870810, 
    arg_info = 0x5a5a5a5a5a5a5a5a, handler = 0x5a5a5a5a5a5a5a5a, module = 0x5a5a5a5a5a5a5a5a}}

[2011-11-04 19:51 UTC] tony2001@php.net

-Status: Open +Status: Assigned -Assigned To: +Assigned To: dmitry

[2011-11-08 07:19 UTC] dmitry@php.net

I would say that the problem in "magic" PDO extension design. It creates and destroys method tables at runtime. See pdo_hash_methods() at pdo_dbh.c. As result ZE can't cache bindings of for such methods.

The problem may be solved in few ways.
1) Fix PDO
2) Introduce additional fn_flag that disables method caching
3) Disable method caching for classes with custom get_method handler

I think (2) is the simplest solution that won't make performance degradation. PDO fix would make it faster and reduce memory usage, but it's much more serious task. I just don't have time to do it myself.

[2011-11-08 10:00 UTC] patrickallaert@php.net

If 2) is implemented right now, could 1) be made for a minor version of 5.4 
without breaking the ABI?

[2011-11-08 10:11 UTC] dmitry@php.net

Automatic comment from SVN on behalf of dmitry
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=318907
Log: Fixed bug #60104 (Segmentation Fault in pdo_sqlite when using sqliteCreateFunction())

[2011-11-08 10:11 UTC] dmitry@php.net

-Status: Assigned +Status: Closed

[2011-11-08 10:11 UTC] dmitry@php.net

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

[2012-04-18 09:47 UTC] laruence@php.net

Automatic comment on behalf of dmitry
Revision: http://git.php.net/?p=php-src.git;a=commit;h=e86830273b4fb86a69cdb634a603be8a04e83846
Log: Fixed bug #60104 (Segmentation Fault in pdo_sqlite when using sqliteCreateFunction())

[2012-07-24 23:39 UTC] rasmus@php.net

Automatic comment on behalf of dmitry
Revision: http://git.php.net/?p=php-src.git;a=commit;h=e86830273b4fb86a69cdb634a603be8a04e83846
Log: Fixed bug #60104 (Segmentation Fault in pdo_sqlite when using sqliteCreateFunction())

[2013-11-17 09:35 UTC] laruence@php.net

Automatic comment on behalf of dmitry
Revision: http://git.php.net/?p=php-src.git;a=commit;h=e86830273b4fb86a69cdb634a603be8a04e83846
Log: Fixed bug #60104 (Segmentation Fault in pdo_sqlite when using sqliteCreateFunction())

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Dec 27 08:01:28 2024 UTC