PHP :: Bug #6561 :: PHP crashes while retrieving data from Oracle

Bug #6561	PHP crashes while retrieving data from Oracle
Submitted:	2000-09-05 16:21 UTC	Modified:	2000-10-19 15:22 UTC
From:	edink at proventum dot net	Assigned:
Status:	Closed	Package:	Reproducible Crash
PHP Version:	4.0.2	OS:	Linux 2.2 (RedHat 6.2)
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	edink at proventum dot net
New email:
PHP Version:		OS:

New Comment:

[2000-09-05 16:21 UTC] edink at proventum dot net

Very hard to reproduce exactly. It happens while retrieving data from an Oracle 8 database. The same code works fine in 4.0.1pl2. The latest CVS (05/09/00) has the same problem.

It happens in the following code segment (please note that it works for some values of $parent while it fails on others):

---------------
    $reply=array();
    $cat=new Category;
    db_select("select * from $BASEDB.CATAGORY where PARENT_ID=$parent order by NAME");
    while (db_fetch_array($row))
      {
        $cat->id=$row["ID"];
        $cat->name=$row["NAME"];
        $cat->parent_id=$row["PARENT_ID"];
        $cat->is_leaf=($row["IS_LEAF"]=="Y"?1:0);
        $cat->custom=0;
        $reply[]=$cat;
      }
---------------
db_select will just do OciParse and then OciExecute, while db_fetch_array wraps OciFetchInto:

function db_fetch_array(&$a)
{
  global $DB_LINK, $STMT;
  $res=@ociFetchInto($STMT, $a, OCI_ASSOC+OCI_RETURN_NULLS+OCI_RETURN_LOBS);
  return $res;
}

Configure:
'./configure' '--enable-track-vars' '--disable-pear' '--with-ttf=/usr' '--with-ftp' '--with-gdbm' '--with-gd=/usr' '--with-oci8=/ora01/app/oracle/product/8.0.5' '--with-regex=system' '--enable-sysvsem' '--enable-sysvshm' '--enable-xml' '--disable-libtool-lock' '--with-apxs=/data/x5/apache/bin/apxs' '--disable-debug'

Backtrace:
(gdb) r -X
Starting program: /data/x5/apache/bin/httpd -X

Program received signal SIGSEGV, Segmentation fault.
0x4026747b in _efree (ptr=0x4034dd8c) at zend_alloc.c:212
212                     REMOVE_POINTER_FROM_LIST(p);
(gdb) bt
#0  0x4026747b in _efree (ptr=0x4034dd8c) at zend_alloc.c:212
#1  0x4027dc72 in _zval_dtor (zvalue=0x81bedcc) at zend_variables.c:62
#2  0x40277b3b in _zval_ptr_dtor (zval_ptr=0x81cfcc0) at zend_execute_API.c:261
#3  0x40281ff4 in zend_hash_destroy (ht=0x81a604c) at zend_hash.c:564
#4  0x4027dc8f in _zval_dtor (zvalue=0x81ceb4c) at zend_variables.c:69
#5  0x40277b3b in _zval_ptr_dtor (zval_ptr=0x81c1ae8) at zend_execute_API.c:261
#6  0x40282094 in zend_hash_clean (ht=0x814b4ec) at zend_hash.c:590
#7  0x4027296c in execute (op_array=0x814b004) at ./zend_execute.c:1575
#8  0x4027eed0 in zend_execute_scripts (type=8, file_count=3) at zend.c:713
#9  0x4028e272 in php_execute_script (primary_file=0xbffff854) at main.c:1178
#10 0x4028aed9 in apache_php_module_main (r=0x8131eec, display_source_mode=0) at sapi_apache.c:89
#11 0x4028b79b in send_php (r=0x8131eec, display_source_mode=0, filename=0x0) at mod_php4.c:503
#12 0x4028b7cc in send_parsed_php (r=0x8131eec) at mod_php4.c:514
#13 0x80542e3 in ap_invoke_handler ()
#14 0x8067819 in process_request_internal ()
#15 0x806787c in ap_process_request ()
#16 0x805f11e in child_main ()
#17 0x805f2ac in make_child ()
#18 0x805f409 in startup_children ()
#19 0x805fa36 in standalone_main ()
#20 0x80601c3 in main ()
#21 0x400ba9cb in __libc_start_main (main=0x805fe7c <main>, argc=2, argv=0xbffffa14, init=0x804e870 <_init>,
    fini=0x809419c <_fini>, rtld_fini=0x4000ae60 <_dl_fini>, stack_end=0xbffffa0c)
    at ../sysdeps/generic/libc-start.c:92

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2000-10-02 19:31 UTC] edink at proventum dot net

Still does not work with the newest release. But I have some more info. The table that I'm trying to get the data from has the following structure:

Column Name                    Null?    Type
------------------------------ -------- ----
ID                             NOT NULL NUMBER(20)
NAME                                    VARCHAR2(60)
PARENT_ID                               NUMBER(20)
IS_LEAF                                 VARCHAR2(1)
CAT_NO                                  NUMBER(5)
TREE_LEVEL                              NUMBER(2)
CATNO_PATH                              VARCHAR2(100)
NAME_PATH                               VARCHAR2(350)
ID_PATH                                 VARCHAR2(100)
CAT_COMMENT                             CLOB(4000)
RESL_COMMENT                            CLOB(4000)
SORTNUM                                 NUMBER(10)

Now the crach occurs when while doing (after parsing select * from category where parent_id=2:

$res=@ociFetchInto($STMT, $a, OCI_ASSOC+OCI_RETURN_NULLS+OCI_RETURN_LOBS);

It only crashes when the OCI_RETURN_LOBS flag is set. Works fine otherwise. The wierd part is that it only crashes for some IDs and not for others. The backtrace that I get when run against the latest cvs (2000-10-02) is:

Program received signal SIGSEGV, Segmentation fault.
0x2ac8136b in do_end_function_declaration (function_token=0x2ae2b8d4)
    at zend_compile.c:771
771             CG(active_op_array) = function_token->u.op_array;
#0  0x2ac8136b in do_end_function_declaration (function_token=0x2ae2b8d4)
    at zend_compile.c:771
#1  0x2ad2c494 in yy_state_buf () from /data/ebizzext/apache/libexec/libphp4.so
#2  0x2aca4e42 in add_assoc_unset (arg=0x8170ce4, key=0x2ad2c494 "?\203\f")
    at zend_API.c:246
#3  0x2ac9e21b in get_binary_op (opcode=136069104) at zend_opcode.c:397
#4  0x2aca92a4 in zend_if_strncmp (ht=136314156, return_value=0x2ad2c494,
    this_ptr=0x81b08b8, return_value_used=2147473912)
    at zend_builtin_functions.c:257
#5  0x2aca4e5f in add_assoc_unset (arg=0x81b1504, key=0x2ad2c494 "?\203\f")
    at zend_API.c:247
#6  0x2ac9e21b in get_binary_op (opcode=135989432) at zend_opcode.c:397
#7  0x2aca9344 in zend_if_strncmp (ht=135559724, return_value=0x7fffda20,
    this_ptr=0x817cf5c, return_value_used=0) at zend_builtin_functions.c:258
#8  0x2ac93f72 in execute (op_array=0x81780b4) at ./zend_execute.c:329
#9  0x2aca60b0 in add_property_stringl (arg=0x8,
    key=0x3 <Address 0x3 out of bounds>, str=0x0, length=2147481588,
    duplicate=0) at zend_API.c:682
#10 0x2acb5191 in yyunput (c=2147481588, yy_bp=0x2ad2c494 "?\203\f")
    at configuration-scanner.c:1297
#11 0x2acb1d39 in php_error_cb (type=135468092, error_filename=0x0,
    error_lineno=135468092,
    format=0x813143c "\024\024\023\b\004\004\023\b?4\021\b", args=0x2ad16f1c)
    at main.c:390
#12 0x2acb260b in php_module_startup (sf=0x813143c) at main.c:773
#13 0x2acb263c in php_module_startup (sf=0x813143c) at main.c:810
#14 0x8054313 in ap_invoke_handler ()
#15 0x8067849 in ap_some_auth_required ()
#16 0x80678ac in ap_process_request ()
#17 0x805f14e in ap_child_terminate ()  
#18 0x805f2dc in ap_child_terminate ()
#19 0x805f439 in ap_child_terminate ()
#20 0x805fa66 in ap_child_terminate ()
#21 0x80601f3 in main ()
#22 0x2ab3f9cb in __libc_start_main (main=0x805feac <main>, argc=2,
    argv=0x7ffff9b4, init=0x804e894 <_init>, fini=0x80941cc <_fini>,
    rtld_fini=0x2aab5e60 <_dl_fini>, stack_end=0x7ffff9ac)
    at ../sysdeps/generic/libc-start.c:92

[2000-10-19 15:22 UTC] edink at proventum dot net

Fixed in 4.0.3

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Mon Oct 27 18:00:01 2025 UTC