php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #10997 Bad SQL query caused SegFault
Submitted: 2001-05-21 14:54 UTC Modified: 2002-04-13 08:30 UTC
From: peter dot valkov at total-graphics dot com Assigned:
Status: Closed Package: OCI8 related
PHP Version: 4.0.5 OS: Linux Mandrake 7.2
Private report: No CVE-ID: None
 [2001-05-21 14:54 UTC] peter dot valkov at total-graphics dot com
After form data is submitted to the script i have up to 3 

header('Location: '.$newPage);

http redirects. In case i hit 3rd page where i have constant defined it is full with garbage !?!?!

define("CONSTANT","value");
if (CONSTANT != "value") die("Why is that?!?");

If i hit this page with same parameters but not from http redirect or using PHP 4.0.4pl1 everything is woking fine.

I can not expose entire script here because is quite big (2000 lines +).

I'm using IE 5.5 SP1.
Linux Mandrake 7.2
PHP 4.0.5 compiled --with-apxs --with-mysql --with-oci8
using egcs-2.91.66
libc-5.3.12
glibc-2.1.3
apache 1.3.14

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-05-23 00:03 UTC] sniper@php.net
Can't reproduce. Please include short scripts and instructions how to reproduce this.

--Jani

 [2001-05-28 06:46 UTC] peter dot valkov at total-graphics dot com
I tryed to reproduce this and here is the script.

I run 2 different SQL statements. First one is wrong (contains invalid table name) and second is correct. If there is an error in SQL statement script is terminated using die(). 

On next page hit after execution of wrong SQL statement i'm getting: 

[notice] child pid 7358 exit signal Segmentation fault (11)

in Apache error_log file and mess in defined constants. 

In the original script there is no wrong SQL statements but somehow i'm getting same result. Obviously the problem is in OCI8 extention not in HTTP redirections.

There is no problems running same script on PHP 4.0.4pl1.

<?php
define("CONSTANT",		"value");
define("MAX_REDIRECTS", 10);

define("LOGIN", 		"scott");
define("PASSWORD", 		"tiger");
define("DB", 			"oracle");

if (CONSTANT != "value") die($hitNo." failed."."<br> <a href='".$SCRIPT_NAME."?hitNo=".$hitNo."'>Click to continue.</a><br>");

$sql[0] = "select * from session_Log where userID=1";
$sql[1] = "select * from sessionLog where userID=1";

$hitNo = $hitNo ? $hitNo+1 : 1;

function ociSelect(&$data) {
	global $sql, $hitNo, $SCRIPT_NAME;
	$conn = ociNLogon(LOGIN, PASSWORD, DB);
	
	if ($stmt = ociParse($conn, $sql[$hitNo % 2])) {
		if (!@ociExecute($stmt,OCI_DEFAULT)) {
			$error = ociError($stmt);
			die($error["message"]."<br> <a href='".$SCRIPT_NAME."?hitNo=".$hitNo."'>Click to continue.</a><br>");
		}
		$nrows = ociFetchStatement($stmt, $data);
		ociFreeStatement($stmt);
	} else die("Cannot parse SQL statement.");
	
	ociCommit($conn);
	ociLogoff($conn);
}

ociSelect($data);
if ($hitNo < MAX_REDIRECTS) {
	header("Location: ".$SCRIPT_NAME."?hitNo=".$hitNo);
	exit;
} else echo $hitNo." HTTP redirects passed ok.<br> <a href='".$SCRIPT_NAME."'>Click to test it again.</a><br>";
?>
 [2001-05-28 07:02 UTC] peter dot valkov at total-graphics dot com
If script is executed on PHP 4.0.4pl1 there is  warning in Apache errof_log file:

Warning:  failed to rollback outstanding transactions!: ORA-24324: service handle not initialized 
 [2001-06-14 15:38 UTC] kalowsky@php.net
reclassified to an OCI bug, as that is what this is...updated Short Desc as well...
 [2002-04-13 08:30 UTC] thies@php.net
this should be fixed some time ago. try  PHP >= 4.1
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Mon Aug 15 01:05:44 2022 UTC