php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #28728 dbx crash causes coredump
Submitted: 2004-06-10 15:29 UTC Modified: 2005-09-14 16:35 UTC
From: steveh at brendata dot co dot uk Assigned:
Status: Wont fix Package: DBX related
PHP Version: 5.0.4 OS: linux 2.4.28
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2004-06-10 15:29 UTC] steveh at brendata dot co dot uk
Description:
------------
I'm still working out the circumstances and removing code to prove what is causing the issue, but at present, both the apache module and the cli php are core dumping with the following backtrace.

Reproduce code:
---------------
This will follow when I find out what's causing the issue.

Expected result:
----------------
No core dump?

Actual result:
--------------
(gdb) bt
#0  0x082066d4 in _zval_ptr_dtor (zval_ptr=0x84e6ef8, __zend_filename=0x823f9c0 "/usr/src/php-4.3.4/ext/dbx/dbx_sybasect.c", 
    __zend_lineno=198) at /usr/src/php-4.3.4/Zend/zend_execute_API.c:289
#1  0x080a4988 in dbx_sybasect_getcolumnname (rv=0xbfff9554, result_handle=0xbfff958c, column_index=0, ht=2, 
    return_value=0x8523434, this_ptr=0x0, return_value_used=1) at /usr/src/php-4.3.4/ext/dbx/dbx_sybasect.c:198
#2  0x0809e751 in switch_dbx_getcolumnname (rv=0xbfff9554, result_handle=0xbfff958c, column_index=0, ht=2, return_value=0x8523434, 
    this_ptr=0x0, return_value_used=1, dbx_module=0x84e5a28) at /usr/src/php-4.3.4/ext/dbx/dbx.c:835
#3  0x0809cd3f in zif_dbx_query (ht=2, return_value=0x8523434, this_ptr=0x0, return_value_used=1)
    at /usr/src/php-4.3.4/ext/dbx/dbx.c:489
#4  0x082243c3 in execute (op_array=0x85070f0) at /usr/src/php-4.3.4/Zend/zend_execute.c:1616
#5  0x082245f6 in execute (op_array=0x851ab00) at /usr/src/php-4.3.4/Zend/zend_execute.c:1660
#6  0x082245f6 in execute (op_array=0x851a470) at /usr/src/php-4.3.4/Zend/zend_execute.c:1660
#7  0x082245f6 in execute (op_array=0x84c93e4) at /usr/src/php-4.3.4/Zend/zend_execute.c:1660
#8  0x08212038 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/php-4.3.4/Zend/zend.c:884
#9  0x081d8c56 in php_execute_script (primary_file=0xbffffb20) at /usr/src/php-4.3.4/main/main.c:1729
#10 0x082341e2 in main (argc=2, argv=0xbffffbc4) at /usr/src/php-4.3.4/sapi/cli/php_cli.c:819
#11 0x4039b657 in __libc_start_main (main=0x8233690 <main>, argc=2, ubp_av=0xbffffbc4, init=0x8078db4 <_init>, 
    fini=0x8239d40 <_fini>, rtld_fini=0x4000dc54 <_dl_fini>, stack_end=0xbffffbbc) at ../sysdeps/generic/libc-start.c:129
(gdb

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-06-11 10:50 UTC] mboeren@php.net
Can you check if using the sybasect ext directly doesn't have this problem?
And can you provide some sample code?
 [2004-06-11 11:14 UTC] steveh at brendata dot co dot uk
Sybasect is fine as we're using it directly in our bug tracking system, this is the only system that uses dbx, producing sample code could be difficult, I'll see if I can strip it down to the really basic parts.
 [2004-06-14 12:16 UTC] steveh at brendata dot co dot uk
Here's code that reproduces the issue along with the definition of the table (the table is currently empty).

<?php

function zsql_query($Sql)
{
$Link=dbx_connect(DBX_SYBASECT, "SALESTRACK", "SalesTracking", "sa", "password", DBX_PERSISTENT);
$Result=dbx_query($Link,$Sql);
dbx_close($Link);
Return $Result;
}

function zdropdown($Variable,$QueryString,$Selected,$ExtraName="",$ExtraValue="",$SortColumn=2)
{
$Ret="";
$Result=zsql_query($QueryString." order by $SortColumn asc");

return $Ret;
}
echo zdropdown("dCM__DefaultInvoice_tblAddressID","select ID,Name from tblAddress",$dCM__DefaultInvoice_tblAddressID," ",-1);
?>

I'm going to run some tests on freetds to make sure this isn't a freetds bug.
 [2004-06-14 12:55 UTC] steveh at brendata dot co dot uk
Ok, I've upgraded freetds to 0.62.4
From the SQL Profiler I can see that the use and the select is being executed on the SQL server.
I've successfully run tests using the tsql utility provided with freetds, I'm now at a bit of a loss as to what else to test, it looks like a fairly basic failure?

The major difference is that this server is sql2000, whereas our production bugs server is sql6.5(!)
 [2005-09-14 13:14 UTC] steveh at brendata dot co dot uk
Still seeing the same issue in 5.0.4, could it be my freetds, I'll try upgrading that, here's teh backtrace:
(gdb) bt
#0  0x0829700b in _zval_ptr_dtor (zval_ptr=0x8919e48, __zend_filename=0x82eade0 "/usr/src/php-5.0.4/ext/dbx/dbx_sybasect.c", 
    __zend_lineno=198) at /usr/src/php-5.0.4/Zend/zend_execute_API.c:390
#1  0x080b958a in dbx_sybasect_getcolumnname (rv=0xbfffc944, result_handle=0xbfffc97c, column_index=0, ht=2, 
    return_value=0x86618d4, this_ptr=0x0, return_value_used=1) at /usr/src/php-5.0.4/ext/dbx/dbx_sybasect.c:198
#2  0x080b3acd in switch_dbx_getcolumnname (rv=0xbfffc944, result_handle=0xbfffc97c, column_index=0, ht=2, return_value=0x86618d4, 
    this_ptr=0x0, return_value_used=1, dbx_module=0x8919188) at /usr/src/php-5.0.4/ext/dbx/dbx.c:915
#3  0x080b1f74 in zif_dbx_query (ht=2, return_value=0x86618d4, this_ptr=0x0, return_value_used=1)
    at /usr/src/php-5.0.4/ext/dbx/dbx.c:492
#4  0x082cb726 in zend_do_fcall_common_helper (execute_data=0xbfffd0b0, opline=0x867b11c, op_array=0x8679850)
    at /usr/src/php-5.0.4/Zend/zend_execute.c:2727
#5  0x082cbd76 in zend_do_fcall_handler (execute_data=0xbfffd0b0, opline=0x867b11c, op_array=0x8679850)
    at /usr/src/php-5.0.4/Zend/zend_execute.c:2859
#6  0x082c8541 in execute (op_array=0x8679850) at /usr/src/php-5.0.4/Zend/zend_execute.c:1406
#7  0x082cb880 in zend_do_fcall_common_helper (execute_data=0xbfffd6b0, opline=0x8613578, op_array=0x860b87c)
    at /usr/src/php-5.0.4/Zend/zend_execute.c:2756
#8  0x082cbc93 in zend_do_fcall_by_name_handler (execute_data=0xbfffd6b0, opline=0x8613578, op_array=0x860b87c)
    at /usr/src/php-5.0.4/Zend/zend_execute.c:2841
#9  0x082c8541 in execute (op_array=0x860b87c) at /usr/src/php-5.0.4/Zend/zend_execute.c:1406
#10 0x082a3bcf in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/php-5.0.4/Zend/zend.c:1069
#11 0x082624f8 in php_execute_script (primary_file=0xbffffab0) at /usr/src/php-5.0.4/main/main.c:1632
#12 0x082dcf24 in main (argc=7, argv=0xbffffb54) at /usr/src/php-5.0.4/sapi/cli/php_cli.c:946
#13 0x405d2657 in __libc_start_main (main=0x82dc3ec <main>, argc=7, ubp_av=0xbffffb54, init=0x808d86c <_init>, 
    fini=0x82e2f80 <_fini>, rtld_fini=0x4000dc54 <_dl_fini>, stack_end=0xbffffb4c) at ../sysdeps/generic/libc-start.c:129
(gdb) 
#0  0x0829700b in _zval_ptr_dtor (zval_ptr=0x8919e48, __zend_filename=0x82eade0 "/usr/src/php-5.0.4/ext/dbx/dbx_sybasect.c", 
    __zend_lineno=198) at /usr/src/php-5.0.4/Zend/zend_execute_API.c:390
#1  0x080b958a in dbx_sybasect_getcolumnname (rv=0xbfffc944, result_handle=0xbfffc97c, column_index=0, ht=2, 
    return_value=0x86618d4, this_ptr=0x0, return_value_used=1) at /usr/src/php-5.0.4/ext/dbx/dbx_sybasect.c:198
#2  0x080b3acd in switch_dbx_getcolumnname (rv=0xbfffc944, result_handle=0xbfffc97c, column_index=0, ht=2, return_value=0x86618d4, 
    this_ptr=0x0, return_value_used=1, dbx_module=0x8919188) at /usr/src/php-5.0.4/ext/dbx/dbx.c:915
#3  0x080b1f74 in zif_dbx_query (ht=2, return_value=0x86618d4, this_ptr=0x0, return_value_used=1)
    at /usr/src/php-5.0.4/ext/dbx/dbx.c:492
#4  0x082cb726 in zend_do_fcall_common_helper (execute_data=0xbfffd0b0, opline=0x867b11c, op_array=0x8679850)
    at /usr/src/php-5.0.4/Zend/zend_execute.c:2727
#5  0x082cbd76 in zend_do_fcall_handler (execute_data=0xbfffd0b0, opline=0x867b11c, op_array=0x8679850)
    at /usr/src/php-5.0.4/Zend/zend_execute.c:2859
#6  0x082c8541 in execute (op_array=0x8679850) at /usr/src/php-5.0.4/Zend/zend_execute.c:1406
#7  0x082cb880 in zend_do_fcall_common_helper (execute_data=0xbfffd6b0, opline=0x8613578, op_array=0x860b87c)
    at /usr/src/php-5.0.4/Zend/zend_execute.c:2756
#8  0x082cbc93 in zend_do_fcall_by_name_handler (execute_data=0xbfffd6b0, opline=0x8613578, op_array=0x860b87c)
    at /usr/src/php-5.0.4/Zend/zend_execute.c:2841
#9  0x082c8541 in execute (op_array=0x860b87c) at /usr/src/php-5.0.4/Zend/zend_execute.c:1406
#10 0x082a3bcf in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/php-5.0.4/Zend/zend.c:1069
#11 0x082624f8 in php_execute_script (primary_file=0xbffffab0) at /usr/src/php-5.0.4/main/main.c:1632
#12 0x082dcf24 in main (argc=7, argv=0xbffffb54) at /usr/src/php-5.0.4/sapi/cli/php_cli.c:946
#13 0x405d2657 in __libc_start_main (main=0x82dc3ec <main>, argc=7, ubp_av=0xbffffb54, init=0x808d86c <_init>, 
    fini=0x82e2f80 <_fini>, rtld_fini=0x4000dc54 <_dl_fini>, stack_end=0xbffffb4c) at ../sysdeps/generic/libc-start.c:129
(gdb)
 [2005-09-14 15:14 UTC] sniper@php.net
Please report bugs in DBX to PECL bug system. (wont fix)

 [2005-09-14 16:35 UTC] mboeren@php.net
Just for the record (the follow-up will continue on pecl)...

The following fixes the crash, but I'm not sure about side-effects so I won't consider it closed yet, which also means that I won't modify the dbx_sybasect.c source in cvs just yet. Feedback appreciated at http://pecl.php.net/bugs/bug.php?id=5398.

Probable fix (verified that it doesn't crash, not tested for side-effects):

Comment out (or remove) line 198 and 235 in dbx_sybasect.c:

198:	zval_ptr_dtor(zv_name); 
235:	zval_ptr_dtor(zv_type); 

If you're using the source from pecl, the linenumbers are 204 and 242, respectively.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sat Apr 20 21:01:25 2019 UTC