PHP :: Bug #32722 :: OCINewCollection hang after parse error.

Bug #32722	OCINewCollection hang after parse error.
Submitted:	2005-04-15 18:20 UTC	Modified:	2005-05-17 10:31 UTC
From:	fsurleau at skyservices dot net	Assigned:
Status:	Not a bug	Package:	OCI8 related
PHP Version:	4.3.11	OS:	linux
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2005-04-15 18:20 UTC] fsurleau at skyservices dot net

Description:
------------
Using OCI persistant connections, I found the folowing bug :

In case, there is a bug in one of my queries generating a parse error : "ORA-01756: quoted string not properly terminated",
then, the next web request reusing the connection will have an "OCI-21522: attempted to use an invalid connection in OCI (object mode only)" error
at OCINewCollection call.

This bug occurs only if OCINewCollection was never used for the persistant connection.

So a workaround is to call OCINewCollection, immediately after OCIPLogon.

Of course the best is to only have correct SQL requests ;-)

Steps to reproduce the bug :

1- Stop and restart apache to kill all persistant connections.
2- Request for bad_query.php, and write down the PID.
3- Request for collection.php, and write down the PID.

If the PIDs are the same, collection.php will hang with OCI-21522 error.
If the PIDs are not the same, try again.

Now, try again, but run first collection.php :
1- Stop and restart apache to kill all persistant connections.
2- Request for collection.php, and write down the PID.
3- Request for bad_query.php, and write down the PID.

If the PID are the same, now each time you request collection.php, it will not hang for the PID you wrote down.

Regards,
F.SURLEAU


Reproduce code:
---------------
// bad_query.php
<?php
	$cnx = ociPLogon( $user, $pass, $db_name );
	if( ! @ociparse( $cnx, "select sysdate from dual where 'xxxxxx'='xxx\\'xxx'" ) )
	{
		$oerr = OCIError( $cnx );
		echo "Error in statement : ".$oerr['message'] . "<br><br>";
	}
	echo "PID=" . getmypid();
?>

// collection.php
<?php
	$cnx = ociPLogon( $user, $pass, $db_name );
	if( @OCINewCollection( $cnx, "MY_COLLECTION_TYPE" ) )
	{
		$oerr = OCIError( $cnx );
		echo "Error for collection : " . $oerr['message'] . "<br><br>";
	}
	else
	{
		echo "OK for collection .<br><br>";
	}
	echo "PID=" . getmypid();
?>


Expected result:
----------------
ORA-01756: quoted string not properly terminated

Actual result:
--------------
ORA-01756: quoted string not properly terminated
and
OCI-21522: attempted to use an invalid connection in OCI (object mode only)
in some special cases.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-04-18 13:15 UTC] sniper@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip

AFAIK, this might be fixed in PHP 5.1-dev..

[2005-04-18 13:18 UTC] fsurleau at skyservices dot net

Reproduce bad_query.php code is :
$cnx = ociPLogon( $user, $pass, $db_name );
if( ! @ociparse( $cnx, "select sysdate from dual where 'xxxxxx'='xxx\\'xxx'" ) )
{
	$oerr = OCIError( $cnx );
	echo "Error in statement : ".$oerr['message'] . "<br><br>";
}
echo "PID=" . getmypid();


The collection.php code is :
$cnx = ociPLogon( $user, $pass, $db_name );
if( @OCINewCollection( $cnx, "MY_COLLECTION_TYPE" ) )
{
	$oerr = OCIError( $cnx );
	echo "Error for collection : " . $oerr['message'] . "<br><br>";
}
else
{
	echo "OK for collection .<br><br>";
}
echo "PID=" . getmypid();

It was cut at first post...

[2005-04-18 13:19 UTC] fsurleau at skyservices dot net

Sorry, I can't use PHP5.

[2005-04-19 14:27 UTC] tony2001@php.net

Could you please prepare a short reproduce script, which I can copy&paste to reproduce the problem? Those parts of your code with 'xxx' and undeclared variables do not help much. Thanks.

[2005-04-19 14:45 UTC] fsurleau at skyservices dot net

The xxx in the query is juste an example of query with a quote to generate the ORA-01756 error.

You can run the scripts with your own Oracle base replacing $user, $pass, $db_name with your own ids.

[2005-04-20 19:39 UTC] fsurleau at skyservices dot net

A small bug in collection.php :
if( @OCINewCollection( $cnx, "MY_COLLECTION_TYPE" ) )
of course should be :
if( ! @OCINewCollection( $cnx, "MY_COLLECTION_TYPE" ) )

An other thing, this bug occurs with Oracle 9.2 Oci8 client.

With Oracle10g Oci8 or Oracle10g instant client, the problem doesn't occur.

But... I can't use the oracle10g client because of bug #32741.

Maybe this indicates that the bug isn't in PHP's OCI8 API ?
Regards,
Fred.

[2005-05-17 10:31 UTC] sniper@php.net

Yes, amazing but true: Even Oracle has bugs in it!

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 26 09:01:29 2024 UTC