|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #32954 ifx_fetch_row() : SEGV if row has TEXT fields (PHP Apache Module only)
Submitted: 2005-05-05 12:29 UTC Modified: 2005-12-21 21:44 UTC
Avg. Score:4.7 ± 0.7
Reproduced:8 of 9 (88.9%)
Same Version:2 (25.0%)
Same OS:4 (50.0%)
From: andreybl at matrix dot co dot il Assigned: nobbie (profile)
Status: Wont fix Package: Informix related
PHP Version: 5CVS, 4CVS, 6CVS (2005-09-04) OS: Red Hat 3.0 ES
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2005-05-05 12:29 UTC] andreybl at matrix dot co dot il
Apache version: 1.3.33
Informix server version: IDS 9.40.UC5
Informix SDK version: csdk_informix.2.90

'./configure' '--with-informix=/isoc/informix' '--with-config-file-path=/isoc/apache/conf' '--enable-track-vars' '--with-apache=/isoc/sources/apache' '--without-mysql' 

The problem occurs in PHP Apache Module ONLY and NOT occurs in PHP CGI.

Segmentation Fault in httpd when call to the 
ifx_fetch_row() while among the fields to be selected there is a field of type TEXT containing NON-NULL data:

    - In httpd log file (./apache/logs/error_log): 

[Thu May  5 12:02:10 2005] [notice] child pid 20754 exit signal Segmentation fault (11)

    - In browser: 

"The page cannot be displayed"

Seems my BUG is simillar to #8715, which was closed since there was No feedback. So probably the problem in #8715 still persists too.

Please, take care of this report as soon as possible, since it is of Critical severity for me. Actually this stops the whole project.



Reproduce code:
$trace = fopen('/tmp/php_bug.txt', 'w+');

$conn_id = ifx_connect('DB', 'USER', 'PASS');
if (!$conn_id)
    echo "FAILED TO CONNECT"; die();    
fwrite($trace, "after ifx_connect\n"); fflush($trace);

$res_id  = ifx_query('SELECT * FROM registrars where regid = 5', $conn_id);
if (!$res_id)
    echo "FAILED TO PREPARE"; echo ifx_getsqlca(); die();
fwrite($trace, "after ifx_query\n"); fflush($trace);

$row = ifx_fetch_row($res_id);
fwrite($trace, "after ifx_fetch_row: regid = {$row['regid']}\n"); fflush($trace);

fwrite($trace, "after ifx_free_result\n"); fflush($trace);

fwrite($trace, "after ifx_close\n"); fflush($trace);

Expected result:
Hm. I expect the httpd not to crash.

Actual result:
Here is the backtrace:
Program received signal SIGSEGV, Segmentation fault.
0xb7359e6f in _int_free () from /lib/tls/
(gdb) bt
#0  0xb7359e6f in _int_free () from /lib/tls/
#1  0xb7358e68 in free () from /lib/tls/
#2  0xb7583c3c in ifx_free_sqldata () from /isoc/informix/lib/esql/
#3  0xb7583a80 in sqli_desc_dealloc () from /isoc/informix/lib/esql/
#4  0x080b4a14 in zif_ifx_free_result ()
#5  0x080abca6 in execute ()
#6  0x0809fa5b in zend_execute_scripts ()
#7  0x0808193b in php_execute_script ()
#8  0x080aee8e in apache_php_module_main ()
#9  0x0807a772 in ap_get_server_built ()
#10 0x0807a7dc in ap_get_server_built ()
#11 0x0812e6d3 in ap_invoke_handler ()
#12 0x0814356f in ap_some_auth_required ()
#13 0x081435ce in ap_process_request ()
#14 0x0813a731 in ap_child_terminate ()
#15 0x0813a8d1 in ap_child_terminate ()
#16 0x0813aa37 in ap_child_terminate ()
#17 0x0813b0ee in ap_child_terminate ()
#18 0x0813b90c in main ()
(gdb) qui

In the test program above I fetch only one row. If the TEXT field in the row has NULL value everything's OK and the output in the php_bug.txt file (see the programm) is the following:

after ifx_connect
after ifx_query
after ifx_fetch_row: regid = 3
after ifx_free_result
after ifx_close

i.e. all the functions returned ok.

If the TEXT field in the row has non-NULL data, then the SEGV occurs and the output in the php_bug.txt test file is:
after ifx_connect
after ifx_query
after ifx_fetch_row: regid = 11

i.e. ifx_free_result did not return.

NOTE: if the TEXT-type field is not in the list of the filds to be selected, then everything is OK.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2005-09-23 15:35 UTC]
Assigned to the maintainer. Cornelius, if you get this mail, please reply via email to me if you're actually maintaining this extension anymore. (to

 [2005-12-21 21:44 UTC]
There was no feedback from Corne. This means the extension is practically abandoned. However, since IBM nowadays owns informix, you could ask for their support to fix this.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Jul 13 18:01:29 2024 UTC