php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #32954 ifx_fetch_row() : SEGV if row has TEXT fields (PHP Apache Module only)
Submitted: 2005-05-05 12:29 UTC Modified: 2005-12-21 21:44 UTC
Votes:9
Avg. Score:4.7 ± 0.7
Reproduced:8 of 9 (88.9%)
Same Version:2 (25.0%)
Same OS:4 (50.0%)
From: andreybl at matrix dot co dot il Assigned: nobbie (profile)
Status: Wont fix Package: Informix related
PHP Version: 5CVS, 4CVS, 6CVS (2005-09-04) OS: Red Hat 3.0 ES
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2005-05-05 12:29 UTC] andreybl at matrix dot co dot il
Description:
------------
Apache version: 1.3.33
Informix server version: IDS 9.40.UC5
Informix SDK version: csdk_informix.2.90

'./configure' '--with-informix=/isoc/informix' '--with-config-file-path=/isoc/apache/conf' '--enable-track-vars' '--with-apache=/isoc/sources/apache' '--without-mysql' 

NOTE: 
The problem occurs in PHP Apache Module ONLY and NOT occurs in PHP CGI.

Description:
Segmentation Fault in httpd when call to the 
ifx_fetch_row() while among the fields to be selected there is a field of type TEXT containing NON-NULL data:

    - In httpd log file (./apache/logs/error_log): 

[Thu May  5 12:02:10 2005] [notice] child pid 20754 exit signal Segmentation fault (11)

    - In browser: 

"The page cannot be displayed"

Seems my BUG is simillar to #8715, which was closed since there was No feedback. So probably the problem in #8715 still persists too.

Please, take care of this report as soon as possible, since it is of Critical severity for me. Actually this stops the whole project.

Thanks,
Andrey


    


Reproduce code:
---------------
$trace = fopen('/tmp/php_bug.txt', 'w+');

$conn_id = ifx_connect('DB', 'USER', 'PASS');
if (!$conn_id)
{
    echo "FAILED TO CONNECT"; die();    
}
fwrite($trace, "after ifx_connect\n"); fflush($trace);

$res_id  = ifx_query('SELECT * FROM registrars where regid = 5', $conn_id);
if (!$res_id)
{
    echo "FAILED TO PREPARE"; echo ifx_getsqlca(); die();
}
fwrite($trace, "after ifx_query\n"); fflush($trace);

$row = ifx_fetch_row($res_id);
fwrite($trace, "after ifx_fetch_row: regid = {$row['regid']}\n"); fflush($trace);

ifx_free_result($res_id);
fwrite($trace, "after ifx_free_result\n"); fflush($trace);

ifx_close($conn_id);
fwrite($trace, "after ifx_close\n"); fflush($trace);

Expected result:
----------------
Hm. I expect the httpd not to crash.

Actual result:
--------------
Here is the backtrace:
Program received signal SIGSEGV, Segmentation fault.
0xb7359e6f in _int_free () from /lib/tls/libc.so.6
(gdb) bt
#0  0xb7359e6f in _int_free () from /lib/tls/libc.so.6
#1  0xb7358e68 in free () from /lib/tls/libc.so.6
#2  0xb7583c3c in ifx_free_sqldata () from /isoc/informix/lib/esql/libifsql.so
#3  0xb7583a80 in sqli_desc_dealloc () from /isoc/informix/lib/esql/libifsql.so
#4  0x080b4a14 in zif_ifx_free_result ()
#5  0x080abca6 in execute ()
#6  0x0809fa5b in zend_execute_scripts ()
#7  0x0808193b in php_execute_script ()
#8  0x080aee8e in apache_php_module_main ()
#9  0x0807a772 in ap_get_server_built ()
#10 0x0807a7dc in ap_get_server_built ()
#11 0x0812e6d3 in ap_invoke_handler ()
#12 0x0814356f in ap_some_auth_required ()
#13 0x081435ce in ap_process_request ()
#14 0x0813a731 in ap_child_terminate ()
#15 0x0813a8d1 in ap_child_terminate ()
#16 0x0813aa37 in ap_child_terminate ()
#17 0x0813b0ee in ap_child_terminate ()
#18 0x0813b90c in main ()
(gdb) qui

In the test program above I fetch only one row. If the TEXT field in the row has NULL value everything's OK and the output in the php_bug.txt file (see the programm) is the following:

after ifx_connect
after ifx_query
after ifx_fetch_row: regid = 3
after ifx_free_result
after ifx_close

i.e. all the functions returned ok.

If the TEXT field in the row has non-NULL data, then the SEGV occurs and the output in the php_bug.txt test file is:
after ifx_connect
after ifx_query
after ifx_fetch_row: regid = 11

i.e. ifx_free_result did not return.

NOTE: if the TEXT-type field is not in the list of the filds to be selected, then everything is OK.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-09-23 15:35 UTC] sniper@php.net
Assigned to the maintainer. Cornelius, if you get this mail, please reply via email to me if you're actually maintaining this extension anymore. (to sniper@php.net)

 [2005-12-21 21:44 UTC] sniper@php.net
There was no feedback from Corne. This means the extension is practically abandoned. However, since IBM nowadays owns informix, you could ask for their support to fix this.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 08:01:28 2024 UTC