php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #33915 Crash in _oci_close_session
Submitted: 2005-07-29 08:25 UTC Modified: 2005-09-08 11:44 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: jfbustarret at tf1 dot fr Assigned: tony2001 (profile)
Status: Closed Package: OCI8 related
PHP Version: 5CVS-2005-08-02 OS: Linux
Private report: No CVE-ID: None
 [2005-07-29 08:25 UTC] jfbustarret at tf1 dot fr
Description:
------------
Using php 5.0.4, with the oci8 extension from CVS & the oci_ping code activated in _oci_open_server, I have random segfaults on my production servers.

Here is the back trace :
#0  0xb78f3779 in _oci_close_session (session=0x8382a20)
    at /soft/sources/php/php-5.0.4/ext/oci8/oci8.c:2961
2961                    CALL_OCI_RETURN(OCI(error),
(gdb) bt
#0  0xb78f3779 in _oci_close_session (session=0x8382a20)
    at /soft/sources/php/php-5.0.4/ext/oci8/oci8.c:2961
#1  0xb79f0d5e in list_entry_destructor (ptr=0x83590f0)
    at /soft/sources/php/php-5.0.4/Zend/zend_list.c:173
#2  0xb79eef48 in zend_hash_apply_deleter (ht=0xb7a72560, p=0x836a4c8)
    at /soft/sources/php/php-5.0.4/Zend/zend_hash.c:618
#3  0xb79ef227 in zend_hash_graceful_reverse_destroy (ht=0xb7a72560)
    at /soft/sources/php/php-5.0.4/Zend/zend_hash.c:684
#4  0xb79e144a in shutdown_executor ()
    at /soft/sources/php/php-5.0.4/Zend/zend_execute_API.c:284
#5  0xb79e8c86 in zend_deactivate ()
    at /soft/sources/php/php-5.0.4/Zend/zend.c:902
#6  0xb79b544c in php_request_shutdown (dummy=0x0)
[...]
(gdb) print *session
$1 = {num = 137800016, persistent = 0 '\0', is_open = 253 '?',
  exclusive = 49 '1', thread = 8 '\b', sessions_list = 0x0, server = 0x0,
  pSession = 0x0, pEnv = 0x0, charsetId = 0}

I'll try this patch in _oci_close_session :

        if (!session) {
                return;
        }

+        if (!session->server) {
+                return;
+        }

        oci_debug("START _oci_close_session: logging-off sess=%d",session->num);



Reproduce code:
---------------
No reproducing code. The crashes are random & time/traffic dependant.


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-07-29 09:56 UTC] sniper@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip


 [2005-07-29 16:15 UTC] jfbustarret at tf1 dot fr
The bug exists with the CVS version of ext/oci8.
 [2005-07-29 16:21 UTC] tony2001@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc.

If possible, make the script source available online and provide
an URL to it here. Try to avoid embedding huge scripts into the report.


 [2005-08-01 09:52 UTC] jfbustarret at tf1 dot fr
This bug is :
- time dependant,
- load dependant,
- random.

I certainly would not be able to find a piece of code that reproduces the crash.

All I know is that _oci_close_session is called with session->server == NULL and that obviously crashes the function because it assumes that session->server is a valid pointer.
 [2005-08-03 08:51 UTC] jfbustarret at tf1 dot fr
This new patch should be better :

diff -u php-5.0.4-orig/ext/oci8/oci8.c php
-5.0.4/ext/oci8/oci8.c
--- php-5.0.4-orig/ext/oci8/oci8.c        2005-07-27 20:24:40.000000000 +0
200
+++ php-5.0.4/ext/oci8/oci8.c   2005-08-02 09:33:55.000000000 +0200
@@ -2941,7 +2941,7 @@

        oci_debug("START _oci_close_session: logging-off sess=%d",session->num);

-       if (session->is_open) {
+       if (session->pEnv && session->is_open) {
                /* Temporary Service Context */
                CALL_OCI_RETURN(OCI(error),
                        OCIHandleAlloc(
@@ -3032,12 +3032,13 @@

 #ifdef HAVE_OCI_9_2
        /* free environment handle (and fix bug #29652 with growing .msb FD numb
er under weirdie Solarises) */
-       CALL_OCI(
-               OCIHandleFree(
-                               (dvoid *) session->pEnv,
-                               OCI_HTYPE_ENV
-               )
-       );
+       if (session->pEnv)
+               CALL_OCI(
+                       OCIHandleFree(
+                                       (dvoid *) session->pEnv,
+                                       OCI_HTYPE_ENV
+                       )
+               );
 #endif

        if (session->exclusive) {
 [2005-09-08 11:44 UTC] tony2001@php.net
The bug has been fixed in OCI8 v.1.1, which is available in CVS HEAD and PECL (use `pear install oci8-beta` to install it).
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 26 09:01:29 2024 UTC