PHP :: Bug #33915 :: Crash in _oci_close

Bug #33915

Crash in _oci_close_session

Submitted:

2005-07-29 08:25 UTC

Modified:

2005-09-08 11:44 UTC

Votes:	2
Avg. Score:	5.0 ± 0.0
Reproduced:	2 of 2 (100.0%)
Same Version:	0 (0.0%)
Same OS:	0 (0.0%)

From:

jfbustarret at tf1 dot fr

Assigned:

tony2001 (profile)

Status:

Closed

Package:

OCI8 related

PHP Version:

5CVS-2005-08-02

OS:

Linux

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !

Your email address: MUST BE VALID
Solve the problem: 35 - 28 = ?
Subscribe to this entry?

[2005-07-29 08:25 UTC] jfbustarret at tf1 dot fr

Description:
------------
Using php 5.0.4, with the oci8 extension from CVS & the oci_ping code activated in _oci_open_server, I have random segfaults on my production servers.

Here is the back trace :
#0  0xb78f3779 in _oci_close_session (session=0x8382a20)
    at /soft/sources/php/php-5.0.4/ext/oci8/oci8.c:2961
2961                    CALL_OCI_RETURN(OCI(error),
(gdb) bt
#0  0xb78f3779 in _oci_close_session (session=0x8382a20)
    at /soft/sources/php/php-5.0.4/ext/oci8/oci8.c:2961
#1  0xb79f0d5e in list_entry_destructor (ptr=0x83590f0)
    at /soft/sources/php/php-5.0.4/Zend/zend_list.c:173
#2  0xb79eef48 in zend_hash_apply_deleter (ht=0xb7a72560, p=0x836a4c8)
    at /soft/sources/php/php-5.0.4/Zend/zend_hash.c:618
#3  0xb79ef227 in zend_hash_graceful_reverse_destroy (ht=0xb7a72560)
    at /soft/sources/php/php-5.0.4/Zend/zend_hash.c:684
#4  0xb79e144a in shutdown_executor ()
    at /soft/sources/php/php-5.0.4/Zend/zend_execute_API.c:284
#5  0xb79e8c86 in zend_deactivate ()
    at /soft/sources/php/php-5.0.4/Zend/zend.c:902
#6  0xb79b544c in php_request_shutdown (dummy=0x0)
[...]
(gdb) print *session
$1 = {num = 137800016, persistent = 0 '\0', is_open = 253 '?',
  exclusive = 49 '1', thread = 8 '\b', sessions_list = 0x0, server = 0x0,
  pSession = 0x0, pEnv = 0x0, charsetId = 0}

I'll try this patch in _oci_close_session :

        if (!session) {
                return;
        }

+        if (!session->server) {
+                return;
+        }

        oci_debug("START _oci_close_session: logging-off sess=%d",session->num);



Reproduce code:
---------------
No reproducing code. The crashes are random & time/traffic dependant.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-07-29 09:56 UTC] sniper@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip

[2005-07-29 16:15 UTC] jfbustarret at tf1 dot fr

The bug exists with the CVS version of ext/oci8.

[2005-07-29 16:21 UTC] tony2001@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc.

If possible, make the script source available online and provide
an URL to it here. Try to avoid embedding huge scripts into the report.

[2005-08-01 09:52 UTC] jfbustarret at tf1 dot fr

This bug is :
- time dependant,
- load dependant,
- random.

I certainly would not be able to find a piece of code that reproduces the crash.

All I know is that _oci_close_session is called with session->server == NULL and that obviously crashes the function because it assumes that session->server is a valid pointer.

[2005-08-03 08:51 UTC] jfbustarret at tf1 dot fr

This new patch should be better :

diff -u php-5.0.4-orig/ext/oci8/oci8.c php
-5.0.4/ext/oci8/oci8.c
--- php-5.0.4-orig/ext/oci8/oci8.c        2005-07-27 20:24:40.000000000 +0
200
+++ php-5.0.4/ext/oci8/oci8.c   2005-08-02 09:33:55.000000000 +0200
@@ -2941,7 +2941,7 @@

        oci_debug("START _oci_close_session: logging-off sess=%d",session->num);

-       if (session->is_open) {
+       if (session->pEnv && session->is_open) {
                /* Temporary Service Context */
                CALL_OCI_RETURN(OCI(error),
                        OCIHandleAlloc(
@@ -3032,12 +3032,13 @@

 #ifdef HAVE_OCI_9_2
        /* free environment handle (and fix bug #29652 with growing .msb FD numb
er under weirdie Solarises) */
-       CALL_OCI(
-               OCIHandleFree(
-                               (dvoid *) session->pEnv,
-                               OCI_HTYPE_ENV
-               )
-       );
+       if (session->pEnv)
+               CALL_OCI(
+                       OCIHandleFree(
+                                       (dvoid *) session->pEnv,
+                                       OCI_HTYPE_ENV
+                       )
+               );
 #endif

        if (session->exclusive) {

[2005-09-08 11:44 UTC] tony2001@php.net

The bug has been fixed in OCI8 v.1.1, which is available in CVS HEAD and PECL (use `pear install oci8-beta` to install it).

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Apr 18 20:01:30 2024 UTC