Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

Works perfectly fine on Linux.

With latest snaps win32 debug pack and 5.1.5-dev this is everything in the Visual Studio .NET 2003 call stack window when the crash happens. This is running the reproduce script from the command line. Hope this helps:

php5ts.dll!zend_do_fcall_common_helper_SPEC(_zend_execute_data * execute_data=0x0012fb88, void * * * tsrm_ls=0x00323ad8)  Line 215 + 0x3
php5ts.dll!ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER(_zend_execute_data * execute_data=0x0012fb88, void * * * tsrm_ls=0x00323ad8)  Line 322 + 0x11
php5ts.dll!execute(_zend_op_array * op_array=0x10008ffd, void * * * tsrm_ls=0x009b0000)  Line 92 + 0xc
ntdll.dll!RtlAllocateHeap()  + 0xe8c	
php5ts.dll!php_execute_script(_zend_file_handle * primary_file=0x009bd268, void * * * tsrm_ls=0x77c5ace0)  Line 1703 + 0xd
00323ac8()	
php.exe!_mainCRTStartup()  + 0xe3	
ntdll.dll!RtlRemoteCall()  + 0x1be	
00000002()

Sorry here is a more complete backtrace (had a couple lines commented out when running it previously):

php5ts.dll!zend_do_fcall_common_helper_SPEC(_zend_execute_data * execute_data=0x0012fb88, void * * * tsrm_ls=0x00322bd0)  Line 215 + 0x3
php5ts.dll!ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER(_zend_execute_data * execute_data=0x0012fb88, void * * * tsrm_ls=0x00322bd0)  Line 322 + 0x11
php5ts.dll!execute(_zend_op_array * op_array=0x10008ffd, void * * * tsrm_ls=0x009b0000)  Line 92 + 0xc
ntdll.dll!77f58a3a()
php5ts.dll!php_execute_script(_zend_file_handle * primary_file=0x00000008, void * * * tsrm_ls=0x00322bd0)  Line 1703 + 0xd
php5ts.dll!php_execute_script(_zend_file_handle * primary_file=0x65736265, void * * * tsrm_ls=0x72657672)  Line 1732 + 0x12
775c7665()
ntdll.dll!77f58a3a()
msvcrt.dll!77c2ac14()
msvcrt.dll!77c2ac19()
msvcrt.dll!77c2ac19()
msvcrt.dll!77c2ac2a()
msvcrt.dll!77c2ac55()
php5ts.dll!_zend_hash_add_or_update(_hashtable * ht=0x100db525, char * arKey=0x0000000b, unsigned int nKeyLength=10208336, void * pData=0x100091e2, unsigned int nDataSize=0, void * * pDest=0x00322bd0, int flag=10208312)  Line 248 + 0x2e
php5ts.dll!zend_register_constant(_zend_constant * c=0x0012ffb0, void * * * tsrm_ls=0x00000000)  Line 322 + 0x27
php.exe!main(int argc=1244888, char * * argv=0x00322bd0)  Line 692 + 0x63
php.exe!main(int argc=2, char * * argv=0x00322bb0)  Line 1093
php.exe!_mainCRTStartup()  + 0xe3
kernel32.dll!77e8141a()
ntdll.dll!77f944a8()

Sorry, I don't see a word about OCI8 in these backtraces.

> Sorry, I don't see a word about OCI8 in these backtraces.

That's all that's there.

However, I've adjusted the reproduce code slightly and oci8 does turn up in the backtrace now:

Reproduce Code
--------------
<?php
$conn = oci_connect('scott', 'tiger', 'xxx') 
            or die('Cannot connect');
$stmt = oci_parse($conn, "select lobdata from lobtest");
oci_execute($stmt);
$lob = oci_fetch_array($stmt,OCI_ASSOC+OCI_RETURN_LOBS); // crash
var_dump($lob);



Backtrace:
php_oci8.dll!php_oci_fetch_row(int ht=2, _zval_struct * return_value=0x009bec98, _zval_struct * * return_value_ptr=0x00000000, _zval_struct * this_ptr=0x00000000, int return_value_used=1, void * * * tsrm_ls=0x00322bd0, int mode=10217840, int expected_args=2)  Line 1678	C
php_oci8.dll!zif_oci_fetch_array(int ht=2, _zval_struct * return_value=0x009bec98, _zval_struct * * return_value_ptr=0x00000000, _zval_struct * this_ptr=0x00000000, int return_value_used=1, void * * * tsrm_ls=0x00322bd0)  Line 1469 + 0x27	C
php5ts.dll!zend_do_fcall_common_helper_SPEC(_zend_execute_data * execute_data=0x0012fb88, void * * * tsrm_ls=0x00322bd0)  Line 200 + 0x35	C
php5ts.dll!ZEND_DO_FCALL_SPEC_CONST_HANDLER(_zend_execute_data * execute_data=0x00000000, void * * * tsrm_ls=0x00322bd0)  Line 1640 + 0xe	C
php5ts.dll!execute(_zend_op_array * op_array=0x10008ffd, void * * * tsrm_ls=0x009b0000)  Line 92 + 0xc	C
ntdll.dll!77f58a3a() 	
php5ts.dll!php_execute_script(_zend_file_handle * primary_file=0x00000008, void * * * tsrm_ls=0x00322bd0)  Line 1703 + 0xd	C
php5ts.dll!php_execute_script(_zend_file_handle * primary_file=0x65736265, void * * * tsrm_ls=0x72657672)  Line 1732 + 0x12	C
775c7665()	
ntdll.dll!77f58a3a() 	
msvcrt.dll!77c2ac14() 	
msvcrt.dll!77c2ac19() 	
msvcrt.dll!77c2ac19() 	
msvcrt.dll!77c2ac2a() 	
msvcrt.dll!77c2ac55() 	
php5ts.dll!_zend_hash_add_or_update(_hashtable * ht=0x100db525, char * arKey=0x0000000b, unsigned int nKeyLength=10208336, void * pData=0x100091e2, unsigned int nDataSize=0, void * * pDest=0x00322bd0, int flag=10208312)  Line 248 + 0x2e	C
php5ts.dll!zend_register_constant(_zend_constant * c=0x0012ffb0, void * * * tsrm_ls=0x00000000)  Line 322 + 0x27	C
php.exe!main(int argc=1244888, char * * argv=0x00322bd0)  Line 692 + 0x63	C
php.exe!main(int argc=2, char * * argv=0x00322bb0)  Line 1093	C
php.exe!_mainCRTStartup()  + 0xe3	
kernel32.dll!77e8141a() 	
ntdll.dll!77f944a8() 	

And now the kicker: changing OCI_ASSOC to OCI_NUM works fine.

Two side notes:

1) Seems to me that any calls to OCI-Lob::xxx() methods in user code will wipe out oci8 from turning up in the call stack window. 

E.g. adjusting reproduce code like:

<code>
oci_execute($stmt);
$lob = oci_fetch_array($stmt,OCI_ASSOC);
var_dump($lob['LOBDATA']->load());
</code>

and no more oci8 in the call stack window

2) Related to bug #37331

I have the same problem. After fix for bug #36934 PHP crashes when reading BFILES with OCI8. 
I receive the same backtrace as crescentfreshpot.
Here is the code to reproduce the bug:

$conn = oci_connect('rtg_owner', 'rtg', $tnsname);
$stmt = oci_parse($conn, "SELECT BFILE FROM IMAGES WHERE  IMAGE_ID = 3872");
oci_execute($stmt);
$row = oci_fetch_assoc($stmt);

$img = $row['BFILE'];
var_dump($img);
$img->read(128); // this line causes a crash
echo $img->tell();

I'm using PHP 5CVS-2006-05-08(snap), Apache 2.0.55 and Oracle Instant Client 10.2.0

on Sun-Solaris the OCI-LOB->load() or OCI-LOB->read(..) returns an string(0) for BLOB's in all cases and on Windows XP makes Apache crash. Seems to be a the same issue with OCILOBRead2?

<?php
oci_internal_debug(1);
$dbh=oci_new_connect("anonymous","huhu","ora2"); 
$rs=oci_parse($dbh,"select WaferImage from prodab.wafermap where maskid=21 and mapno=1");
oci_execute($rs);
$row = oci_fetch_assoc($rs);
$wi=$row['WAFERIMAGE'];
var_dump($wi);
$len=$wi->size();
echo "<br>size=$len";

//$pic=$wi->load();
$pic=$wi->read(100);

echo "<br>after load<br>";


//$row->WaferImage->free();
var_dump( $pic);

?>
OCI8 DEBUG: OCINlsEnvironmentVariableGet at (/usr/local/source/php-5.1.3/ext/oci8/oci8.c:995) 
OCI8 DEBUG: OCIEnvNlsCreate at (/usr/local/source/php-5.1.3/ext/oci8/oci8.c:1151) 
OCI8 DEBUG: OCIHandleAlloc at (/usr/local/source/php-5.1.3/ext/oci8/oci8.c:1176) 
OCI8 DEBUG: OCIServerAttach at (/usr/local/source/php-5.1.3/ext/oci8/oci8.c:1185) 
OCI8 DEBUG: OCIHandleAlloc at (/usr/local/source/php-5.1.3/ext/oci8/oci8.c:1195) 
OCI8 DEBUG: OCIHandleAlloc at (/usr/local/source/php-5.1.3/ext/oci8/oci8.c:1204) 
OCI8 DEBUG: OCIHandleAlloc at (/usr/local/source/php-5.1.3/ext/oci8/oci8.c:1213) 
OCI8 DEBUG: OCIAttrSet at (/usr/local/source/php-5.1.3/ext/oci8/oci8.c:1223) 
OCI8 DEBUG: OCIAttrSet at (/usr/local/source/php-5.1.3/ext/oci8/oci8.c:1234) 
OCI8 DEBUG: OCIAttrSet at (/usr/local/source/php-5.1.3/ext/oci8/oci8.c:1244) 
OCI8 DEBUG: OCIAttrSet at (/usr/local/source/php-5.1.3/ext/oci8/oci8.c:1253) 
OCI8 DEBUG: OCISessionBegin at (/usr/local/source/php-5.1.3/ext/oci8/oci8.c:1284) 
OCI8 DEBUG: OCIHandleAlloc at (/usr/local/source/php-5.1.3/ext/oci8/oci8_statement.c:61) 
OCI8 DEBUG: OCIStmtPrepare2 at (/usr/local/source/php-5.1.3/ext/oci8/oci8_statement.c:65) 
OCI8 DEBUG: OCIAttrSet at (/usr/local/source/php-5.1.3/ext/oci8/oci8_statement.c:119) 
OCI8 DEBUG: OCIAttrSet at (/usr/local/source/php-5.1.3/ext/oci8/oci8_statement.c:128) 
OCI8 DEBUG: OCIAttrGet at (/usr/local/source/php-5.1.3/ext/oci8/oci8_statement.c:297) 
OCI8 DEBUG: OCIStmtExecute at (/usr/local/source/php-5.1.3/ext/oci8/oci8_statement.c:321) 
OCI8 DEBUG: OCIAttrGet at (/usr/local/source/php-5.1.3/ext/oci8/oci8_statement.c:350) 
OCI8 DEBUG: OCIParamGet at (/usr/local/source/php-5.1.3/ext/oci8/oci8_statement.c:372) 
OCI8 DEBUG: OCIAttrGet at (/usr/local/source/php-5.1.3/ext/oci8/oci8_statement.c:381) 
OCI8 DEBUG: OCIAttrGet at (/usr/local/source/php-5.1.3/ext/oci8/oci8_statement.c:391) 
OCI8 DEBUG: OCIAttrGet at (/usr/local/source/php-5.1.3/ext/oci8/oci8_statement.c:404) 
OCI8 DEBUG: OCIAttrGet at (/usr/local/source/php-5.1.3/ext/oci8/oci8_statement.c:414) 
OCI8 DEBUG: OCIAttrGet at (/usr/local/source/php-5.1.3/ext/oci8/oci8_statement.c:424) 
OCI8 DEBUG: OCIDescriptorFree at (/usr/local/source/php-5.1.3/ext/oci8/oci8_statement.c:432) 
OCI8 DEBUG: OCIDescriptorAlloc at (/usr/local/source/php-5.1.3/ext/oci8/oci8_lob.c:73) 
OCI8 DEBUG: OCIDefineByPos at (/usr/local/source/php-5.1.3/ext/oci8/oci8_statement.c:557) 
OCI8 DEBUG: OCIStmtFetch at (/usr/local/source/php-5.1.3/ext/oci8/oci8_statement.c:147) 
object(OCI-Lob)#1 (1) {
  ["descriptor"]=>
  resource(4) of type (oci8 descriptor)
}
OCI8 DEBUG: OCILobGetLength at (/usr/local/source/php-5.1.3/ext/oci8/oci8_lob.c:124) 
<br>size=10902OCI8 DEBUG: OCILobCharSetId at (/usr/local/source/php-5.1.3/ext/oci8/oci8_lob.c:200) 
OCI8 DEBUG: OCILobRead2 at (/usr/local/source/php-5.1.3/ext/oci8/oci8_lob.c:242) 
<br>after load<br>string(0) ""
OCI8 DEBUG: OCIStmtRelease at (/usr/local/source/php-5.1.3/ext/oci8/oci8_statement.c:589) 
OCI8 DEBUG: OCIHandleFree at (/usr/local/source/php-5.1.3/ext/oci8/oci8_statement.c:601) 
OCI8 DEBUG: OCIDescriptorFree at (/usr/local/source/php-5.1.3/ext/oci8/oci8_lob.c:546) 
OCI8 DEBUG: OCISessionEnd at (/usr/local/source/php-5.1.3/ext/oci8/oci8.c:1448) 
OCI8 DEBUG: OCIHandleFree at (/usr/local/source/php-5.1.3/ext/oci8/oci8.c:1452) 
OCI8 DEBUG: OCIServerDetach at (/usr/local/source/php-5.1.3/ext/oci8/oci8.c:1456) 
OCI8 DEBUG: OCIHandleFree at (/usr/local/source/php-5.1.3/ext/oci8/oci8.c:1460) 
OCI8 DEBUG: OCIHandleFree at (/usr/local/source/php-5.1.3/ext/oci8/oci8.c:1464) 
OCI8 DEBUG: OCIHandleFree at (/usr/local/source/php-5.1.3/ext/oci8/oci8.c:1468) 
OCI8 DEBUG: OCIHandleFree at (/usr/local/source/php-5.1.3/ext/oci8/oci8.c:1472)

Same problem on:

- PHP 5.1.4 (ISAPI Server API)
- Windows XP Professional w/SP2
- Bundled IIS

PHP Crashes when trying to load() / read() a CLOB.

built of php_oci8.dll in windows with 
undefined HAVE_OCI_LOB_READ2 works!

Hence the error seems to be related to OCILOBRead2 (>4GB Support).

Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip

Please try next snapshot.
I disabled OCILobRead2() support on windows. 
Unfortunately it seems to be broken there, but working fine on *nix.

Verified, my reproduce code does not crash anymore on windows with latest win32 snap.

Just to confirm, does the non-usage of OCILobRead2 on windows mean that bug #36934 is now present on windows again?

Thanks very much.

No, #36934 was caused by different problem.
This means that there is no Unicode LOBs support for Windows, because the most significant improvement of OCILobRead2() is ability to specify number of _characters_ to read, while OCILobRead() uses bytes everywhere.
Though, this doesn't mean you won't be able to use Unicode LOBs at all, just keep in mind that you're reading bytes.

Marking the report as closed, but I'll try to investigate what's wrong with OCILobRead2() on Windows..