PHP :: Bug #37331 :: oci_fetch_array makes Apache2 crash

Bug #37331

oci_fetch_array makes Apache2 crash

Submitted:

2006-05-05 16:50 UTC

Modified:

2006-05-09 22:00 UTC

Votes:	2
Avg. Score:	5.0 ± 0.0
Reproduced:	2 of 2 (100.0%)
Same Version:	2 (100.0%)
Same OS:	2 (100.0%)

From:

jarismar_silva at adplabs dot com dot br

Assigned:

Status:

Closed

Package:

OCI8 related

PHP Version:

5.1.4

OS:

Windows XP Professional SP2

Private report:

CVE-ID:

None

View Add Comment Developer Edit

[2006-05-05 16:50 UTC] jarismar_silva at adplabs dot com dot br

Description:
------------
Trying to load data from table with CLOB column using oci_fetch_array with combined values for mode, causes apache2 crash.

Reproduce code:
---------------
<?php
$conn = oci_connect(<user>, <password>, <db>);

$sSQL = "SELECT xml_data
         FROM   integrationvalue
         WHERE  imd_id   = 1
         AND  ilv_code = 0612400006652";

$stmt = oci_parse($conn, $sSQL);

oci_execute($stmt);

var_dump($stmt); // show valid resource id

$row = oci_fetch_array($stmt, OCI_ASSOC | OCI_RETURN_LOBS); // <--- crash here

echo '<pre>';
print_r($row);
echo '</pre>';
?>

Expected result:
----------------
Must show the $stmt resource id on var_dump and and some string data into the $row array.

Actual result:
--------------
My Machine is an P4 Dual core cpu (hyper threading) 2.8 Ghz, 2 Gb Ram. The database is Oracle 10g. I'm using php_oci8.dll.

The apache log says:
Parent: child process exited with status 3221225477 -- Restarting.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-05-05 17:20 UTC] jarismar_silva at adplabs dot com dot br

The same problem ocurr into linux server (for the same snipped code initiali posted).
Apache error_log says:
 child pid 3294 exit signal Segmentation fault (11)

The server is Suse Linux 2.6.5-7.244-smp
The php configure command whas:
'./configure' '--with-apxs2=/usr/local/apache2/bin/apxs' '--disable-debug' '--disable-ipv6' '--enable-force-cgi-redirect' '--with-zlib' '--enable-track-vars' '--enable-sigchild' '--with-tsrm-pthreads' '--without-mysql' '--with-oci8=/opt/oracle/product/10gR1' '--disable-rpath' '--enable-memory-limit' '--enable-inline-optimization' '--enable-xml' '--with-gd' '--with-jpeg-dir=/usr' '--enable-gd-native-ttf' '--with-mcrypt' '--with-mhash' '--with-curl'

[2006-05-05 17:55 UTC] jarismar_silva at adplabs dot com dot br

Following is the sctructure of table used into the command showed on initial code.

CREATE TABLE INTEGRATIONVALUE (
  IMD_ID NUMBER(6) NOT NULL,
  ILV_CODE VARCHAR2(40) NOT NULL,
  XML_DATA CLOB,
)

[2006-05-05 18:47 UTC] mike@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

[2006-05-06 00:21 UTC] jarismar_silva at adplabs dot com dot br

Here is the backtrace, hope be usefull:

>	php_oci8.dll!php_oci_fetch_row(int ht=2, _zval_struct * return_value=0x054dca68, _zval_struct * * return_value_ptr=0x00000000, _zval_struct * this_ptr=0x00000000, int return_value_used=1, void * * * tsrm_ls=0x0147ef80, int mode=88994928, int expected_args=2)  Line 1678	C
 	php_oci8.dll!zif_oci_fetch_array(int ht=2, _zval_struct * return_value=0x054dca68, _zval_struct * * return_value_ptr=0x00000000, _zval_struct * this_ptr=0x00000000, int return_value_used=1, void * * * tsrm_ls=0x0147ef80)  Line 1469 + 0x27 bytes	C
 	php5ts.dll!zend_do_fcall_common_helper_SPEC(_zend_execute_data * execute_data=0x0520fb48, void * * * tsrm_ls=0x0147ef80)  Line 200 + 0x35 bytes	C
 	php5ts.dll!ZEND_DO_FCALL_SPEC_CONST_HANDLER(_zend_execute_data * execute_data=0x00000000, void * * * tsrm_ls=0x0147ef80)  Line 1640 + 0xe bytes	C
 	php5ts.dll!execute(_zend_op_array * op_array=0x0520fbf4, void * * * tsrm_ls=0x0520fc58)  Line 92 + 0xc bytes	C
 	kernel32.dll!7c80a1e7() 	
 	[Frames below may be incorrect and/or missing, no symbols loaded for kernel32.dll]	
 	ntdll.dll!7c9106eb() 	
 	msvcrt.dll!77c0c3c9() 	
 	ntdll.dll!7c91056d() 	
 	msvcrt.dll!77c0c2de() 	
 	php5ts.dll!virtual_chdir(const char * path=0x0520fc20, void * * * tsrm_ls=0x0147ef80)  Line 622 + 0x21 bytes	C
 	php5ts.dll!virtual_chdir_file(const char * path=0x0520fdb0, int (const char *, void * * *)* p_chdir=0x0147ef80, void * * * tsrm_ls=0x0520feb8)  Line 653 + 0xc bytes	C
 	php5ts.dll!zend_fetch_property_address_read_helper_SPEC_CV_CONST(int type=6600912, _zend_execute_data * execute_data=0x00000000, void * * * tsrm_ls=0x0064b8d0)  Line 20633 + 0x10b bytes	C
 	msvcrt.dll!77c262a1() 	
 	php_mbstring.dll!OnUpdate_mbstring_internal_encoding(_zend_ini_entry * entry=0x006c8ffd, char * new_value=0x054d0000, unsigned int new_value_length=1, void * mh_arg1=0x00000018, void * mh_arg2=0x00000000, void * mh_arg3=0x00000004, int stage=7107376, void * * * tsrm_ls=0x00ce0718)  Line 647 + 0x1e bytes	C
 	ntdll.dll!7c9106eb() 	
 	php5ts.dll!_safe_emalloc(unsigned int nmemb=1, unsigned int size=25, unsigned int offset=21491584)  Line 237 + 0x8 bytes	C
 	php_mbstring.dll!zm_activate_mbstring(int type=1, int module_number=30, void * * * tsrm_ls=0x0147ef80)  Line 979 + 0x10 bytes	C
 	php5ts.dll!module_registry_request_startup(_zend_module_entry * module=0x006928a0, void * * * tsrm_ls=0x0147ef80)  Line 1835 + 0x11 bytes	C
 	php5ts.dll!zend_hash_apply(_hashtable * ht=0x0520ffa4, int (void *, void * * *)* apply_func=0x00000000, void * * * tsrm_ls=0x56433230)  Line 666 + 0x7 bytes	C
 	php5apache2.dll!php_handler(request_rec * r=0x0077bce0)  Line 535 + 0x5f bytes	C
 	php5ts.dll!php_stream_open_for_zend(const char * filename=0x0147cfc8, _zend_file_handle * handle=0x01479018, void * * * tsrm_ls=0x0147cfc8)  Line 918	C
 	libhttpd.dll!6ff0155f() 	
 	libhttpd.dll!6ff018a9() 	
 	libhttpd.dll!6ff0d7fc() 	
 	libhttpd.dll!6ff096e6() 	
 	libhttpd.dll!6ff0412f() 	
 	libhttpd.dll!6ff04382() 	
 	libhttpd.dll!6ff1c0da() 	
 	msvcrt.dll!77c1a3b0() 	
 	kernel32.dll!7c80b50b() 	
 	kernel32.dll!7c8399f3()

[2006-05-06 09:23 UTC] tony2001@php.net

I cannot reproduce it.
Please generate GDB backtrace on Linux.

[2006-05-06 15:26 UTC] jarismar_silva at adplabs dot com dot br

Many thanks for this fast answer. I make a mistake. My linux server is really running PHP 5.1.2 not 5.1.4, as I spected. But, the bug with 5.1.4 really occurs in windows.

My linux server with 5.1.2 is crashing in another part of the application (I'm still not sure about the exactly reason, but seems to be on a call to oci_execute, following is the backtrace on php 5.1.2). I will upgrade to 5.1.4 and look if the bug really occurs on Linux. Real sorry for this mistake. In the future I will see the backtrace before contacting you.

Program received signal SIGSEGV, Segmentation fault.
0x40b8d42f in kpufGetRcvInfo () from /opt/oracle/product/10gR1/lib/libclntsh.so.10.1
(gdb) bt
#0  0x40b8d42f in kpufGetRcvInfo () from /opt/oracle/product/10gR1/lib/libclntsh.so.10.1
#1  0x40e6836f in ttcacr () from /opt/oracle/product/10gR1/lib/libclntsh.so.10.1
#2  0x40e63fff in ttcdrv () from /opt/oracle/product/10gR1/lib/libclntsh.so.10.1
#3  0x40d04289 in nioqwa () from /opt/oracle/product/10gR1/lib/libclntsh.so.10.1
#4  0x40adc296 in upirtrc () from /opt/oracle/product/10gR1/lib/libclntsh.so.10.1
#5  0x40b8c041 in kpurcsc () from /opt/oracle/product/10gR1/lib/libclntsh.so.10.1
#6  0x40bc7e87 in kpuexecv8 () from /opt/oracle/product/10gR1/lib/libclntsh.so.10.1
#7  0x40bc9a62 in kpuexec () from /opt/oracle/product/10gR1/lib/libclntsh.so.10.1
#8  0x40ad615e in OCIStmtExecute () from /opt/oracle/product/10gR1/lib/libclntsh.so.10.1
#9  0x405a47c4 in php_oci_statement_execute (statement=0x9828808, mode=159549480)
    at /usr/src/php-5.1.2/ext/oci8/oci8_statement.c:321
#10 0x405a848a in zif_oci_execute (ht=2, return_value=0x9c4f724, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1)
    at /usr/src/php-5.1.2/ext/oci8/oci8_interface.c:1276
#11 0x406f9acf in zend_do_fcall_common_helper_SPEC (execute_data=0xbfff30f0) at zend_vm_execute.h:192
#12 0x40743769 in execute (op_array=0x89aaa7c) at zend_vm_execute.h:92
#13 0x406f9626 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfff33f0) at zend_vm_execute.h:226
#14 0x40743769 in execute (op_array=0x899b99c) at zend_vm_execute.h:92
#15 0x406f9626 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfff4060) at zend_vm_execute.h:226
#16 0x40743769 in execute (op_array=0x89b09cc) at zend_vm_execute.h:92
#17 0x406f9626 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfff4790) at zend_vm_execute.h:226
#18 0x40743769 in execute (op_array=0x898e084) at zend_vm_execute.h:92
#19 0x406f9626 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfff4c50) at zend_vm_execute.h:226
#20 0x40743769 in execute (op_array=0x89aec54) at zend_vm_execute.h:92
#21 0x406f9626 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfff4d60) at zend_vm_execute.h:226
#22 0x40743769 in execute (op_array=0x89ef87c) at zend_vm_execute.h:92
#23 0x406f9626 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfff5010) at zend_vm_execute.h:226
#24 0x40743769 in execute (op_array=0x90245c4) at zend_vm_execute.h:92
#25 0x406f9626 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfff51d0) at zend_vm_execute.h:226
#26 0x40743769 in execute (op_array=0x901ad54) at zend_vm_execute.h:92
#27 0x406f9626 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfff5770) at zend_vm_execute.h:226
#28 0x40743769 in execute (op_array=0x9151a04) at zend_vm_execute.h:92
#29 0x406f9626 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfff5bf0) at zend_vm_execute.h:226
#30 0x40743769 in execute (op_array=0x9156b5c) at zend_vm_execute.h:92
#31 0x406f9626 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfff6220) at zend_vm_execute.h:226
#32 0x40743769 in execute (op_array=0x8bec9d4) at zend_vm_execute.h:92
#33 0x406f9626 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfff6550) at zend_vm_execute.h:226
#34 0x40743769 in execute (op_array=0x8b768e4) at zend_vm_execute.h:92
#35 0x406f9626 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfffa9b0) at zend_vm_execute.h:226
#36 0x40743769 in execute (op_array=0x82f8dd8) at zend_vm_execute.h:92
#37 0x406d70bd in zend_call_function (fci=0xbfffaad0, fci_cache=0x0) at /usr/src/php-5.1.2/Zend/zend_execute_API.c:907
#38 0x406d7f58 in call_user_function_ex (function_table=0x0, object_pp=0x0, function_name=0x0, retval_ptr_ptr=0x0,
    param_count=0, params=0x0, no_separation=0, symbol_table=0x0) at /usr/src/php-5.1.2/Zend/zend_execute_API.c:571
#39 0x40652564 in zif_call_user_func_array (ht=2, return_value=0x8990584, return_value_ptr=0x0, this_ptr=0x0,
    return_value_used=1) at /usr/src/php-5.1.2/ext/standard/basic_functions.c:2148
#40 0x406f9acf in zend_do_fcall_common_helper_SPEC (execute_data=0xbfffbbe0) at zend_vm_execute.h:192
#41 0x40743769 in execute (op_array=0x82f3144) at zend_vm_execute.h:92
#42 0x406f9626 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfffc150) at zend_vm_execute.h:226
#43 0x40743769 in execute (op_array=0x82f12dc) at zend_vm_execute.h:92
#44 0x406f9626 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfffcc70) at zend_vm_execute.h:226
#45 0x40743769 in execute (op_array=0x82e7404) at zend_vm_execute.h:92
#46 0x406df8ef in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/php-5.1.2/Zend/zend.c:1101
#47 0x406a9e0e in php_execute_script (primary_file=0xbfffefc0) at /usr/src/php-5.1.2/main/main.c:1720
#48 0x4074427f in php_handler (r=0x82c9ce0) at /usr/src/php-5.1.2/sapi/apache2handler/sapi_apache2.c:584
#49 0x080b036b in ap_run_handler ()
#50 0x082cacf8 in ?? ()
#51 0x00000000 in ?? ()
#52 0x082cacc8 in ?? ()
#53 0x00000003 in ?? ()
#54 0x08102d10 in ?? ()
#55 0x00000000 in ?? ()
#56 0x00000000 in ?? ()
#57 0x082c9ce0 in ?? ()
#58 0x0817a368 in ?? ()
#59 0xbffff128 in ?? ()
#60 0x080b2ce5 in ap_invoke_handler ()

[2006-05-06 21:29 UTC] tony2001@php.net

Well, your reproduce code doesn't cause any problems here, so I still need a reproduce code to investigate it.

[2006-05-06 23:00 UTC] crescentfreshpot at yahoo dot com

1) On 5.1.4 I can verify your code crashes on win xp.

2) On 5.1.4 changing OCI_ASSOC to OCI_NUM does not seg fault php

3) THe reason for the crash on 5.1.2 might be related to resources not automatically freeing. In your reproduce code add a oci_free_statement($stmt); before the end of script and no more crash. Again, only needed with 5.1.2.

[2006-05-09 22:00 UTC] jarismar_silva at adplabs dot com dot br

I have upgraded my Linux Server to PHP 5.1.4. This solved my problems with seg faults on the server.

On windows my code still crashes apache, usign OCI_ASSOC | OCI_RETURN_LOB (with or without oci_free_statement ), using OCI_NUM solved the problem.

So I would like to say thanks everybody. This product kicks ass !!

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Apr 25 17:01:29 2024 UTC