php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #41043 pdo_oci crash when freeing error text with persistent connection
Submitted: 2007-04-10 19:29 UTC Modified: 2007-04-10 20:28 UTC
From: bpd at keynetics dot com Assigned:
Status: Closed Package: PDO related
PHP Version: 5.2.1 OS: linux
Private report: No CVE-ID:
 [2007-04-10 19:29 UTC] bpd at keynetics dot com
Description:
------------
A segmentation fault results when the pdo_oci driver receives an error message from the oracle server.

Reproduce code:
---------------
<?php
try {
  $pdo = new PDO("oci:dbname=instance", "bad_user", "bad_pass",
      array(PDO::ATTR_PERSISTENT => true));
} catch (Exception $e) {
  echo "Caught exception: ", $e->getMessage(), "\n";
}


Expected result:
----------------
Caught exception: SQLSTATE[42S02]: pdo_oci_handle_factory: ORA-12154: TNS:could not resolve the connect identifier specified
 (/opt/php/src/ext/pdo_oci/oci_driver.c:462)


Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1235028304 (LWP 19840)]
0xb6920a2f in free () from /lib/tls/i686/cmov/libc.so.6
(gdb) bt
#0  0xb6920a2f in free () from /lib/tls/i686/cmov/libc.so.6
#1  0x08212c8c in oci_handle_closer ()
#2  0x08213db1 in pdo_oci_handle_factory ()
#3  0x082068b1 in zim_PDO_dbh_constructor ()
#4  0x084978b9 in execute_internal ()
#5  0xb6589b51 in xdebug_execute_internal (current_execute_data=0xbfaf1d40,
    return_value_used=0, tsrm_ls=0x87b5038)
    at /tmp/pear/cache/xdebug-2.0.0RC3/xdebug.c:1550
#6  0x0849810f in zend_do_fcall_common_helper_SPEC ()
#7  0x08498f87 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER ()
#8  0x08497bcb in execute ()
#9  0xb6589594 in xdebug_execute (op_array=0xb65f8d84, tsrm_ls=0x87b5038)
    at /tmp/pear/cache/xdebug-2.0.0RC3/xdebug.c:1487
#10 0x08474758 in zend_execute_scripts ()
#11 0x08415e88 in php_execute_script ()
#12 0x084f920e in main ()


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-04-10 19:34 UTC] bpd at keynetics dot com
This patch seems to fix the problem. I think that the pefree() macro is being used incorrectly as the code which populates the einfo.errmsg member is not persistent aware.

--- oci_driver.c.orig   2007-04-10 11:33:52.000000000 -0600
+++ oci_driver.c        2007-04-10 11:33:59.000000000 -0600
@@ -206,7 +206,7 @@
        }

        if (H->einfo.errmsg) {
-               pefree(H->einfo.errmsg, dbh->is_persistent);
+               efree(H->einfo.errmsg);
                H->einfo.errmsg = NULL;
        }
 [2007-04-10 20:28 UTC] tony2001@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 17 01:01:56 2014 UTC