php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #43340 Segmentation fault after executing the same proc twice
Submitted: 2007-11-20 03:16 UTC Modified: 2007-12-11 20:42 UTC
Votes:4
Avg. Score:4.8 ± 0.4
Reproduced:4 of 4 (100.0%)
Same Version:2 (50.0%)
Same OS:2 (50.0%)
From: marplatense at ubuntu dot com Assigned:
Status: Not a bug Package: OCI8 related
PHP Version: 5.2.5 OS: Centos 4 64 bits
Private report: No CVE-ID: None
 [2007-11-20 03:16 UTC] marplatense at ubuntu dot com
Description:
------------
Bug related to http://bugs.php.net/bug.php?id=37471 and http://bugs.php.net/bug.php?id=38173 but with version 5.2.5 (the other two are closed but we can reproduce the error every time we run 
the test case with the latest stable release)


1- My php configuration:
./configure --prefix=/opt/php/php5.2.5 --exec-prefix=/opt/php/php5.2.5 --with-config-file-path=etc/httpd/conf.d --with-libdir=lib64 --with-gd --with-zlib=/usr --with-xmlrpc --with-oci8=/opt/oracle/orase/oracle/product/10.2.0/db_1 --with-apxs2=/usr/sbin/apxs --enable-sigchild --with-ttf=/usr/lib64 --enable-gd-native-ttf --enable-gd-imgstrttf --enable-gd-native-ttf --with-ttf-dir=/usr/local/lib --with-freetype-dir=/opt/freetype --with-zlib-dir=/usr/local/lib --with-png-dir=/usr/local/lib --with-jpeg-dir=/usr/local/lib --with-imap=/opt/imap-2006d.DEV.SNAP-0611201609/ --with-imap-ssl --with-mysql=/usr/bin --enable-mbstring --with-iconv --with-zlib --enable-sockets --disable-cgi --enable-debug

2- My apache version:
# ./apachectl -v
Server version: Apache/2.0.52
Server built:   Jul 14 2007 11:50:35

3- My php version
# ./php -v
PHP 5.2.5 (cli) (built: Nov 19 2007 19:10:59) (DEBUG)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies




Reproduce code:
---------------
1- The pl/sql script used for this example:
 create or replace procedure test_lookup(p_out out sys_refcursor)
 is
 begin
   open p_out for
    select 1,2,3 from dual;
 end;
/
 create or replace procedure test_lookup2(p_out out sys_refcursor)
 is
 begin
   open p_out for
    select 1,2,3 from dual;
 end;
/

2- the php script:
<?php
        oci_internal_debug(true);
        $conn=OCILogon(user, password, database);
        $out=oci_new_cursor($conn);
        $s=oci_parse($conn, "begin test_lookup(:b3); end;");
        oci_bind_by_name($s, ":b3",     $out    ,-1, OCI_B_CURSOR);
        oci_execute($s, OCI_DEFAULT);
        oci_execute($out);
        while (OCIFetchInto($out,$data)) {
               echo $data[0];
                        }
        OCIFreeCursor($out);
        OCIFreeStatement($s);

// do it again

        $out=oci_new_cursor($conn);
        $s=oci_parse($conn, "begin test_lookup(:b3); end;");
        //running with this test_lookup2 line instead of test_lookup works perfectly
        //$s=oci_parse($conn, "begin test_lookup2(:b3); end;");
        oci_bind_by_name($s, ":b3",     $out    ,-1, OCI_B_CURSOR);
        oci_execute($s, OCI_DEFAULT);
        oci_execute($out);
        while (OCIFetchInto($out,$data)) {
               echo $data[0];
                        }
        OCIFreeCursor($out);
?>


Expected result:
----------------
We expect the right output from procedure "test_lookup".


Actual result:
--------------
1- We get a segmentation fault in the apache's error log:
[Mon Nov 19 18:50:19 2007] [notice] child pid 29774 exit signal Segmentation fault (11)

2- this is what we get with oci_internal_debug:
# ./php -c /etc/httpd/conf.d/php.ini test.php 
OCI8 DEBUG: OCINlsEnvironmentVariableGet at (/opt/downloads/php-5.2.5/ext/oci8/oci8.c:1067) 
OCI8 DEBUG: OCIEnvNlsCreate at (/opt/downloads/php-5.2.5/ext/oci8/oci8.c:1223) 
OCI8 DEBUG: OCIHandleAlloc at (/opt/downloads/php-5.2.5/ext/oci8/oci8.c:1252) 
OCI8 DEBUG: OCIServerAttach at (/opt/downloads/php-5.2.5/ext/oci8/oci8.c:1261) 
OCI8 DEBUG: OCIHandleAlloc at (/opt/downloads/php-5.2.5/ext/oci8/oci8.c:1271) 
OCI8 DEBUG: OCIHandleAlloc at (/opt/downloads/php-5.2.5/ext/oci8/oci8.c:1280) 
OCI8 DEBUG: OCIHandleAlloc at (/opt/downloads/php-5.2.5/ext/oci8/oci8.c:1289) 
OCI8 DEBUG: OCIAttrSet at (/opt/downloads/php-5.2.5/ext/oci8/oci8.c:1299) 
OCI8 DEBUG: OCIAttrSet at (/opt/downloads/php-5.2.5/ext/oci8/oci8.c:1310) 
OCI8 DEBUG: OCIAttrSet at (/opt/downloads/php-5.2.5/ext/oci8/oci8.c:1320) 
OCI8 DEBUG: OCIAttrSet at (/opt/downloads/php-5.2.5/ext/oci8/oci8.c:1329) 
OCI8 DEBUG: OCISessionBegin at (/opt/downloads/php-5.2.5/ext/oci8/oci8.c:1360) 
OCI8 DEBUG: OCIAttrSet at (/opt/downloads/php-5.2.5/ext/oci8/oci8.c:1393) 
OCI8 DEBUG: OCIHandleAlloc at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:55) 
OCI8 DEBUG: OCIHandleAlloc at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:61) 
OCI8 DEBUG: OCIAttrSet at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:135) 
OCI8 DEBUG: OCIAttrSet at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:144) 
OCI8 DEBUG: OCIHandleAlloc at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:61) 
OCI8 DEBUG: OCIStmtPrepare2 at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:77) 
OCI8 DEBUG: OCIAttrSet at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:135) 
OCI8 DEBUG: OCIAttrSet at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:144) 
OCI8 DEBUG: OCIBindByName at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:1050) 
OCI8 DEBUG: OCIBindDynamic at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:1068) 
OCI8 DEBUG: OCIAttrGet at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:418) 
OCI8 DEBUG: OCIStmtExecute at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:442) 
OCI8 DEBUG: OCIAttrGet at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:418) 
OCI8 DEBUG: OCIAttrGet at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:471) 
OCI8 DEBUG: OCIParamGet at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:491) 
OCI8 DEBUG: OCIAttrGet at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:500) 
OCI8 DEBUG: OCIAttrGet at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:510) 
OCI8 DEBUG: OCIAttrGet at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:520) 
OCI8 DEBUG: OCIAttrGet at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:530) 
OCI8 DEBUG: OCIAttrGet at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:543) 
OCI8 DEBUG: OCIAttrGet at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:553) 
OCI8 DEBUG: OCIAttrGet at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:563) 
OCI8 DEBUG: OCIDescriptorFree at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:571) 
OCI8 DEBUG: OCIDefineByPos at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:694) 
OCI8 DEBUG: OCIParamGet at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:491) 
OCI8 DEBUG: OCIAttrGet at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:500) 
OCI8 DEBUG: OCIAttrGet at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:510) 
OCI8 DEBUG: OCIAttrGet at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:520) 
OCI8 DEBUG: OCIAttrGet at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:530) 
OCI8 DEBUG: OCIAttrGet at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:543) 
OCI8 DEBUG: OCIAttrGet at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:553) 
OCI8 DEBUG: OCIAttrGet at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:563) 
OCI8 DEBUG: OCIDescriptorFree at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:571) 
OCI8 DEBUG: OCIDefineByPos at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:694) 
OCI8 DEBUG: OCIParamGet at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:491) 
OCI8 DEBUG: OCIAttrGet at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:500) 
OCI8 DEBUG: OCIAttrGet at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:510) 
OCI8 DEBUG: OCIAttrGet at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:520) 
OCI8 DEBUG: OCIAttrGet at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:530) 
OCI8 DEBUG: OCIAttrGet at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:543) 
OCI8 DEBUG: OCIAttrGet at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:553) 
OCI8 DEBUG: OCIAttrGet at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:563) 
OCI8 DEBUG: OCIDescriptorFree at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:571) 
OCI8 DEBUG: OCIDefineByPos at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:694) 
OCI8 DEBUG: OCIStmtFetch at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:168) 
1OCI8 DEBUG: OCIStmtFetch at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:168) 
OCI8 DEBUG: OCIHandleFree at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:748) 
OCI8 DEBUG: OCIHandleFree at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:757) 
OCI8 DEBUG: OCIStmtRelease at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:746) 
OCI8 DEBUG: OCIHandleFree at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:757) 
OCI8 DEBUG: OCIHandleAlloc at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:55) 
OCI8 DEBUG: OCIHandleAlloc at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:61) 
OCI8 DEBUG: OCIAttrSet at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:135) 
OCI8 DEBUG: OCIAttrSet at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:144) 
OCI8 DEBUG: OCIHandleAlloc at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:61) 
OCI8 DEBUG: OCIStmtPrepare2 at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:77) 
OCI8 DEBUG: OCIAttrSet at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:135) 
OCI8 DEBUG: OCIAttrSet at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:144) 
OCI8 DEBUG: OCIBindByName at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:1050) 
OCI8 DEBUG: OCIBindDynamic at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:1068) 
OCI8 DEBUG: OCIAttrGet at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:418) 
OCI8 DEBUG: OCIStmtExecute at (/opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:442) 
Violaci?n de segmento

Where "Violaci?n de segmento" stands for "Segmentation fault" (in spanish)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-11-20 13:44 UTC] iliaa@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.


 [2007-11-20 19:11 UTC] marplatense at ubuntu dot com
Hi, thanks for your quick answer.
Here's what I got after following the traceback's instructions.
Hope there's enough information for you to work on this. Let me know if you need anything else.

(gdb) bt
#0  0x0000002a9b609f8b in kpufGetRcvInfo () from /opt/oracle/orase/oracle/product/10.2.0/db_1/lib/libclntsh.so.10.1
#1  0x0000002a9b82b508 in ttcacr () from /opt/oracle/orase/oracle/product/10.2.0/db_1/lib/libclntsh.so.10.1
#2  0x0000002a9b8303f4 in ttcdrv () from /opt/oracle/orase/oracle/product/10.2.0/db_1/lib/libclntsh.so.10.1
#3  0x0000002a9b70b7b8 in nioqwa () from /opt/oracle/orase/oracle/product/10.2.0/db_1/lib/libclntsh.so.10.1
#4  0x0000002a9b53ca5f in upirtrc () from /opt/oracle/orase/oracle/product/10.2.0/db_1/lib/libclntsh.so.10.1
#5  0x0000002a9b4a5fa3 in kpurcsc () from /opt/oracle/orase/oracle/product/10.2.0/db_1/lib/libclntsh.so.10.1
#6  0x0000002a9b4549df in kpuexecv8 () from /opt/oracle/orase/oracle/product/10.2.0/db_1/lib/libclntsh.so.10.1
#7  0x0000002a9b4525c3 in kpuexec () from /opt/oracle/orase/oracle/product/10.2.0/db_1/lib/libclntsh.so.10.1
#8  0x0000002a9b500937 in OCIStmtExecute () from /opt/oracle/orase/oracle/product/10.2.0/db_1/lib/libclntsh.so.10.1
#9  0x0000002a9a1f8d25 in php_oci_statement_execute (statement=0x2a9cd276f0, mode=0)
    at /opt/downloads/php-5.2.5/ext/oci8/oci8_statement.c:442
#10 0x0000002a9a202f39 in zif_oci_execute (ht=2, return_value=0x2a9cd26e38, return_value_ptr=0x0, this_ptr=0x0, 
    return_value_used=0) at /opt/downloads/php-5.2.5/ext/oci8/oci8_interface.c:1302
#11 0x0000002a9a439abc in zend_do_fcall_common_helper_SPEC (execute_data=0x7fbfffcd40)
    at /opt/downloads/php-5.2.5/Zend/zend_vm_execute.h:200
#12 0x0000002a9a43f769 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0x7fbfffcd40)
    at /opt/downloads/php-5.2.5/Zend/zend_vm_execute.h:1681
#13 0x0000002a9a439554 in execute (op_array=0x2a9cd26558) at /opt/downloads/php-5.2.5/Zend/zend_vm_execute.h:92
#14 0x0000002a9a411690 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /opt/downloads/php-5.2.5/Zend/zend.c:1134
#15 0x0000002a9a3b70af in php_execute_script (primary_file=0x7fbffff280) at /opt/downloads/php-5.2.5/main/main.c:2004
#16 0x0000002a9a48c2d4 in php_handler (r=0x552ae5a618) at /opt/downloads/php-5.2.5/sapi/apache2handler/sapi_apache2.c:631
#17 0x000000552aac79f3 in ap_run_handler () from /usr/sbin/httpd
#18 0x000000552aac7eb1 in ap_invoke_handler () from /usr/sbin/httpd
#19 0x000000552aac4cb8 in ap_process_request () from /usr/sbin/httpd
#20 0x000000552aac0089 in _start () from /usr/sbin/httpd
#21 0x000000552aad1693 in ap_run_process_connection () from /usr/sbin/httpd
#22 0x000000552aac5b20 in ap_graceful_stop_signalled () from /usr/sbin/httpd
#23 0x000000552aac5dbd in ap_graceful_stop_signalled () from /usr/sbin/httpd
#24 0x000000552aac5ea4 in ap_graceful_stop_signalled () from /usr/sbin/httpd
#25 0x000000552aac65db in ap_mpm_run () from /usr/sbin/httpd
#26 0x000000552aacccef in main () from /usr/sbin/httpd
 [2007-12-03 15:05 UTC] christian at elmerot dot se
Reverting the following patch fixed the segfault for us on executing the same page twice. Might be worth trying to see if it fixes your issue too

--- main.c	2007/09/21 14:12:52	1.640.2.23.2.56
+++ main.c	2007/09/24 11:53:40	1.640.2.23.2.57
@@ -18,7 +18,7 @@
    +----------------------------------------------------------------------+
 */
 
-/* $Id: main.c,v 1.640.2.23.2.56 2007/09/21 14:12:52 tony2001 Exp $ */
+/* $Id: main.c,v 1.640.2.23.2.57 2007/09/24 11:53:40 dmitry Exp $ */
 
 /* {{{ includes
  */
@@ -1298,6 +1298,8 @@
 	} zend_catch {
 		retval = FAILURE;
 	} zend_end_try();
+
+	SG(sapi_started) = 1;
 
 	return retval;
 }
 [2007-12-03 15:53 UTC] marplatense at ubuntu dot com
Christian, thanks for your input.
I will give it a try and let you guys know the results.

Regards.
 [2007-12-05 13:42 UTC] michael dot virnstein at brodos dot de
The fix didn't work for me. I also have filed the bug (Bug #43449), because haven't found this one.
The problem doesn't occure when you run a page two times. It occures  when you try to call a PL/SQL-Function which returns a ref cursor more than once in a PHP-script. See bug Bug #43449 for more details.
 [2007-12-05 14:11 UTC] marplatense at ubuntu dot com
Hi Michael, I read your bug and I can confirm this bug does not exist in php 5.2.3 (we're using that version while we wait for a fix).
We too agree that the problem is related to a double execution of a procedure returning a ref cursor (at least that's how we could reproduce it).
I couldn't find time to test Christian's suggestion to see if it works for me but I will try to do it asap.
 [2007-12-11 20:03 UTC] sixd@php.net
I reproduced the crash.  The quick fix was to change the PL/SQL package so the cursor is IN OUT instead of just OUT.
 [2007-12-11 20:42 UTC] sixd@php.net
Please do not submit the same bug more than once. An existing
bug report already describes this very problem. Even if you feel
that your issue is somewhat different, the resolution is likely
to be the same. 

Thank you for your interest in PHP.


+-----------------------------------------------------------------
| After looking at the testcases, I'm going to close this bug as
| a duplicate of http://bugs.php.net/bug.php?id=42841
+-----------------------------------------------------------------
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 26 23:01:28 2024 UTC