php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #43449 Segmentation Fault when calling PL/SQL-function wich returns ref cursor
Submitted: 2007-11-29 14:54 UTC Modified: 2008-01-30 18:51 UTC
Votes:23
Avg. Score:5.0 ± 0.0
Reproduced:20 of 20 (100.0%)
Same Version:17 (85.0%)
Same OS:15 (75.0%)
From: michael dot virnstein at brodos dot de Assigned:
Status: Not a bug Package: OCI8 related
PHP Version: 5.2.5 OS: Linux
Private report: No CVE-ID:
 [2007-11-29 14:54 UTC] michael dot virnstein at brodos dot de
Description:
------------
PHP: since 5.2.4
Apache: 2.2.6
Oracle DB: 10.2.0.3.0
Oracle-Client: 10.2.0.3
OS: Linux

When i'm calling a PL/SQL-function, which returns a ref cursor, more than once, php segfaults. When i call the PL/SQL-function only once, everything works. 
 
The bug is present since PHP 5.2.4, which introduced OCI 1.2.4

Create the following Oracle-package:

create or replace package testpackage 
is
  type cursortype is ref Cursor;
  
  function testcursor return cursortype;

end testpackage;
/

create or replace package body testpackage 
is
   function testcursor return cursortype
   is
      retCursor cursorType;
   begin
      Open retCursor For 'select * from dual';
      return retCursor;
   end;
end testpackage;
/

Reproduce code:
---------------
<?php
$conn =  ocilogon('user', 'pass', 'db');

for ($i = 0; $i < 2; $i++)
{
    var_dump(getCur($conn));
}

function getCur($conn)
{   
    
    $cur = OCINewCursor($conn);
    $stmt = ociparse($conn, 'begin :cur := testpackage.testcursor; end;');
    ocibindbyname($stmt, ':cur', $cur, -1, OCI_B_CURSOR);
    ociexecute($stmt, OCI_DEFAULT); // <-- segfault 
    ociexecute($cur, OCI_DEFAULT);
    
    $ret = array();
    
    while (ocifetchinto($cur, $row, OCI_ASSOC))
        $ret[] = $row;
    
    ocifreestatement($cur);
    ocifreestatement($stmt);
    return $ret;
}

?>

Expected result:
----------------
display var_dump result

Actual result:
--------------
apache segmentation fault

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-12-05 14:16 UTC] michael dot virnstein at brodos dot de
here's the backtrace:

#0  0xb674607d in kpurclr () from /opt/oracle10/product/10/lib/libclntsh.so.10.1
#1  0xb6adade7 in kpcxc2r () from /opt/oracle10/product/10/lib/libclntsh.so.10.1
#2  0xb6b304d4 in ttcrs2c () from /opt/oracle10/product/10/lib/libclntsh.so.10.1
#3  0xb6b3ee97 in ttcacr () from /opt/oracle10/product/10/lib/libclntsh.so.10.1
#4  0xb6acd5e2 in ttcdrv () from /opt/oracle10/product/10/lib/libclntsh.so.10.1
#5  0xb69b3ec5 in nioqwa () from /opt/oracle10/product/10/lib/libclntsh.so.10.1
#6  0xb6821d97 in upirtrc () from /opt/oracle10/product/10/lib/libclntsh.so.10.1
#7  0xb6797a36 in kpurcsc () from /opt/oracle10/product/10/lib/libclntsh.so.10.1
#8  0xb674e057 in kpuexecv8 () from /opt/oracle10/product/10/lib/libclntsh.so.10.1
#9  0xb674f40a in kpuexec () from /opt/oracle10/product/10/lib/libclntsh.so.10.1
#10 0xb6826902 in OCIStmtExecute () from /opt/oracle10/product/10/lib/libclntsh.so.10.1
#11 0xb7711ac8 in php_oci_statement_execute (statement=0xb5f039b0, mode=0) at /usr/local/src/php-5.2.5/ext/oci8/oci8_statement.c:442
#12 0xb771bbe9 in zif_oci_execute (ht=2, return_value=0xb159ab84, return_value_ptr=0x0, this_ptr=0x0, return_value_used=0)
    at /usr/local/src/php-5.2.5/ext/oci8/oci8_interface.c:1302
#13 0xb79914cc in zend_do_fcall_common_helper_SPEC (execute_data=0xbf8ee464) at /usr/local/src/php-5.2.5/Zend/zend_vm_execute.h:200
#14 0xb7996d96 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xbf8ee464) at /usr/local/src/php-5.2.5/Zend/zend_vm_execute.h:1681
#15 0xb799102d in execute (op_array=0x83d2398) at /usr/local/src/php-5.2.5/Zend/zend_vm_execute.h:92
#16 0xb7991646 in zend_do_fcall_common_helper_SPEC (execute_data=0xbf8ee854) at /usr/local/src/php-5.2.5/Zend/zend_vm_execute.h:234
#17 0xb7996d96 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xbf8ee854) at /usr/local/src/php-5.2.5/Zend/zend_vm_execute.h:1681
#18 0xb799102d in execute (op_array=0x83dd000) at /usr/local/src/php-5.2.5/Zend/zend_vm_execute.h:92
#19 0xb795ee86 in zend_call_function (fci=0xbf8eea24, fci_cache=0x0) at /usr/local/src/php-5.2.5/Zend/zend_execute_API.c:990
#20 0xb795d86c in call_user_function_ex (function_table=0x820aa58, object_pp=0x0, function_name=0xb14c613c, retval_ptr_ptr=0xbf8eea78,
    param_count=3, params=0xb14f4af4, no_separation=0, symbol_table=0x0) at /usr/local/src/php-5.2.5/Zend/zend_execute_API.c:617
#21 0xb78895f1 in zif_call_user_func_array (ht=2, return_value=0xb14c9e24, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1)
    at /usr/local/src/php-5.2.5/ext/standard/basic_functions.c:5153
#22 0xb79914cc in zend_do_fcall_common_helper_SPEC (execute_data=0xbf8f1844) at /usr/local/src/php-5.2.5/Zend/zend_vm_execute.h:200
#23 0xb7996d96 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xbf8f1844) at /usr/local/src/php-5.2.5/Zend/zend_vm_execute.h:1681
#24 0xb799102d in execute (op_array=0xb15efce4) at /usr/local/src/php-5.2.5/Zend/zend_vm_execute.h:92
#25 0xb799df9e in ZEND_INCLUDE_OR_EVAL_SPEC_TMP_HANDLER (execute_data=0xbf8f3a64) at /usr/local/src/php-5.2.5/Zend/zend_vm_execute.h:4614
#26 0xb799102d in execute (op_array=0xb14d0c0c) at /usr/local/src/php-5.2.5/Zend/zend_vm_execute.h:92
#27 0xb799df9e in ZEND_INCLUDE_OR_EVAL_SPEC_TMP_HANDLER (execute_data=0xbf8f6b04) at /usr/local/src/php-5.2.5/Zend/zend_vm_execute.h:4614
#28 0xb799102d in execute (op_array=0xb1570818) at /usr/local/src/php-5.2.5/Zend/zend_vm_execute.h:92
#29 0xb7997ba5 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER (execute_data=0xbf8f8244) at /usr/local/src/php-5.2.5/Zend/zend_vm_execute.h:2039
#30 0xb799102d in execute (op_array=0xb16ef2e4) at /usr/local/src/php-5.2.5/Zend/zend_vm_execute.h:92
#31 0xb79a76f5 in ZEND_INCLUDE_OR_EVAL_SPEC_VAR_HANDLER (execute_data=0xbf8fc154) at /usr/local/src/php-5.2.5/Zend/zend_vm_execute.h:7761
#32 0xb799102d in execute (op_array=0xb5f2eff0) at /usr/local/src/php-5.2.5/Zend/zend_vm_execute.h:92
#33 0xb79cf5d0 in ZEND_INCLUDE_OR_EVAL_SPEC_CV_HANDLER (execute_data=0xbf8fcd64) at /usr/local/src/php-5.2.5/Zend/zend_vm_execute.h:19833
#34 0xb799102d in execute (op_array=0xb600ac80) at /usr/local/src/php-5.2.5/Zend/zend_vm_execute.h:92
#35 0xb7991646 in zend_do_fcall_common_helper_SPEC (execute_data=0xbf8fd254) at /usr/local/src/php-5.2.5/Zend/zend_vm_execute.h:234
#36 0xb7992119 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbf8fd254) at /usr/local/src/php-5.2.5/Zend/zend_vm_execute.h:322
#37 0xb799102d in execute (op_array=0xb600caf4) at /usr/local/src/php-5.2.5/Zend/zend_vm_execute.h:92
---Type <return> to continue, or q <return> to quit---
#38 0xb7991646 in zend_do_fcall_common_helper_SPEC (execute_data=0xbf8fdef4) at /usr/local/src/php-5.2.5/Zend/zend_vm_execute.h:234
#39 0xb7992119 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbf8fdef4) at /usr/local/src/php-5.2.5/Zend/zend_vm_execute.h:322
#40 0xb799102d in execute (op_array=0xb6031aa4) at /usr/local/src/php-5.2.5/Zend/zend_vm_execute.h:92
#41 0xb7991646 in zend_do_fcall_common_helper_SPEC (execute_data=0xbf8fe7b4) at /usr/local/src/php-5.2.5/Zend/zend_vm_execute.h:234
#42 0xb7992119 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbf8fe7b4) at /usr/local/src/php-5.2.5/Zend/zend_vm_execute.h:322
#43 0xb799102d in execute (op_array=0xb60350c4) at /usr/local/src/php-5.2.5/Zend/zend_vm_execute.h:92
#44 0xb7991646 in zend_do_fcall_common_helper_SPEC (execute_data=0xbf900124) at /usr/local/src/php-5.2.5/Zend/zend_vm_execute.h:234
#45 0xb7992119 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbf900124) at /usr/local/src/php-5.2.5/Zend/zend_vm_execute.h:322
#46 0xb799102d in execute (op_array=0x833ac90) at /usr/local/src/php-5.2.5/Zend/zend_vm_execute.h:92
#47 0xb796c29f in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/local/src/php-5.2.5/Zend/zend.c:1134
#48 0xb791a947 in php_execute_script (primary_file=0xbf902464) at /usr/local/src/php-5.2.5/main/main.c:2004
#49 0xb79e5b0b in php_handler (r=0x82fde10) at /usr/local/src/php-5.2.5/sapi/apache2handler/sapi_apache2.c:631
#50 0x0807adf9 in ap_run_handler ()
#51 0x0807df57 in ap_invoke_handler ()
#52 0x080c6088 in ap_process_request ()
#53 0x080c338b in ap_process_http_connection ()
#54 0x08081d09 in ap_run_process_connection ()
#55 0x080df640 in child_main ()
#56 0x080df8a8 in make_child ()
#57 0x080e0645 in ap_mpm_run ()
#58 0x08068bce in main ()
 [2007-12-05 16:25 UTC] michael dot virnstein at brodos dot de
This was the backtrace of another php-script, that's causing the same error. Here's the backtrace of the script containing the reporduce code:

#0  0xb6aec13d in kghmkfree () from /opt/oracle10/product/10/lib/libclntsh.so.10.1
#1  0xb6af31df in kghaddex () from /opt/oracle10/product/10/lib/libclntsh.so.10.1
#2  0xb6af5096 in kghgex () from /opt/oracle10/product/10/lib/libclntsh.so.10.1
#3  0xb6af7a5a in kghfnd () from /opt/oracle10/product/10/lib/libclntsh.so.10.1
#4  0xb6af7f99 in kghprmalo () from /opt/oracle10/product/10/lib/libclntsh.so.10.1
#5  0xb6afa12c in kghalp () from /opt/oracle10/product/10/lib/libclntsh.so.10.1
#6  0xb6b03c48 in kghmrk () from /opt/oracle10/product/10/lib/libclntsh.so.10.1
#7  0xb66dba9f in kpuhhmrk () from /opt/oracle10/product/10/lib/libclntsh.so.10.1
#8  0xb66e209c in kpurclr () from /opt/oracle10/product/10/lib/libclntsh.so.10.1
#9  0xb6a76de7 in kpcxc2r () from /opt/oracle10/product/10/lib/libclntsh.so.10.1
#10 0xb6acc4d4 in ttcrs2c () from /opt/oracle10/product/10/lib/libclntsh.so.10.1
#11 0xb6adae97 in ttcacr () from /opt/oracle10/product/10/lib/libclntsh.so.10.1
#12 0xb6a695e2 in ttcdrv () from /opt/oracle10/product/10/lib/libclntsh.so.10.1
#13 0xb694fec5 in nioqwa () from /opt/oracle10/product/10/lib/libclntsh.so.10.1
#14 0xb67bdd97 in upirtrc () from /opt/oracle10/product/10/lib/libclntsh.so.10.1
#15 0xb6733a36 in kpurcsc () from /opt/oracle10/product/10/lib/libclntsh.so.10.1
#16 0xb66ea057 in kpuexecv8 () from /opt/oracle10/product/10/lib/libclntsh.so.10.1
#17 0xb66eb40a in kpuexec () from /opt/oracle10/product/10/lib/libclntsh.so.10.1
#18 0xb67c2902 in OCIStmtExecute () from /opt/oracle10/product/10/lib/libclntsh.so.10.1
#19 0xb76adac8 in php_oci_statement_execute (statement=0xb5fa4880, mode=0) at /usr/local/src/php-5.2.5/ext/oci8/oci8_statement.c:442
#20 0xb76b7be9 in zif_oci_execute (ht=2, return_value=0xb5fa9470, return_value_ptr=0x0, this_ptr=0x0, return_value_used=0)
    at /usr/local/src/php-5.2.5/ext/oci8/oci8_interface.c:1302
#21 0xb792d4cc in zend_do_fcall_common_helper_SPEC (execute_data=0xbf7fd6b4) at /usr/local/src/php-5.2.5/Zend/zend_vm_execute.h:200
#22 0xb7932d96 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xbf7fd6b4) at /usr/local/src/php-5.2.5/Zend/zend_vm_execute.h:1681
#23 0xb792d02d in execute (op_array=0x8308038) at /usr/local/src/php-5.2.5/Zend/zend_vm_execute.h:92
#24 0xb792d646 in zend_do_fcall_common_helper_SPEC (execute_data=0xbf7fd894) at /usr/local/src/php-5.2.5/Zend/zend_vm_execute.h:234
#25 0xb792e119 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbf7fd894) at /usr/local/src/php-5.2.5/Zend/zend_vm_execute.h:322
#26 0xb792d02d in execute (op_array=0xb5fa458c) at /usr/local/src/php-5.2.5/Zend/zend_vm_execute.h:92
#27 0xb790829f in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/local/src/php-5.2.5/Zend/zend.c:1134
#28 0xb78b6947 in php_execute_script (primary_file=0xbf7ffbd4) at /usr/local/src/php-5.2.5/main/main.c:2004
#29 0xb7981b0b in php_handler (r=0x82fde30) at /usr/local/src/php-5.2.5/sapi/apache2handler/sapi_apache2.c:631
#30 0x0807adf9 in ap_run_handler ()
#31 0x0807df57 in ap_invoke_handler ()
#32 0x080c6088 in ap_process_request ()
#33 0x080c338b in ap_process_http_connection ()
#34 0x08081d09 in ap_run_process_connection ()
#35 0x080df640 in child_main ()
#36 0x080df8a8 in make_child ()
#37 0x080e0645 in ap_mpm_run ()
#38 0x08068bce in main ()
 [2008-01-09 19:25 UTC] sixd@php.net
I can reproduce it with PHP 5.2.5 but there is no crash using OCI8 1.3.0 Beta (from PECL).
 [2008-01-19 12:20 UTC] jdolecek at NetBSD dot org
I experience the same problem (PHP crash after executing PL/SQL function returning ref cursor via oci8 extension) with PHP 5.2.5 (cli) on Windows.
 [2008-01-30 18:51 UTC] sixd@php.net
Please do not submit the same bug more than once. An existing
bug report already describes this very problem. Even if you feel
that your issue is somewhat different, the resolution is likely
to be the same. 

Thank you for your interest in PHP.


+------------------------------------------------------------
| This turns out to be a duplicate of
| http://bugs.php.net/bug.php?id=42841 See that bug for the workaround
| and code fix.
------------------------------------------------------------

 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sun Apr 20 10:02:06 2014 UTC