php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #44008 Incorrect use of OCI-Lob->close() causes crash
Submitted: 2008-01-31 21:42 UTC Modified: 2008-02-26 00:24 UTC
From: christopher dot jones at oracle dot com Assigned: sixd
Status: Closed Package: OCI8 related
PHP Version: 5.3CVS-2008-01-31 (snap) OS: n/a
Private report: No CVE-ID:
 [2008-01-31 21:42 UTC] christopher dot jones at oracle dot com
Description:
------------
Incorrect use of OCI-Lob->close() can cause a crash.  The crash is
ultimately due to Oracle bug 6786812 and is related to thread
handling.

It reproduces with PHP 5.3 (after DRCP support was added). It is
likely to reproduce in threaded builds of PHP 5.x on Windows.

There is a code workaround below, but because this might add to the
roundtrip count in the general case, I'd like to investigate other
solutions.

--- oci8_lob.c	24 Jan 2008 14:09:36 -0000	1.7.2.6.2.14.2.3
+++ oci8_lob.c	31 Jan 2008 21:27:10 -0000
@@ -570,13 +570,17 @@
int php_oci_lob_close (php_oci_descriptor *descriptor TSRMLS_DC)
{
php_oci_connection *connection = descriptor->connection;
-	
-	PHP_OCI_CALL_RETURN(connection->errcode, OCILobClose, (connection->svc, connection->err, descriptor->descriptor));
+	boolean flag = 0;
 
-	if (connection->errcode != OCI_SUCCESS) {
-		php_oci_error(connection->err, connection->errcode TSRMLS_CC);
-		PHP_OCI_HANDLE_ERROR(connection, connection->errcode);
-		return 1;
+	PHP_OCI_CALL_RETURN(connection->errcode, OCILobIsOpen, (connection->svc, connection->err, descriptor->descriptor, &flag));
+	if (connection->errcode == OCI_SUCCESS && flag) {
+		PHP_OCI_CALL_RETURN(connection->errcode, OCILobClose, (connection->svc, connection->err, descriptor->descriptor));
+		
+		if (connection->errcode != OCI_SUCCESS) {
+			php_oci_error(connection->err, connection->errcode TSRMLS_CC);
+			PHP_OCI_HANDLE_ERROR(connection, connection->errcode);
+			return 1;
+		}
}

Reproduce code:
---------------
<?php

$c = oci_connect('hr', 'hrpwd', '//ca-tools1/XE');

$stmtarray = array(
    "create or replace procedure ctest (p in out clob)
    as begin p := 'A'; end;"
);

foreach ($stmtarray as $stmt) {
    $s = oci_parse($c, $stmt);
    @oci_execute($s);
}

$stmt = oci_parse($c,'begin ctest(:c_data); end;');
$textLob = oci_new_descriptor($c, OCI_D_LOB);
oci_bind_by_name($stmt, ":c_data", $textLob, -1, OCI_B_CLOB);
oci_execute($stmt, OCI_DEFAULT);
$r = $textLob->load();
echo $r;

// Incorrectly closing the lob causes a crash.  OCI-LOB->close() is
// documented for use only with OCI-Lob->writeTemporary()
$textLob->close();

print "ok\n";

?>


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-02-26 00:24 UTC] sixd@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

+------------------------------
| A different fix has been merged to 5.2.6, 5.3 and 6.
| Thanks go to Haneef.
+------------------------------

 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sun Apr 20 10:02:06 2014 UTC