php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #44301 Segfault when an exception is thrown on persistent connections.
Submitted: 2008-03-01 03:40 UTC Modified: 2008-07-22 06:53 UTC
From: mukraish at gmail dot com Assigned: pajoye
Status: Closed Package: PDO related
PHP Version: 5.2CVS-2008-03-20 OS: Linux version 2.6.20
Private report: No CVE-ID:
 [2008-03-01 03:40 UTC] mukraish at gmail dot com
Description:
------------
PHP segfaults (with PDO_OCI) when PDOStatement throws an exception while persistent connection is enabled.  Running latest CVS version (php5.2-200803010130) with the following config options ...

./configure --enable-debug --with-pdo-oci

Reproduce code:
---------------
<?php
try {
   $dbh = new PDO('oci:dbname=//host:1521/ex', 'foo', 'bar', array(PDO::ATTR_PERSISTENT => true));
   $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
   $stmt = $dbh->prepare('SELECT * FROM no_table');
   $stmt->execute();
} catch (PDOException $e) {
  print $e->getMessage();
}
$dbh = null;
?>

Expected result:
----------------
Print exception message:
SQLSTATE[HY000]: General error: 942 OCIStmtExecute: ORA-00942: table or view does not exist

Actual result:
--------------
Segmentation fault

BACKTRACE:
(gdb) bt
#0  0x082f1839 in zend_mm_check_ptr (heap=0x84791c8, ptr=0x85b6188, silent=1, 
    __zend_filename=0x83fb1e0 "/home/mukra/php5.2-200803010130/ext/pdo_oci/oci_statement.c", __zend_lineno=90, __zend_orig_filename=0x0, 
    __zend_orig_lineno=0)
    at /home/mukra/php5.2-200803010130/Zend/zend_alloc.c:1286
#1  0x082f2e16 in _zend_mm_free_int (heap=0x84791c8, p=0x85b6188, 
    __zend_filename=0x83fb1e0 "/home/mukra/php5.2-200803010130/ext/pdo_oci/oci_statement.c", __zend_lineno=90, __zend_orig_filename=0x0, 
    __zend_orig_lineno=0)
    at /home/mukra/php5.2-200803010130/Zend/zend_alloc.c:1925
#2  0x082f3ef1 in _efree (ptr=0x85b6188, 
    __zend_filename=0x83fb1e0 "/home/mukra/php5.2-200803010130/ext/pdo_oci/oci_statement.c", __zend_lineno=90, __zend_orig_filename=0x0, 
    __zend_orig_lineno=0)
    at /home/mukra/php5.2-200803010130/Zend/zend_alloc.c:2293
#3  0x08135197 in oci_stmt_dtor (stmt=0x855a800)
    at /home/mukra/php5.2-200803010130/ext/pdo_oci/oci_statement.c:90
#4  0x08130cab in free_statement (stmt=0x855a800)
    at /home/mukra/php5.2-200803010130/ext/pdo/pdo_stmt.c:2355
#5  0x08130e9d in php_pdo_stmt_delref (stmt=0x855a800)
    at /home/mukra/php5.2-200803010130/ext/pdo/pdo_stmt.c:2397
#6  0x08130eb0 in pdo_dbstmt_free_storage (stmt=0x855a800)
    at /home/mukra/php5.2-200803010130/ext/pdo/pdo_stmt.c:2403
#7  0x083345f5 in zend_objects_store_del_ref_by_handle (handle=2)
    at /home/mukra/php5.2-200803010130/Zend/zend_objects_API.c:206
#8  0x0833449b in zend_objects_store_del_ref (zobject=0x855b174)
    at /home/mukra/php5.2-200803010130/Zend/zend_objects_API.c:168
#9  0x0830f12d in _zval_dtor_func (zvalue=0x855b174, 
    __zend_filename=0x84482ec "/home/mukra/php5.2-200803010130/Zend/zend_variables.h", __zend_lineno=35)
    at /home/mukra/php5.2-200803010130/Zend/zend_variables.c:52
#10 0x08301a2e in _zval_dtor (zvalue=0x855b174, 
    __zend_filename=0x8448270 "/home/mukra/php5.2-200803010130/Zend/zend_execute_API.c", __zend_lineno=414)
    at /home/mukra/php5.2-200803010130/Zend/zend_variables.h:35
---Type <return> to continue, or q <return> to quit---
#11 0x08301bec in _zval_ptr_dtor (zval_ptr=0x855aa7c, 
    __zend_filename=0x84493ec "/home/mukra/php5.2-200803010130/Zend/zend_variables.c", __zend_lineno=175)
    at /home/mukra/php5.2-200803010130/Zend/zend_execute_API.c:414
#12 0x0830f49c in _zval_ptr_dtor_wrapper (zval_ptr=0x855aa7c)
    at /home/mukra/php5.2-200803010130/Zend/zend_variables.c:175
#13 0x0831d54a in zend_hash_apply_deleter (ht=0x8478650, p=0x855aa70)
    at /home/mukra/php5.2-200803010130/Zend/zend_hash.c:611
#14 0x0831da79 in zend_hash_reverse_apply (ht=0x8478650, 
    apply_func=0x830154e <zval_call_destructor>)
    at /home/mukra/php5.2-200803010130/Zend/zend_hash.c:760
#15 0x083015d5 in shutdown_destructors ()
    at /home/mukra/php5.2-200803010130/Zend/zend_execute_API.c:211
#16 0x08310b08 in zend_call_destructors ()
    at /home/mukra/php5.2-200803010130/Zend/zend.c:845
#17 0x082bf5f5 in php_request_shutdown (dummy=0x0)
    at /home/mukra/php5.2-200803010130/main/main.c:1446
#18 0x0838e62f in main (argc=2, argv=0xbfa713b4)
    at /home/mukra/php5.2-200803010130/sapi/cli/php_cli.c:1321
(gdb) 

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-03-20 19:54 UTC] mukraish at gmail dot com
Using the latest version from cvs, and the Segmentation fault still occurs.

(gdb) run
Starting program: /home/mukra/php5.2-200803201730/sapi/cli/php test.php
[Thread debugging using libthread_db enabled]
[New Thread 0xb6ca18d0 (LWP 22114)]
SQLSTATE[HY000]: General error: 942 OCIStmtExecute: ORA-00942: table or view does not exist
 (/home/mukra/php5.2-200803201730/ext/pdo_oci/oci_statement.c:146)
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb6ca18d0 (LWP 22114)]
0x082f1c51 in zend_mm_check_ptr (heap=0x847a1c8, ptr=0x85b8160, silent=1, 
    __zend_filename=0x83fb920 "/home/mukra/php5.2-200803201730/ext/pdo_oci/oci_statement.c", __zend_lineno=90, __zend_orig_filename=0x0, 
    __zend_orig_lineno=0)
    at /home/mukra/php5.2-200803201730/Zend/zend_alloc.c:1286
1286		if (p->info._size != ZEND_MM_NEXT_BLOCK(p)->info._prev) {
(gdb) bt
#0  0x082f1c51 in zend_mm_check_ptr (heap=0x847a1c8, ptr=0x85b8160, silent=1, 
    __zend_filename=0x83fb920 "/home/mukra/php5.2-200803201730/ext/pdo_oci/oci_statement.c", __zend_lineno=90, __zend_orig_filename=0x0, 
    __zend_orig_lineno=0)
    at /home/mukra/php5.2-200803201730/Zend/zend_alloc.c:1286
#1  0x082f322e in _zend_mm_free_int (heap=0x847a1c8, p=0x85b8160, 
    __zend_filename=0x83fb920 "/home/mukra/php5.2-200803201730/ext/pdo_oci/oci_statement.c", __zend_lineno=90, __zend_orig_filename=0x0, 
    __zend_orig_lineno=0)
    at /home/mukra/php5.2-200803201730/Zend/zend_alloc.c:1925
#2  0x082f4309 in _efree (ptr=0x85b8160, 
    __zend_filename=0x83fb920 "/home/mukra/php5.2-200803201730/ext/pdo_oci/oci_statement.c", __zend_lineno=90, __zend_orig_filename=0x0, 
    __zend_orig_lineno=0)
    at /home/mukra/php5.2-200803201730/Zend/zend_alloc.c:2293
#3  0x0813519b in oci_stmt_dtor (stmt=0x855d764)
    at /home/mukra/php5.2-200803201730/ext/pdo_oci/oci_statement.c:90
#4  0x08130caf in free_statement (stmt=0x855d764)
    at /home/mukra/php5.2-200803201730/ext/pdo/pdo_stmt.c:2355
#5  0x08130ea1 in php_pdo_stmt_delref (stmt=0x855d764)
    at /home/mukra/php5.2-200803201730/ext/pdo/pdo_stmt.c:2397
#6  0x08130eb4 in pdo_dbstmt_free_storage (stmt=0x855d764)
    at /home/mukra/php5.2-200803201730/ext/pdo/pdo_stmt.c:2403
---Type <return> to continue, or q <return> to quit---
#7  0x08334bf5 in zend_objects_store_del_ref_by_handle (handle=2)
    at /home/mukra/php5.2-200803201730/Zend/zend_objects_API.c:206
#8  0x08334a9b in zend_objects_store_del_ref (zobject=0x855d430)
    at /home/mukra/php5.2-200803201730/Zend/zend_objects_API.c:168
#9  0x0830f6b5 in _zval_dtor_func (zvalue=0x855d430, 
    __zend_filename=0x84488cc "/home/mukra/php5.2-200803201730/Zend/zend_variables.h", __zend_lineno=35)
    at /home/mukra/php5.2-200803201730/Zend/zend_variables.c:52
#10 0x08301e46 in _zval_dtor (zvalue=0x855d430, 
    __zend_filename=0x8448850 "/home/mukra/php5.2-200803201730/Zend/zend_execute_API.c", __zend_lineno=414)
    at /home/mukra/php5.2-200803201730/Zend/zend_variables.h:35
#11 0x08302004 in _zval_ptr_dtor (zval_ptr=0x855d9e0, 
    __zend_filename=0x84499cc "/home/mukra/php5.2-200803201730/Zend/zend_variables.c", __zend_lineno=175)
    at /home/mukra/php5.2-200803201730/Zend/zend_execute_API.c:414
#12 0x0830fa24 in _zval_ptr_dtor_wrapper (zval_ptr=0x855d9e0)
    at /home/mukra/php5.2-200803201730/Zend/zend_variables.c:175
#13 0x0831dafe in zend_hash_apply_deleter (ht=0x8479650, p=0x855d9d4)
    at /home/mukra/php5.2-200803201730/Zend/zend_hash.c:611
#14 0x0831e02d in zend_hash_reverse_apply (ht=0x8479650, 
    apply_func=0x8301966 <zval_call_destructor>)
    at /home/mukra/php5.2-200803201730/Zend/zend_hash.c:760
---Type <return> to continue, or q <return> to quit---
#15 0x083019ed in shutdown_destructors ()
    at /home/mukra/php5.2-200803201730/Zend/zend_execute_API.c:211
#16 0x08311090 in zend_call_destructors ()
    at /home/mukra/php5.2-200803201730/Zend/zend.c:845
#17 0x082bf96d in php_request_shutdown (dummy=0x0)
    at /home/mukra/php5.2-200803201730/main/main.c:1445
#18 0x0838ed57 in main (argc=2, argv=0xbfbb5124)
    at /home/mukra/php5.2-200803201730/sapi/cli/php_cli.c:1321
(gdb) quit
 [2008-07-22 06:53 UTC] pajoye@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 17 06:02:13 2014 UTC