PHP :: Bug #45769 :: Segmentation fault with OCI8

Bug #45769

Segmentation fault with OCI8

Submitted:

2008-08-08 19:43 UTC

Modified:

2010-01-11 09:08 UTC

Votes:	2
Avg. Score:	5.0 ± 0.0
Reproduced:	2 of 2 (100.0%)
Same Version:	2 (100.0%)
Same OS:	1 (50.0%)

From:

louis dot begin at cspq dot gouv dot qc dot ca

Assigned:

Status:

Not a bug

Package:

OCI8 related

PHP Version:

5.2CVS-2009-03-19 (snap)

OS:

zVM/Linux

Private report:

CVE-ID:

None

View Add Comment Developer Edit

[2008-08-08 19:43 UTC] louis dot begin at cspq dot gouv dot qc dot ca

Description:
------------
Envir:
Oracle version 10.2.0.3 (64bits)
Envir.: zVM Linux
Linux Suse SLES10 (64bits)
:>uname -a
Linux CSIGDSA1 2.6.16.46-0.12-default #1 SMP Thu May 17 14:00:09 UTC 2007 s390x s390x s390x GNU/Linux

:>cat /etc/SuSE-release
SUSE Linux Enterprise Server 10 (s390x)
VERSION = 10
PATCHLEVEL = 1

phpinfo.php works fine

When executing "OCILogon(...)"
the connection to oracle occurs (listener.log "sees" it), but when returning to to prog.:
[Fri Jul 18 09:27:16 2008] [notice] child pid 17963 exit signal Segmentation fault (11)

Reproduce code:
---------------
<?php

  $oracle_on_localhost = TRUE;

  $conn = OCILogon("dri", "xxxxxxxx", "SIGUBTM");

  if (!$conn) {
         exit;
     }

  echo OCIServerVersion($conn) ."<br>\n";
  print date('Y-m-d H:i:s')."<br><br>\n";

  $cmdstr = "select code_client, client from dri.client";

  $parsed = OCIParse($conn, $cmdstr);
  OCIExecute($parsed, OCI_DEFAULT);

  echo "<html><head><title>Oracle Test avec PHP</title></head><body>";
  echo "<center><h2>Oracle Test avec PHP</h2><br>";

  print '<table border="1">';
  while ($succ = OCIFetchInto($stid, $row, OCI_RETURN_NULLS)) {
      print '<tr>';
      foreach ($row as $item) {
         print '<td>'.($item?htmlentities($item):'&nbsp;').'</td>';
      }
      print '</tr>';
  }
  print '</table>';

  echo "<tr><td colspan='2'> Nombre de rangees: $nrows</td></tr></table>";
  echo "<br><em>Si vous voyez les donnees, ca marche!</em><br></center></body></html>\n";

  OCILogoff($conn);
?>

Expected result:
----------------
The contains of rows from 
select code_client, client from dri.client

(The piece of code comes from:
http://www.oracle.com/technology/tech/php/htdocs/inst_php_apache_linux.html
with modification to match an existing table.

Actual result:
--------------
CSIGDSA1:/parm/oracle/bin # gdb /logiciels/tldb/httpd-2.0.61/bin/httpd
GNU gdb 6.6
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "s390x-suse-linux"...
Using host libthread_db library "/lib64/libthread_db.so.1".
(gdb) run -X
Starting program: /logiciels/tldb/httpd-2.0.61/bin/httpd -X
[Thread debugging using libthread_db enabled]
[New Thread 2199026468240 (LWP 9613)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 2199026468240 (LWP 9613)]
_zval_ptr_dtor (zval_ptr=0x3ffffbdcb28)
    at /logiciels/tldb/php/php-5.2.6/Zend/zend_execute_API.c:412
412             (*zval_ptr)->refcount--;
(gdb) bt
#0  _zval_ptr_dtor (zval_ptr=0x3ffffbdcb28)
    at /logiciels/tldb/php/php-5.2.6/Zend/zend_execute_API.c:412
#1  0x00000200006094d6 in zend_do_fcall_common_helper_SPEC (execute_data=0x3ffffbdd160)
    at /logiciels/tldb/php/php-5.2.6/Zend/zend_execute.h:155
#2  0x00000200005f79a2 in execute (op_array=0x20001e41a98)
    at /logiciels/tldb/php/php-5.2.6/Zend/zend_vm_execute.h:92
#3  0x00000200005d4258 in zend_execute_scripts (type=<value optimized out>, retval=0x0,
    file_count=2) at /logiciels/tldb/php/php-5.2.6/Zend/zend.c:1134
#4  0x000002000058bd78 in php_execute_script (primary_file=0x3ffffbdf770)
    at /logiciels/tldb/php/php-5.2.6/main/main.c:2005
#5  0x0000020000667e4c in php_handler (r=0x80270b00)
    at /logiciels/tldb/php/php-5.2.6/sapi/apache2handler/sapi_apache2.c:629
#6  0x0000000080048e20 in ap_run_handler (r=0x80270b00) at config.c:152
#7  0x000000008004c33a in ap_invoke_handler (r=0x80270b00) at config.c:364
#8  0x000000008003615c in ap_process_request (r=0x80270b00) at http_request.c:249
#9  0x0000000080030ccc in ap_process_http_connection (c=0x802629d0) at http_core.c:253
#10 0x0000000080055e4c in ap_run_process_connection (c=0x802629d0) at connection.c:43
#11 0x00000000800476e4 in child_main (child_num_arg=<value optimized out>) at prefork.c:610
#12 0x000000008004794e in make_child (s=0x800dca60, slot=0) at prefork.c:650
#13 0x0000000080047a5a in startup_children (number_to_start=2) at prefork.c:722
#14 0x00000000800483cc in ap_mpm_run (_pconf=<value optimized out>, plog=<value optimized out>,
    s=0x800dca60) at prefork.c:941
#15 0x000000008004f02c in main (argc=<value optimized out>, argv=0x3ffffbe02a8) at main.c:636
(gdb)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2008-08-09 22:36 UTC] sixd@php.net

Does this happen for all tables?
What were the configure options?
What is the NLS environment (and how is it set)?
Please supply an export file or SQL script to creates a table & data that reproduces the problem.

[2008-08-11 14:47 UTC] louis dot begin at cspq dot gouv dot qc dot ca

That happend with any table, 
I think that the "OCILogon" function does not return
Could be a problem of 32bits/64bits compatibility.....
Could be a problem of 32bits/64bits compatibility.....

./configure --prefix=/logiciels/tldb/php-5.2.6 --with-config-file-path=/logiciels/tldb/php-5.2.6  
--with-apxs2=/logiciels/tldb/httpd-2.0.61/bin/apxs --with-oci8=/logiciels/oracle/product/10.2.0.3 
--with-pdo-oci8=/logiciels/oracle/product/10.2.0.3 --disable-libxml --disable-dom --disable-simplexml 
--disable-xml --disable-xmlreader --disable-xmlwriter --without-pear --enable-sigchild

(xml is not install on this server)


:>echo $NLS_LANG
AMERICAN_AMERICA.WE8ISO8859P1


create table dri.client (
 code_client  varchar2(3) ,
 client   varchar2(30) );

insert into dri.client('CAR', 'Carra') ;
insert into dri.client('MAM', 'Mamm') ;

[2008-08-15 17:44 UTC] louis dot begin at cspq dot gouv dot qc dot ca

Maybe this info could help:
:>file php
php: ELF 64-bit MSB executable, IBM S/390, version 1 (SYSV), for GNU/Linux 2.6.4, dynamically linked (uses shared libs), for GNU/Linux 2.6.4, not stripped

:>ldd php
        libcrypt.so.1 => /lib64/libcrypt.so.1 (0x0000020000028000)
        librt.so.1 => /lib64/librt.so.1 (0x0000020000064000)
        libresolv.so.2 => /lib64/libresolv.so.2 (0x000002000006e000)
        libm.so.6 => /lib64/libm.so.6 (0x0000020000085000)
        libdl.so.2 => /lib64/libdl.so.2 (0x000002000011b000)
        libnsl.so.1 => /lib64/libnsl.so.1 (0x0000020000120000)
        libclntsh.so.10.1 => /logiciels/oracle/product/10.2.0.3/lib/libclntsh.so.10.1 (0x000002000013a000)
        libc.so.6 => /lib64/libc.so.6 (0x0000020001470000)
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00000200015d0000)
        /lib/ld64.so.1 (0x0000020000000000)
        libnnz10.so => /logiciels/oracle/product/10.2.0.3/lib/libnnz10.so (0x00000200015eb000)

[2008-08-28 14:31 UTC] louis dot begin at cspq dot gouv dot qc dot ca

I installed PECL OCI8 1.3.4
and i got the same result.

-----------------------
root.sigubtm:>gdb /logiciels/tldb/httpd-2.0.61/bin/httpd
GNU gdb 6.6
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "s390x-suse-linux"...
Using host libthread_db library "/lib64/libthread_db.so.1".
(gdb) run -X
Starting program: /logiciels/tldb/httpd-2.0.61/bin/httpd -X
[Thread debugging using libthread_db enabled]
[New Thread 2199026468240 (LWP 11695)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 2199026468240 (LWP 11695)]
_zval_ptr_dtor (zval_ptr=0x3fffff21818)
    at /logiciels/tldb/php/php-5.2.6/Zend/zend_execute_API.c:412
412             (*zval_ptr)->refcount--;
(gdb) bt
#0  _zval_ptr_dtor (zval_ptr=0x3fffff21818)
    at /logiciels/tldb/php/php-5.2.6/Zend/zend_execute_API.c:412
#1  0x00000200006094d6 in zend_do_fcall_common_helper_SPEC (execute_data=0x3fffff21e50)
    at /logiciels/tldb/php/php-5.2.6/Zend/zend_execute.h:155
#2  0x00000200005f79a2 in execute (op_array=0x20001e41a98)
    at /logiciels/tldb/php/php-5.2.6/Zend/zend_vm_execute.h:92
#3  0x00000200005d4258 in zend_execute_scripts (type=<value optimized out>, retval=0x0,
    file_count=2) at /logiciels/tldb/php/php-5.2.6/Zend/zend.c:1134
#4  0x000002000058bd78 in php_execute_script (primary_file=0x3fffff24460)
    at /logiciels/tldb/php/php-5.2.6/main/main.c:2005
#5  0x0000020000667e4c in php_handler (r=0x8026cb60)
    at /logiciels/tldb/php/php-5.2.6/sapi/apache2handler/sapi_apache2.c:629
#6  0x0000000080048e20 in ap_run_handler (r=0x8026cb60) at config.c:152
#7  0x000000008004c33a in ap_invoke_handler (r=0x8026cb60) at config.c:364
#8  0x000000008003615c in ap_process_request (r=0x8026cb60) at http_request.c:249
#9  0x0000000080030ccc in ap_process_http_connection (c=0x80262a50) at http_core.c:253
#10 0x0000000080055e4c in ap_run_process_connection (c=0x80262a50) at connection.c:43
#11 0x00000000800476e4 in child_main (child_num_arg=<value optimized out>) at prefork.c:610
#12 0x000000008004794e in make_child (s=0x800dca60, slot=0) at prefork.c:650
#13 0x0000000080047a5a in startup_children (number_to_start=2) at prefork.c:722
#14 0x00000000800483cc in ap_mpm_run (_pconf=<value optimized out>,
    plog=<value optimized out>, s=0x800dca60) at prefork.c:941
#15 0x000000008004f02c in main (argc=<value optimized out>, argv=0x3fffff24f98)
    at main.c:636
(gdb)

[2008-08-29 17:36 UTC] louis dot begin at cspq dot gouv dot qc dot ca

Additional info:
This installation (with OCI8) works fine if i use de "phpinfo.php" script or an other little script i did (an "Hello world" script)

[2008-11-17 19:27 UTC] louis dot begin at cspq dot gouv dot qc dot ca

Sorry for the delay,

I got th exact same result .....

I also noticed thoses messages during compilation, that could be a clue :

/bin/sh /logiciels/tldb/php/php5.2-200811171530/libtool --silent --preserve-dup-deps --mode=compile gcc  -Iext/oci8/ -I/logiciels/tldb/php/php5.2-200811171530/ext/oci8/ -DPHP_ATOM_INC -I/logiciels/tldb/php/php5.2-200811171530/include -I/logiciels/tldb/php/php5.2-200811171530/main -I/logiciels/tldb/php/php5.2-200811171530 -I/logiciels/tldb/php/php5.2-200811171530/ext/date/lib -I/logiciels/oracle/product/10.2.0.3/rdbms/public -I/logiciels/oracle/product/10.2.0.3/rdbms/demo -I/logiciels/oracle/product/10.2.0.3/plsql/public -I/logiciels/tldb/php/php5.2-200811171530/TSRM -I/logiciels/tldb/php/php5.2-200811171530/Zend    -I/usr/include -g -O2   -c /logiciels/tldb/php/php5.2-200811171530/ext/oci8/oci8.c -o ext/oci8/oci8.lo
/logiciels/tldb/php/php5.2-200811171530/ext/oci8/oci8.c: In function 'php_oci_do_connect_ex':
/logiciels/tldb/php/php5.2-200811171530/ext/oci8/oci8.c:1102: warning: cast from pointer to integer of different size
/logiciels/tldb/php/php5.2-200811171530/ext/oci8/oci8.c:1416: warning: cast to pointer from integer of different size

Regard,

LBe

[2009-01-20 12:35 UTC] jani@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/

[2009-04-08 19:59 UTC] louis dot begin at cspq dot gouv dot qc dot ca

Sorry for the delay,

I got the exact same result,

Starting program: /logiciels/tldb/httpd-2.0.61/bin/httpd -X
[Thread debugging using libthread_db enabled]
[New Thread 2199026468240 (LWP 4426)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 2199026468240 (LWP 4426)]
_zval_ptr_dtor (zval_ptr=0x3ffffae7ad8)
    at /logiciels/tldb/php/php5.2-200903191730/Zend/zend_execute_API.c:412
412             (*zval_ptr)->refcount--;
(gdb) bt
#0  _zval_ptr_dtor (zval_ptr=0x3ffffae7ad8)
    at /logiciels/tldb/php/php5.2-200903191730/Zend/zend_execute_API.c:412
#1  0x000002000053733a in zend_do_fcall_common_helper_SPEC (execute_data=0x3ffffae8110)
    at /logiciels/tldb/php/php5.2-200903191730/Zend/zend_execute.h:155
#2  0x0000020000528a5e in execute (op_array=0x2000074caa0)
    at /logiciels/tldb/php/php5.2-200903191730/Zend/zend_vm_execute.h:92
#3  0x0000020000505378 in zend_execute_scripts (type=<value optimized out>, retval=0x0,
    file_count=2) at /logiciels/tldb/php/php5.2-200903191730/Zend/zend.c:1134
#4  0x00000200004bc538 in php_execute_script (primary_file=0x3ffffaea720)
    at /logiciels/tldb/php/php5.2-200903191730/main/main.c:2023
#5  0x0000020000599790 in php_handler (r=0x8024d210)
    at /logiciels/tldb/php/php5.2-200903191730/sapi/apache2handler/sapi_apache2.c:632
#6  0x0000000080048e20 in ap_run_handler (r=0x8024d210) at config.c:152
#7  0x000000008004c33a in ap_invoke_handler (r=0x8024d210) at config.c:364
#8  0x000000008003615c in ap_process_request (r=0x8024d210) at http_request.c:249
#9  0x0000000080030ccc in ap_process_http_connection (c=0x802491d0) at http_core.c:253
#10 0x0000000080055e4c in ap_run_process_connection (c=0x802491d0) at connection.c:43
#11 0x00000000800476e4 in child_main (child_num_arg=<value optimized out>) at prefork.c:610
#12 0x000000008004794e in make_child (s=0x800dca60, slot=0) at prefork.c:650
#13 0x0000000080047a5a in startup_children (number_to_start=2) at prefork.c:722
#14 0x00000000800483cc in ap_mpm_run (_pconf=<value optimized out>, plog=<value optimized out>,
    s=0x800dca60) at prefork.c:941
#15 0x000000008004f02c in main (argc=<value optimized out>, argv=0x3ffffaeb258) at main.c:636
(gdb)

---------------------------
NOTICE:
I have the same message when compiling:

/logiciels/tldb/php/php5.2-200903191730/ext/oci8/oci8.c: In function 'php_oci_do_connect_ex':
/logiciels/tldb/php/php5.2-200903191730/ext/oci8/oci8.c:1102: warning: cast from pointer to integer of different size
/logiciels/tldb/php/php5.2-200903191730/ext/oci8/oci8.c:1416: warning: cast to pointer from integer of different size

===========================

[2009-04-20 09:18 UTC] jani@php.net

That backtrace does not show any references to any OCI functions. Are you absolutely sure the script you're running IS that script shown in your first comment? Check your configuration (including all http.conf / .htaccess files) and clean it up. Make sure you do NOT have any extensions loaded from your php.ini and that you're loading correct php.ini file. Also check for any append/prepend settings in it..

[2009-05-12 17:51 UTC] louis dot begin at cspq dot gouv dot qc dot ca

Hi, sorry for delay,

Here what i get from GDB:
(gdb) run -X
Starting program: /logiciels/tldb/httpd-2.0.61/bin/httpd -X
[Thread debugging using libthread_db enabled]
[New Thread 2199026468240 (LWP 3700)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 2199026468240 (LWP 3700)]
_zval_ptr_dtor (zval_ptr=0x3ffffa94b20)
    at /logiciels/tldb/php/php5.2-200903191730/Zend/zend_execute_API.c:412
412             (*zval_ptr)->refcount--;
(gdb) bt
#0  _zval_ptr_dtor (zval_ptr=0x3ffffa94b20)
    at /logiciels/tldb/php/php5.2-200903191730/Zend/zend_execute_API.c:412
#1  0x000002000053733a in zend_do_fcall_common_helper_SPEC (execute_data=0x3ffffa95100)
    at /logiciels/tldb/php/php5.2-200903191730/Zend/zend_execute.h:155
#2  0x0000020000528a5e in execute (op_array=0x2000074caa0)
    at /logiciels/tldb/php/php5.2-200903191730/Zend/zend_vm_execute.h:92
#3  0x0000020000505378 in zend_execute_scripts (type=<value optimized out>, retval=0x0,
    file_count=2) at /logiciels/tldb/php/php5.2-200903191730/Zend/zend.c:1134
#4  0x00000200004bc538 in php_execute_script (primary_file=0x3ffffa97710)
    at /logiciels/tldb/php/php5.2-200903191730/main/main.c:2023
#5  0x0000020000599790 in php_handler (r=0x8024d2d0)
    at /logiciels/tldb/php/php5.2-200903191730/sapi/apache2handler/sapi_apache2.c:632
#6  0x0000000080048e20 in ap_run_handler (r=0x8024d2d0) at config.c:152
#7  0x000000008004c33a in ap_invoke_handler (r=0x8024d2d0) at config.c:364
#8  0x000000008003615c in ap_process_request (r=0x8024d2d0) at http_request.c:249
#9  0x0000000080030ccc in ap_process_http_connection (c=0x80249290) at http_core.c:253
#10 0x0000000080055e4c in ap_run_process_connection (c=0x80249290) at connection.c:43
#11 0x00000000800476e4 in child_main (child_num_arg=<value optimized out>) at prefork.c:610
#12 0x000000008004794e in make_child (s=0x800dca60, slot=0) at prefork.c:650
#13 0x0000000080047a5a in startup_children (number_to_start=2) at prefork.c:722
#14 0x00000000800483cc in ap_mpm_run (_pconf=<value optimized out>, plog=<value optimized out>,
    s=0x800dca60) at prefork.c:941
#15 0x000000008004f02c in main (argc=<value optimized out>, argv=0x3ffffa98248) at main.c:636
(gdb) info locals
No locals.

------------------
/* Here a line from the "oracle listener log" indicating that the connection occurs succesfully to the database  */
12-MAY-2009 13:21:57 * (CONNECT_DATA=(SERVICE_NAME=sigubtm)(CID=(PROGRAM=httpd@CSIGDSA1)(HOST=CSIGDSA1)(USER=oracle))) * (ADDRESS=(PROTOCOL=tcp)(HOST=172.27.96.229)(PORT=56123)) * establish * sigubtm * 0

The time match exactly.
I am sur i get the right program.

==============
Thank
LBe

[2009-06-11 13:08 UTC] louis dot begin at cspq dot gouv dot qc dot ca

Again:
When i compiled i get these messages:
/logiciels/tldb/php/php5.2-200903191730/ext/oci8/oci8.c: In function
'php_oci_do_connect_ex':
/logiciels/tldb/php/php5.2-200903191730/ext/oci8/oci8.c:1102: warning:
cast from pointer to integer of different size
/logiciels/tldb/php/php5.2-200903191730/ext/oci8/oci8.c:1416: warning:
cast to pointer from integer of different size

which could indicated "losing a part of a pointer"
which is compatible with the error "segmentation fault".

LBe

[2010-01-05 14:36 UTC] louis dot begin at cspq dot gouv dot qc dot ca

Hi,

Forget that bug, you may close it.
We used an other software to do the job.

Regards,

LBe

[2010-01-11 09:08 UTC] jani@php.net

yea, right.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 26 10:01:31 2024 UTC