php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #53626 SQLite3 - Segmentation Fault on shutdown
Submitted: 2010-12-28 23:57 UTC Modified: 2019-01-21 13:50 UTC
Votes:10
Avg. Score:4.0 ± 0.8
Reproduced:9 of 9 (100.0%)
Same Version:8 (88.9%)
Same OS:5 (55.6%)
From: bion at drewcrawfordapps dot com Assigned: cmb (profile)
Status: Wont fix Package: SQLite related
PHP Version: 5.5.0RC2 OS: Mac OS X 10.7.1
Private report: No CVE-ID: None
 [2010-12-28 23:57 UTC] bion at drewcrawfordapps dot com
Description:
------------
./configure '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/private/etc' '--with-apxs2=/usr/sbin/apxs' '--enable-cli' '--with-config-file-path=/etc' '--with-libxml-dir=/usr' '--with-openssl=/usr' '--with-kerberos=/usr' '--with-zlib=/usr' '--enable-bcmath' '--with-bz2=/usr' '--enable-calendar' '--with-curl=/usr' '--enable-exif' '--enable-ftp' '--with-gd' '--with-jpeg-dir=/usr/local' '--with-png-dir=/usr/local' '--enable-gd-native-ttf' '--with-ldap=/usr' '--with-ldap-sasl=/usr' '--enable-mbstring' '--enable-mbregex' '--with-mysql=mysqlnd' '--with-mysqli=mysqlnd' '--with-pdo-mysql=mysqlnd' '--with-mysql-sock=/var/mysql/mysql.sock' '--with-iodbc=/usr' '--enable-shmop' '--with-snmp=/usr' '--enable-soap' '--enable-sockets' '--enable-sysvmsg' '--enable-sysvsem' '--enable-sysvshm' '--with-xmlrpc' '--with-iconv-dir=/usr' '--with-xsl=/usr' '--enable-zend-multibyte' '--enable-zip' '--with-pcre-regex' --disable-cgi --enable-debug --with-freetype-dir=/usr/local --with-mcrypt

Expected result:
----------------
An error message describing whatever bad situation I created for PHP

Actual result:
--------------
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: 13 at address: 0x0000000000000000
0x00000001015bed85 in zend_llist_del_element (l=0x1022aade8, element=0x102099818, compare=0x101095ad6 <php_sqlite3_compare_stmt_free>) at /downloads/php/php-5.3.4/Zend/zend_llist.c:97
97			next = current->next;
(gdb) bt
#0  0x00000001015bed85 in zend_llist_del_element (l=0x1022aade8, element=0x102099818, compare=0x101095ad6 <php_sqlite3_compare_stmt_free>) at /downloads/php/php-5.3.4/Zend/zend_llist.c:97
#1  0x0000000101095d6d in php_sqlite3_stmt_object_free_storage (object=0x1023132b0) at /downloads/php/php-5.3.4/ext/sqlite3/sqlite3.c:1936
#2  0x00000001015fe9fd in zend_objects_store_free_object_storage (objects=0x101c95e38) at /downloads/php/php-5.3.4/Zend/zend_objects_API.c:92
#3  0x00000001015b8ff1 in shutdown_executor () at /downloads/php/php-5.3.4/Zend/zend_execute_API.c:302
#4  0x00000001015cc9f3 in zend_deactivate () at /downloads/php/php-5.3.4/Zend/zend.c:890
#5  0x00000001015493d4 in php_request_shutdown (dummy=0x0) at /downloads/php/php-5.3.4/main/main.c:1633
#6  0x00000001016b948b in php_apache_request_dtor (r=0x1009b1ea8) at /downloads/php/php-5.3.4/sapi/apache2handler/sapi_apache2.c:509
#7  0x00000001016b9c63 in php_handler (r=0x1009b1ea8) at /downloads/php/php-5.3.4/sapi/apache2handler/sapi_apache2.c:681
#8  0x00000001000021db in ap_run_handler ()
#9  0x0000000100002aba in ap_invoke_handler ()
#10 0x000000010002f738 in ap_process_request ()
#11 0x000000010002bfa9 in ap_process_http_connection ()
#12 0x0000000100013737 in ap_run_process_connection ()
#13 0x0000000100013bd1 in ap_process_connection ()
#14 0x00000001000363f2 in child_main ()
#15 0x00000001000364dc in make_child ()
#16 0x0000000100036aaf in ap_mpm_run ()
#17 0x000000010000a821 in main ()
(gdb)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-12-29 00:02 UTC] felipe@php.net
-Status: Open +Status: Feedback
 [2010-12-29 00:02 UTC] felipe@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.


 [2010-12-29 01:07 UTC] bionoren at letu dot edu
-Status: Feedback +Status: Open
 [2010-12-29 01:07 UTC] bionoren at letu dot edu
<?php
    class test {
        public function __construct(array $values) {
            print_r($values);
        }

        public static function getInstance($db) {
            $result = $db->query("SELECT * from test");
            return new test($result->fetchArray(SQLITE3_ASSOC));
        }
    }

    $db = new SQLite3("test.sqlite", SQLITE3_OPEN_READWRITE | SQLITE3_OPEN_CREATE);
    $db->query("CREATE TABLE test (foo, bar)");

    test::getInstance($db);
    print "done";
?>
 [2011-03-08 18:00 UTC] felipe@php.net
-Status: Open +Status: Feedback
 [2011-03-08 18:00 UTC] felipe@php.net
Please try using this snapshot:

  http://snaps.php.net/php5.3-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/


 [2011-03-08 20:15 UTC] bionoren at letu dot edu
-Status: Feedback +Status: Open -Operating System: Mac OS X 10.6.5 +Operating System: Mac OS X 10.6.6 -PHP Version: 5.3.4 +PHP Version: 5.3.5
 [2011-03-08 20:15 UTC] bionoren at letu dot edu
It's more helpful. I get the following messages in the Apache error log:
test/index.php(14) : Warning - SQLite3::query() [<a href='sqlite3.query'>sqlite3.query</a>]: table test already exists
test/index.php(3) : Catchable fatal error - Argument 1 passed to test::__construct() must be an array, boolean given, called in test/index.php on line 9 and defined
[Tue Mar 08 13:11:41 2011] [notice] child pid 26396 exit signal Segmentation fault (11)

Here's the stack trace:
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: 13 at address: 0x0000000000000000
0x00000001015d0831 in zend_llist_del_element (l=0x10071c0f0, element=0x10208c258, compare=0x10109f549 <php_sqlite3_compare_stmt_free>) at /Users/bion/Downloads/php5.3-201103081730/Zend/zend_llist.c:97
97			next = current->next;
 [2011-03-22 02:39 UTC] felipe@php.net
-Summary: Segmentation Fault +Summary: SQLite3 - Segmentation Fault on shutdown
 [2011-06-05 20:28 UTC] felipe@php.net
-Status: Open +Status: Verified
 [2011-06-05 20:28 UTC] felipe@php.net
This is due the destructor order.
 [2011-09-23 04:55 UTC] bion at drewcrawfordapps dot com
-: bionoren@letu.edu +: bion at drewcrawfordapps dot com -Operating System: Mac OS X 10.6.6 +Operating System: Mac OS X 10.7.1 -PHP Version: 5.3.5 +PHP Version: 5.3.8
 [2011-09-23 04:55 UTC] bion at drewcrawfordapps dot com
This bug is still reproducible, and in fact has regressed, since I no longer get a 
helpful console error message, but a generic crash report. What are the chances of 
getting this fixed?
 [2011-12-02 08:33 UTC] sb at litepc dot com
I get a segfault whenever php-cgi exits even without using sqlite functions.

FreeBSD.  Latest Ports as of 1/12/2011

php5-5.3.8
php5-pdo_sqlite-5.3.8
php5-sqlite-5.3.8
php5-sqlite3-5.3.8
sqlite3-3.7.9


# /usr/local/bin/php-cgi -v
PHP 5.3.8 with Suhosin-Patch (cgi-fcgi) (built: Dec  1 2011 22:33:51)
Copyright (c) 1997-2011 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies
Segmentation fault
#

Editing extensions.ini to comment out sqlite3.so *and* pdo_sqlite.so  eliminates the Segmentation fault error.

With respect to: "This is due the destructor order."

I have tried many permutations of ordering in extensions.ini but found no case where enabling sqlite3.so or pdo_sqlite.so worked in any position.

Can not recompile with debug yet as this is a production machine... but will attempt to reproduce in test scenario and update.
 [2011-12-02 12:12 UTC] sb at litepc dot com
Additional Info:  reducing extensions.ini to only sqlite3.so (no other modules loaded) also gave the Segmentation fault when executing /usr/local/bin/php-cgi -v
 [2012-04-23 17:11 UTC] bugman at mailinator dot com
I was having the same problem.  Apparently it is due to the sqlite3 extension 
being threaded, but php not being compiled with the pthread library.  I was able 
to fix it in FreeBSD by recompiling php with the following option:

LINKTHR    Link thread lib (for threaded extensions)
 [2013-05-23 19:20 UTC] bion at drewcrawfordapps dot com
This continues to haunt me
 [2013-05-23 19:20 UTC] bion at drewcrawfordapps dot com
-PHP Version: 5.3.8 +PHP Version: 5.5.0RC2
 [2016-08-29 09:58 UTC] cmb@php.net
-Status: Verified +Status: Analyzed -Package: Reproducible crash +Package: SQLite related
 [2016-08-29 09:58 UTC] cmb@php.net
The issue is that ext/sqlite3 has circular references between
SQLite3 and SQLite3Stmt objects, and in case of "unclean shutdown"
(as caused by a catchable fatal error, in this case) the free
handlers are called in order of object construction in PHP 5.
Therefore the SQLite3 object is destroyed, but shortly thereafter
the SQLite3Stmt object tries to access it, which can result in a
segfault (and would be an invalid access, anyway).

As of PHP 7.0.0 the free handlers are invoked in opposite order
of construction, so at least with the given test script there are
no issues.

Anyhow, it seems to me that ext/sqlite3 should better separate
concerns by using dtors and free handlers (currently only free
handlers are used).
 [2019-01-21 13:50 UTC] cmb@php.net
-Status: Analyzed +Status: Wont fix -Assigned To: +Assigned To: cmb
 [2019-01-21 13:50 UTC] cmb@php.net
Since this issue does not affect PHP 7, and even extended support
for PHP 5 has ended, I'm closing the ticket.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Nov 25 16:01:31 2024 UTC