php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #56384 Segfault
Submitted: 2005-04-30 21:01 UTC Modified: 2005-10-23 09:31 UTC
From: destiney at gmail dot com Assigned:
Status: No Feedback Package: PDO (PECL)
PHP Version: 5.0.3 OS: Linux saturn 2.6.11-gentoo-r6
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: destiney at gmail dot com
New email:
PHP Version: OS:

 

 [2005-04-30 21:01 UTC] destiney at gmail dot com
Description:
------------
The version number of the PECL package or files you are using:

PDO-0.3
PDO_MYSQL-0.2


The list of modules you compiled PHP with (your configure line):

'./configure' '--prefix=/usr' '--host=i686-pc-linux-gnu' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--datadir=/usr/share' '--sysconfdir=/etc' '--localstatedir=/var/lib' '--without-cdb' '--without-db4' '--without-dbm' '--without-flatfile' '--with-gdbm' '--without-inifile' '--without-qdbm' '--with-jpeg-dir=/usr' '--with-freetype-dir=/usr' '--with-t1lib=/usr' '--with-ttf=/usr' '--enable-gd-jis-conf' '--enable-gd-native-ttf' '--with-png-dir=/usr' '--with-tiff-dir=/usr' '--without-xpm-dir' '--with-gd' '--with-imap' '--with-imap-ssl' '--with-mysql' '--with-mysql-sock=/var/run/mysqld/mysqld.sock' '--without-mm' '--without-msession' '--without-sqlite' '--with-apxs2=/usr/sbin/apxs2' '--with-config-file-path=/etc/php/apache2-php5' '--without-pear' '--disable-bcmath' '--with-bz2' '--disable-calendar' '--without-cpdflib' '--with-curl' '--without-curlwrappers' '--disable-dbase' '--disable-dio' '--disable-exif' '--with-fam' '--without-fbsql' '--without-fdftk' '--disable-filepro' '--enable-ftp' '--with-gettext' '--without-gmp' '--without-hwapi' '--with-iconv' '--without-informix' '--without-ingres' '--without-interbase' '--without-kerberos' '--enable-mbstring' '--with-mcrypt' '--without-mcve' '--disable-memory-limit' '--with-mhash' '--without-mime-magic' '--without-ming' '--without-mnogosearch' '--without-msql' '--without-mssql' '--with-ncurses' '--without-oci8' '--without-oracle' '--with-openssl' '--with-openssl-dir=/usr' '--without-ovrimos' '--enable-pcntl' '--without-pfpro' '--with-pgsql' '--disable-posix' '--with-pspell' '--without-recode' '--disable-shmop' '--without-snmp' '--disable-soap' '--enable-sockets' '--without-sybase' '--without-sybase-ct' '--disable-sysvmsg' '--disable-sysvsem' '--disable-sysvshm' '--without-tidy' '--disable-tokenizer' '--disable-wddx' '--without-xsl' '--without-xmlrpc' '--disable-yp' '--with-zlib' '--enable-debug' '--without-cdb' '--without-db4' '--without-dbm' '--without-flatfile' '--with-gdbm' '--without-inifile' '--without-qdbm' '--with-jpeg-dir=/usr' '--with-freetype-dir=/usr' '--with-t1lib=/usr' '--with-ttf=/usr' '--enable-gd-jis-conf' '--enable-gd-native-ttf' '--with-png-dir=/usr' '--with-tiff-dir=/usr' '--without-xpm-dir' '--with-gd' '--with-imap' '--with-imap-ssl' '--with-mysql' '--with-mysql-sock=/var/run/mysqld/mysqld.sock' '--without-mm' '--without-msession' '--without-sqlite' '--enable-dba' '--with-readline' '--without-libedit'


Any other information unique or specific to your setup:
Nothing I can think of.


Any changes made in your php.ini compared to php.ini-dist (not your whole php.ini!):

> diff php-5.0.3/php.ini-dist /etc/php/cli-php5/php.ini
433c433
< ;include_path = ".:/php/includes"
---
> include_path = ".:/usr/lib/php"
436c436
< ;include_path = ".;c:\php\includes"
---
> include_path = ".:/usr/lib/php"
450c450
< extension_dir = "./"
---
> extension_dir = /usr/lib/php/extensions/debug-non-zts-20041030


A gdb backtrace:
> gdb /usr/bin/php
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu"...(no debugging symbols found)
Using host libthread_db library "/lib/libthread_db.so.1".

(gdb) set args -f /home/destiney/pdo.php -c /etc/php/cli-php5/php.ini
(gdb) run
Starting program: /usr/bin/php -f /home/destiney/pdo.php -c /etc/php/cli-php5/php.ini
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread 16384 (LWP 10853)]
1       destiney
2       fred
3       andrea
4       chris
---Type <return> to continue, or q <return> to quit---

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 10853)]
0x082637c4 in _zval_dtor ()
(gdb) bt
#0  0x082637c4 in _zval_dtor ()
#1  0x086173ec in ?? ()
#2  0x0000005a in ?? ()
#3  0x00000010 in ?? ()
#4  0x000000c1 in ?? ()
#5  0x0848baa0 in php_tiff_bytes_per_format ()
#6  0x0000003d in ?? ()
#7  0x0001d931 in ?? ()
#8  0x084e10a4 in ?? ()
#9  0x08619f70 in ?? ()
#10 0x085441b0 in executor_globals ()
#11 0x0825aed0 in zend_verify_abstract_class ()
#12 0x0825869a in _zval_ptr_dtor ()
#13 0x086173ec in ?? ()
#14 0x0848b9e0 in php_tiff_bytes_per_format ()
#15 0x00000188 in ?? ()
#16 0x0824c189 in _efree ()
#17 0x08619fbc in ?? ()
#18 0x084e10a4 in ?? ()
#19 0x08619f64 in ?? ()
#20 0x08263ba0 in _zval_ptr_dtor_wrapper ()
#21 0x08619f70 in ?? ()
#22 0x0848c740 in php_tiff_bytes_per_format ()
#23 0x000000c1 in ?? ()
#24 0x084e10a4 in ?? ()
#25 0x08619fbc in ?? ()
#26 0x085441b0 in executor_globals ()
#27 0x084e10a4 in ?? ()
#28 0x0827051d in zend_hash_display ()
#29 0x0848d5e0 in php_tiff_bytes_per_format ()
#30 0x00000261 in ?? ()
#31 0x00000000 in ?? ()
#32 0x00000000 in ?? ()
---Type <return> to continue, or q <return> to quit---
#33 0xb77f9a7c in __after_morecore_hook () from /lib/libc.so.6
#34 0x082703d9 in zend_hash_display ()
#35 0x085441b0 in executor_globals ()
#36 0x0848d5e0 in php_tiff_bytes_per_format ()
#37 0x0825aed0 in zend_verify_abstract_class ()
#38 0x0826e0ec in zend_hash_graceful_reverse_destroy ()
#39 0x0828036d in zend_objects_store_call_destructors ()
#40 0xb774b47e in mallopt () from /lib/libc.so.6
Previous frame inner to this frame (corrupt stack?)
(gdb) kill
Kill the program being debugged? (y or n) y
(gdb) quit

Reproduce code:
---------------
A short script that reproduces the problem:

#!/usr/bin/php -q
<?php

error_reporting( E_ALL );

$extensions = get_loaded_extensions();

if( !in_array( 'PDO', $extensions ) )
{
    if( !dl('pdo.so') )
    {
        echo "pdo.so extension is not loaded\n";
    }
}

if( !in_array( 'pdo_mysql', $extensions ) )
{
    if( !dl('pdo_mysql.so') )
    {
        echo "pdo_mysql.so extension is not loaded\n";
    }
}

$dsn = 'mysql:dbname=test;host=10.0.0.2';
$user = 'root';
$password = 'changeme';

try
{
   $pdo = new PDO( $dsn, $user, $password );
}
catch( PDOException $e )
{
   echo 'Connection failed: ' . $e->getMessage() . "\n";
}

$sql = "
    SELECT *
    FROM users
    ORDER BY id
";

foreach( $pdo->query( $sql ) as $array )
{
    echo $array[ 'id' ] . "\t";
    echo $array[ 'user' ] . "\n";
}

?>


Expected result:
----------------
1       destiney
2       fred
3       andrea
4       chris

Actual result:
--------------
1       destiney
2       fred
3       andrea
4       chris
Segmentation fault

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-04-30 21:22 UTC] destiney at gmail dot com
Here's a backtrace for the PDO_PGSQL driver, seems to be the same or similar bug:

> gdb /usr/bin/php
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu"...(no debugging symbols found)
Using host libthread_db library "/lib/libthread_db.so.1".

(gdb) set args -f /home/destiney/pdo_pgsql.php -c /etc/php/cli-php5/php.ini
(gdb) run
Starting program: /usr/bin/php -f /home/destiney/pdo_pgsql.php -c /etc/php/cli-php5/php.ini
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread 16384 (LWP 15499)]
1       destiney
2       fred
3       andrea
4       chris
---Type <return> to continue, or q <return> to quit---

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 15499)]
0x082637c4 in _zval_dtor ()
(gdb) bt
#0  0x082637c4 in _zval_dtor ()
#1  0x086176b4 in ?? ()
#2  0x0000005a in ?? ()
#3  0x00000010 in ?? ()
#4  0x000000c1 in ?? ()
#5  0x0848baa0 in php_tiff_bytes_per_format ()
#6  0x0000003d in ?? ()
#7  0x0001d931 in ?? ()
#8  0x084e10a4 in ?? ()
#9  0x0861fec8 in ?? ()
#10 0x085441b0 in executor_globals ()
#11 0x0825aed0 in zend_verify_abstract_class ()
#12 0x0825869a in _zval_ptr_dtor ()
#13 0x086176b4 in ?? ()
#14 0x0848b9e0 in php_tiff_bytes_per_format ()
#15 0x00000188 in ?? ()
#16 0x0824c189 in _efree ()
#17 0x0861ff14 in ?? ()
#18 0x084e10a4 in ?? ()
#19 0x0861febc in ?? ()
#20 0x08263ba0 in _zval_ptr_dtor_wrapper ()
#21 0x0861fec8 in ?? ()
#22 0x0848c740 in php_tiff_bytes_per_format ()
#23 0x000000c1 in ?? ()
#24 0x084e10a4 in ?? ()
#25 0x0861ff14 in ?? ()
#26 0x085441b0 in executor_globals ()
#27 0x084e10a4 in ?? ()
#28 0x0827051d in zend_hash_display ()
#29 0x0848d5e0 in php_tiff_bytes_per_format ()
#30 0x00000261 in ?? ()
#31 0x00000000 in ?? ()
#32 0x00000000 in ?? ()
---Type <return> to continue, or q <return> to quit---
#33 0xb77f9a7c in __after_morecore_hook () from /lib/libc.so.6
#34 0x082703d9 in zend_hash_display ()
#35 0x085441b0 in executor_globals ()
#36 0x0848d5e0 in php_tiff_bytes_per_format ()
#37 0x0825aed0 in zend_verify_abstract_class ()
#38 0x0826e0ec in zend_hash_graceful_reverse_destroy ()
#39 0x0828036d in zend_objects_store_call_destructors ()
#40 0xb774b47e in mallopt () from /lib/libc.so.6
Previous frame inner to this frame (corrupt stack?)
(gdb) kill
Kill the program being debugged? (y or n) y
(gdb) quit


The script:

#!/usr/bin/php -q
<?php

error_reporting( E_ALL );

$extensions = get_loaded_extensions();

if( !in_array( 'PDO', $extensions ) )
{
    if( !dl('pdo.so') )
    {
        echo "pdo.so extension is not loaded\n";
    }
}

if( !in_array( 'pdo_pgsql', $extensions ) )
{
    if( !dl('pdo_pgsql.so') )
    {
        echo "pdo_pgsql.so extension is not loaded\n";
    }
}

$dsn = 'pgsql:host=localhost port=5432 dbname=test';
$user = 'destiney';
$password = 'changeme';

try
{
   $pdo = new PDO( $dsn, $user, $password );
}
catch( PDOException $e )
{
   echo 'Connection failed: ' . $e->getMessage() . "\n";
}

$sql = "
    SELECT *
    FROM users
    ORDER BY id
";

foreach( $pdo->query( $sql ) as $array )
{
    echo $array[ 'id' ] . "\t";
    echo $array[ 'user' ] . "\n";
}

?>
 [2005-04-30 22:16 UTC] wez@php.net
Please try to get a better stacktrace; it looks like you've stripped your binaries.

You should also not need to set extension_dir unless you've deliberately moved your extensions away from the location determined during configure.
 [2005-04-30 23:19 UTC] destiney at gmail dot com
> gdb /home/destiney/php-5.0.3/sapi/cli/php
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu"...Using host libthread_db library "/lib/libthread_db.so.1".

(gdb) set args -f /home/destiney/pdo_mysql.php -c /etc/php/cli-php5/php.ini
(gdb) run
Starting program: /home/destiney/php-5.0.3/sapi/cli/php -f /home/destiney/pdo_mysql.php -c /etc/php/cli-php5/php.ini
[Thread debugging using libthread_db enabled]
[New Thread 16384 (LWP 23893)]
1       destiney
2       fred
3       andrea
4       chris

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 23893)]
0x081dde6d in _zval_dtor (zvalue=0x83038f4,
    __zend_filename=0x8252da0 "/home/destiney/php-5.0.3/Zend/zend_execute_API.c",
    __zend_lineno=392) at /home/destiney/php-5.0.3/Zend/zend_variables.c:61
61                                      Z_OBJ_HT_P(zvalue)->del_ref(zvalue TSRMLS_CC);
(gdb) bt
#0  0x081dde6d in _zval_dtor (zvalue=0x83038f4,
    __zend_filename=0x8252da0 "/home/destiney/php-5.0.3/Zend/zend_execute_API.c",
    __zend_lineno=392) at /home/destiney/php-5.0.3/Zend/zend_variables.c:61
#1  0x081d29fc in _zval_ptr_dtor (zval_ptr=0x8306cd8,
    __zend_filename=0x8253ca0 "/home/destiney/php-5.0.3/Zend/zend_variables.c", __zend_lineno=193)
    at /home/destiney/php-5.0.3/Zend/zend_execute_API.c:392
#2  0x081de184 in _zval_ptr_dtor_wrapper (zval_ptr=0x8306cd8)
    at /home/destiney/php-5.0.3/Zend/zend_variables.c:193
#3  0x081e81b7 in zend_hash_apply_deleter (ht=0x82740b0, p=0x8306ccc)
    at /home/destiney/php-5.0.3/Zend/zend_hash.c:574
#4  0x081e8408 in zend_hash_graceful_reverse_destroy (ht=0x82740b0)
    at /home/destiney/php-5.0.3/Zend/zend_hash.c:640
#5  0x081d2333 in shutdown_executor () at /home/destiney/php-5.0.3/Zend/zend_execute_API.c:208
#6  0x081df560 in zend_deactivate () at /home/destiney/php-5.0.3/Zend/zend.c:818
#7  0x08198903 in php_request_shutdown (dummy=0x0) at /home/destiney/php-5.0.3/main/main.c:1212
#8  0x08214164 in main (argc=5, argv=0xbfffe814)
    at /home/destiney/php-5.0.3/sapi/cli/php_cli.c:1046
(gdb) kill
Kill the program being debugged? (y or n) y
(gdb) quit
 [2005-05-01 00:28 UTC] wez@php.net
If you set $pdo = null; at the bottom of the script, does that cure your segfault?

If so, this is due to a bug in the zend engine, which incorrectly unloads extensions before calling the destructors for PDO objects.

This bug is already fixed in HEAD, and I'll see about back-porting the fix to the stable branches.
 [2005-05-01 09:11 UTC] destiney at gmail dot com
No.  Adding $pdo = null; to the bottom of my script has no effect.
 [2005-05-13 13:36 UTC] wez@php.net
does the bug go away if you load the extension via the php.ini file?
 [2005-05-13 14:43 UTC] destiney at gmail dot com
No, the segfault does not occur when I load the extensions via the php.ini.  The run no longer segfaults and looks something like this:

> ./pdo_mysql.php 
1       destiney
2       fred
3       andrea
4       chris
/home/destiney/PDO-0.3/pdo_stmt.c(1942) :  Freeing 0x0861C37C (4 bytes), script=./pdo_mysql.php
Last leak repeated 3 times
/var/tmp/portage/php-5.0.3-r1/work/php-5.0.3/Zend/zend_API.c(984) :  Freeing 0x0861C324 (35 bytes), script=./pdo_mysql.php
/var/tmp/portage/php-5.0.3-r1/work/php-5.0.3/Zend/zend_hash.c(383) : Actual location (location was relayed)
Last leak repeated 7 times
/var/tmp/portage/php-5.0.3-r1/work/php-5.0.3/Zend/zend_hash.c(242) :  Freeing 0x0861C2CC (40 bytes), script=./pdo_mysql.php
Last leak repeated 7 times
/home/destiney/PDO-0.3/pdo_stmt.c(470) :  Freeing 0x0861C294 (6 bytes), script=./pdo_mysql.php
Last leak repeated 7 times
/home/destiney/PDO-0.3/pdo_stmt.c(829) :  Freeing 0x0861C254 (16 bytes), script=./pdo_mysql.php
Last leak repeated 7 times
/home/destiney/PDO-0.3/pdo_stmt.c(1970) :  Freeing 0x0861C144 (16 bytes), script=./pdo_mysql.php
Last leak repeated 2 times
/home/destiney/PDO-0.3/pdo_stmt.c(735) :  Freeing 0x0861C09C (32 bytes), script=./pdo_mysql.php
/var/tmp/portage/php-5.0.3-r1/work/php-5.0.3/Zend/zend_hash.c(169) : Actual location (location was relayed)
Last leak repeated 7 times
/home/destiney/PDO-0.3/pdo_stmt.c(2007) :  Freeing 0x08616FF4 (16 bytes), script=./pdo_mysql.php
=== Total 48 memory leaks detected ===


> ./pdo_pgsql.php 
1       destiney
2       fred
3       andrea
4       chris
/home/destiney/PDO-0.3/pdo_stmt.c(1942) :  Freeing 0x0861664C (4 bytes), script=./pdo_pgsql.php
Last leak repeated 3 times
/var/tmp/portage/php-5.0.3-r1/work/php-5.0.3/Zend/zend_API.c(984) :  Freeing 0x086165F4 (35 bytes), script=./pdo_pgsql.php
/var/tmp/portage/php-5.0.3-r1/work/php-5.0.3/Zend/zend_hash.c(383) : Actual location (location was relayed)
Last leak repeated 7 times
/var/tmp/portage/php-5.0.3-r1/work/php-5.0.3/Zend/zend_hash.c(242) :  Freeing 0x0861659C (40 bytes), script=./pdo_pgsql.php
Last leak repeated 7 times
/home/destiney/PDO-0.3/pdo_stmt.c(829) :  Freeing 0x0861655C (16 bytes), script=./pdo_pgsql.php
Last leak repeated 7 times
/home/destiney/PDO-0.3/pdo_stmt.c(470) :  Freeing 0x086164E4 (6 bytes), script=./pdo_pgsql.php
Last leak repeated 3 times
/home/destiney/PDO-0.3/pdo_stmt.c(1970) :  Freeing 0x0861644C (16 bytes), script=./pdo_pgsql.php
Last leak repeated 2 times
/home/destiney/PDO-0.3/pdo_stmt.c(735) :  Freeing 0x086163A4 (32 bytes), script=./pdo_pgsql.php
/var/tmp/portage/php-5.0.3-r1/work/php-5.0.3/Zend/zend_hash.c(169) : Actual location (location was relayed)
Last leak repeated 7 times
/home/destiney/PDO-0.3/pdo_stmt.c(2007) :  Freeing 0x086158D4 (16 bytes), script=./pdo_pgsql.php
=== Total 44 memory leaks detected ===
 [2005-07-02 23:05 UTC] wez@php.net
Please try the next PHP 5.1 snapshot from http://snaps.php.net
 [2005-10-23 09:31 UTC] mike@php.net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.


 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Mon Oct 18 18:03:40 2021 UTC