php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #57778 Segmentation fault on BLOB columns
Submitted: 2007-08-08 08:12 UTC Modified: 2012-06-26 22:20 UTC
From: martin at divbyzero dot net Assigned: sixd
Status: Closed Package: *General Issues
PHP Version: 5.2.1 OS: Linux
Private report: No CVE-ID:
 [2007-08-08 08:12 UTC] martin at divbyzero dot net
Description:
------------
I'm experiencing segmentation faults when SELECT'ing BLOB-columns from Oracle 10 XE using PDO_oci from PHP 5.2.4 RC1 on Apache 2.

The segmentation fault does not occur in every request, so make sure that you run the reproducing code several times if you see no crash on the first run.

Reproduce code:
---------------
<?php
$db = new PDO("oci:dbname=//localhost/XE", "user", "password");

$db->query("DROP TABLE test");
$db->query("CREATE TABLE test (a blob)");

# Fill test table with some data.  It is 
# important than the table contains more 
#than one row.
$db->beginTransaction();

$insert = $db->prepare("INSERT INTO test (a) VALUES (EMPTY_BLOB()) RETURNING a INTO :a");
$insert->bindParam(":a", $a, PDO::PARAM_LOB);

foreach (array("hello world", "guten tag") as $text) {
    $a = null;
    $insert->execute();
    fwrite($a, $text);
    fclose($a);
}

$db->commit();

# Now go ahead and select the data from the table.
$sth = $db->prepare("SELECT a FROM test");
$sth->execute();

while ($row = $sth->fetch()) {
    var_dump($row);
}


Expected result:
----------------
No segmentation fault.

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 28430)]
0x4175d027 in kgghstdestr () from /usr/lib/oracle/xe/app/oracle/product/10.2.0/server/lib/libclntsh.so.10.1
(gdb) bt
#0  0x4175d027 in kgghstdestr () from /usr/lib/oracle/xe/app/oracle/product/10.2.0/server/lib/libclntsh.so.10.1
#1  0x41495201 in kpmterm () from /usr/lib/oracle/xe/app/oracle/product/10.2.0/server/lib/libclntsh.so.10.1
#2  0x4132bd38 in kpufhndl0 () from /usr/lib/oracle/xe/app/oracle/product/10.2.0/server/lib/libclntsh.so.10.1
#3  0x4132a7d0 in kpufhndl () from /usr/lib/oracle/xe/app/oracle/product/10.2.0/server/lib/libclntsh.so.10.1
#4  0x413fc644 in OCIHandleFree () from /usr/lib/oracle/xe/app/oracle/product/10.2.0/server/lib/libclntsh.so.10.1
#5  0x40be6bd2 in oci_handle_closer (dbh=0x424cb03c) at /home/martin/src/php-5.2.4RC1/ext/pdo_oci/oci_driver.c:193
#6  0x40bdd3e0 in dbh_free (dbh=0x424cae8c) at /home/martin/src/php-5.2.4RC1/ext/pdo/pdo_dbh.c:1398
#7  0x40dc2187 in zend_objects_store_del_ref_by_handle (handle=1) at /home/martin/src/php-5.2.4RC1/Zend/zend_objects_API.c:206
#8  0x40dc21c7 in zend_objects_store_del_ref (zobject=0x424cae1c) at /home/martin/src/php-5.2.4RC1/Zend/zend_objects_API.c:168
#9  0x40d9a609 in _zval_ptr_dtor (zval_ptr=0x424cb080) at /home/martin/src/php-5.2.4RC1/Zend/zend_variables.h:35
#10 0x40dafe17 in zend_hash_apply_deleter (ht=0x40f33230, p=0x424cb074) at /home/martin/src/php-5.2.4RC1/Zend/zend_hash.c:611
#11 0x40daff18 in zend_hash_reverse_apply (ht=0x40f33230, apply_func=0x40d99d30 <zval_call_destructor>) at /home/martin/src/php-5.2.4RC1/Zend/zend_hash.c:760
#12 0x40d9a56e in shutdown_destructors () at /home/martin/src/php-5.2.4RC1/Zend/zend_execute_API.c:211
#13 0x40da6840 in zend_call_destructors () at /home/martin/src/php-5.2.4RC1/Zend/zend.c:845
#14 0x40d67e68 in php_request_shutdown (dummy=0x0) at /home/martin/src/php-5.2.4RC1/main/main.c:1401
#15 0x40e1f2dd in php_handler (r=0x83ca9e0) at /home/martin/src/php-5.2.4RC1/sapi/apache2handler/sapi_apache2.c:471
#16 0x08074587 in ap_run_handler ()
#17 0x08077731 in ap_invoke_handler ()
#18 0x08084728 in ap_process_request ()
#19 0x080819ce in ap_register_input_filter ()
#20 0x0807b3c7 in ap_run_process_connection ()
#21 0x08088704 in ap_graceful_stop_signalled ()
#22 0x08088964 in ap_graceful_stop_signalled ()
#23 0x0808972a in ap_mpm_run ()
#24 0x080621ef in main ()


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-03-28 11:37 UTC] felix dot nensa at gmail dot com
I ran into exactly the same problem. Did anybody find a solution meanwhile?
 [2008-05-16 17:00 UTC] Marc dot stpierre at doj dot ca dot gov
I am having a similar problem and I am hoping someone has some light to shine on this issue????
 [2009-04-07 09:08 UTC] marcelo dot serique at gmail dot com
Same problem here.

PHP:

PHP 5.2.6 (built: Apr  2 2009 10:09:59) 
Copyright (c) 1997-2008 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies
    with Xdebug v2.0.4, Copyright (c) 2002-2008, by Derick Rethans


BT:

#0  0xb57c5ebf in slaac_int ()
   from /opt/oracle/instantclient_11_1/libclntsh.so.11.1
#1  0xb57c5df3 in slrac ()
   from /opt/oracle/instantclient_11_1/libclntsh.so.11.1
#2  0xb63c0b19 in sskgds_plt_adjust ()
   from /opt/oracle/instantclient_11_1/libclntsh.so.11.1
#3  0xb63c134f in sskgds_find_rtn_hdr ()
   from /opt/oracle/instantclient_11_1/libclntsh.so.11.1
#4  0xb63b964b in skgdstpcs ()
   from /opt/oracle/instantclient_11_1/libclntsh.so.11.1
#5  0xb60dfae5 in kgdsdst ()
   from /opt/oracle/instantclient_11_1/libclntsh.so.11.1
#6  0xb5c7413a in skgudmp ()
   from /opt/oracle/instantclient_11_1/libclntsh.so.11.1
#7  0xb60ad9fa in kgeriv_int ()
   from /opt/oracle/instantclient_11_1/libclntsh.so.11.1
#8  0xb60aec0f in kgeriv ()
   from /opt/oracle/instantclient_11_1/libclntsh.so.11.1
#9  0xb60aeab1 in kgeric1 ()
   from /opt/oracle/instantclient_11_1/libclntsh.so.11.1
#10 0xb6099824 in kgherror ()
   from /opt/oracle/instantclient_11_1/libclntsh.so.11.1
#11 0xb691bc63 in kghfre ()
   from /opt/oracle/instantclient_11_1/libclntsh.so.11.1
#12 0xb6878d01 in kpuhhfre ()
   from /opt/oracle/instantclient_11_1/libclntsh.so.11.1
#13 0xb538e346 in kpufdesc2 ()
   from /opt/oracle/instantclient_11_1/libclntsh.so.11.1
#14 0xb538dbb1 in kpufdesc ()
   from /opt/oracle/instantclient_11_1/libclntsh.so.11.1
#15 0xb536720e in OCIDescriptorFree ()
   from /opt/oracle/instantclient_11_1/libclntsh.so.11.1
#16 0xb80c829c in oci_blob_close (stream=0x9557724, close_handle=1)
    at /home/marcelo/src/php5-5.2.6.dfsg.1/ext/pdo_oci/oci_statement.c:652
#17 0xb733ec6d in _php_stream_free (stream=0x9557724, 
    close_options=<value optimized out>)
    at /home/marcelo/src/php5-5.2.6.dfsg.1/main/streams/streams.c:346
#18 0xb733eecb in stream_resource_regular_dtor (rsrc=0x9bc46a4)
    at /home/marcelo/src/php5-5.2.6.dfsg.1/main/streams/streams.c:1356
#19 0xb73797b2 in list_entry_destructor (ptr=0x9bc46a4)
    at /home/marcelo/src/php5-5.2.6.dfsg.1/Zend/zend_list.c:184
#20 0xb7376bc2 in zend_hash_del_key_or_index (ht=0xb7655820, 
    arKey=0x9a61f40 "\030", nKeyLength=0, h=211, flag=1)
    at /home/marcelo/src/php5-5.2.6.dfsg.1/Zend/zend_hash.c:497
#21 0xb7379a00 in _zend_list_delete (id=211)
    at /home/marcelo/src/php5-5.2.6.dfsg.1/Zend/zend_list.c:58
#22 0xb7360050 in _zval_ptr_dtor (zval_ptr=0x9ba6068)
    at /home/marcelo/src/php5-5.2.6.dfsg.1/Zend/zend_variables.h:35
#23 0xb7376a5e in zend_hash_destroy (ht=0x9b9841c)
    at /home/marcelo/src/php5-5.2.6.dfsg.1/Zend/zend_hash.c:526
#24 0xb736c5b5 in _zval_dtor_func (zvalue=0x9bc3ce8)
    at /home/marcelo/src/php5-5.2.6.dfsg.1/Zend/zend_variables.c:43
#25 0xb738a538 in _zval_dtor (zvalue=0xb6b5803c)
    at /home/marcelo/src/php5-5.2.6.dfsg.1/Zend/zend_variables.h:35
#26 0xb73cddbf in zend_assign_to_variable (result=0xafbb3b70, 
    op1=<value optimized out>, op2=0xafbb3b98, value=0x9bc7c60, type=4, 
    Ts=0xbfce0dc0)
    at /home/marcelo/src/php5-5.2.6.dfsg.1/Zend/zend_execute.c:804
#27 0xb73ce375 in ZEND_ASSIGN_SPEC_VAR_VAR_HANDLER (execute_data=0xbfce109c)
    at /home/marcelo/src/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:12365
#28 0xb738db00 in execute (op_array=0xafbfb194)
    at /home/marcelo/src/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:92
#29 0xb6b996bc in xdebug_execute (op_array=0xafbfb194)
    at /tmp/pear/temp/xdebug/xdebug.c:1561
#30 0xb739f706 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfce12fc)
    at /home/marcelo/src/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:234
#31 0xb738db00 in execute (op_array=0x9ae2078)
    at /home/marcelo/src/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:92
#32 0xb6b996bc in xdebug_execute (op_array=0x9ae2078)
---Type <return> to continue, or q <return> to quit---
    at /tmp/pear/temp/xdebug/xdebug.c:1561
#33 0xb739f706 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfce17ac)
    at /home/marcelo/src/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:234
#34 0xb738db00 in execute (op_array=0x99b323c)
    at /home/marcelo/src/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:92
#35 0xb6b996bc in xdebug_execute (op_array=0x99b323c)
    at /tmp/pear/temp/xdebug/xdebug.c:1561
#36 0xb739f706 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfce563c)
    at /home/marcelo/src/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:234
#37 0xb738db00 in execute (op_array=0x98a0eec)
    at /home/marcelo/src/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:92
#38 0xb6b996bc in xdebug_execute (op_array=0x98a0eec)
    at /tmp/pear/temp/xdebug/xdebug.c:1561
#39 0xb73902d9 in ZEND_INCLUDE_OR_EVAL_SPEC_CV_HANDLER (
    execute_data=0xbfce59cc)
    at /home/marcelo/src/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:20035
#40 0xb738db00 in execute (op_array=0x96c2184)
    at /home/marcelo/src/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:92
#41 0xb6b996bc in xdebug_execute (op_array=0x96c2184)
    at /tmp/pear/temp/xdebug/xdebug.c:1561
#42 0xb739f706 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfce6bdc)
    at /home/marcelo/src/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:234
#43 0xb738db00 in execute (op_array=0x972dc00)
---Type <return> to continue, or q <return> to quit---
    at /home/marcelo/src/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:92
#44 0xb6b996bc in xdebug_execute (op_array=0x972dc00)
    at /tmp/pear/temp/xdebug/xdebug.c:1561
#45 0xb739f706 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfce714c)
    at /home/marcelo/src/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:234
#46 0xb738db00 in execute (op_array=0x972de70)
    at /home/marcelo/src/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:92
#47 0xb6b996bc in xdebug_execute (op_array=0x972de70)
    at /tmp/pear/temp/xdebug/xdebug.c:1561
#48 0xb739f706 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfce767c)
    at /home/marcelo/src/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:234
#49 0xb738db00 in execute (op_array=0x95575dc)
    at /home/marcelo/src/php5-5.2.6.dfsg.1/Zend/zend_vm_execute.h:92
#50 0xb6b996bc in xdebug_execute (op_array=0x95575dc)
    at /tmp/pear/temp/xdebug/xdebug.c:1561
#51 0xb736c882 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /home/marcelo/src/php5-5.2.6.dfsg.1/Zend/zend.c:1134
#52 0xb732a6e9 in php_execute_script (primary_file=0xbfce99b8)
    at /home/marcelo/src/php5-5.2.6.dfsg.1/main/main.c:2005
#53 0xb73d810f in php_handler (r=0x959d598)
    at /home/marcelo/src/php5-5.2.6.dfsg.1/sapi/apache2handler/sapi_apache2.c:629
#54 0x0807e6d5 in ap_run_handler ()
#55 0x0807ee19 in ap_invoke_handler ()
#56 0x0809dc87 in ap_process_request ()
#57 0x0809aa11 in ap_process_http_connection ()
#58 0x080872e7 in ap_run_process_connection ()
#59 0x08087768 in ap_process_connection ()
#60 0x080c0901 in child_main ()
#61 0x080c09f4 in make_child ()
#62 0x080c0f98 in ap_mpm_run ()
#63 0x08067bde in main ()
 [2012-06-26 22:20 UTC] sixd@php.net
-Status: Open +Status: Closed -Package: PDO_OCI +Package: *General Issues -Assigned To: +Assigned To: sixd
 [2012-06-26 22:20 UTC] sixd@php.net
Closing as a dup of https://bugs.php.net/bug.php?id=57702 because that bug has a 
patch.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 23 18:01:55 2014 UTC