|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #6215 php core dumps on selects with blob columns
Submitted: 2000-08-17 09:49 UTC Modified: 2000-11-09 14:48 UTC
From: helmut dot koeberle at bytec dot de Assigned: danny (profile)
Status: Closed Package: Informix related
PHP Version: 4.0.3pl1 OS: Linux RedHat 6.1/6.2
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
Solve the problem:
37 - 8 = ?
Subscribe to this entry?

 [2000-08-17 09:49 UTC] helmut dot koeberle at bytec dot de
./configure \
    --prefix=/usr \
    --with-informix \
    --without-mysql \
    --enable-debug \

example script:


$cid = ifx_connect("php_tests");
if (! $cid) { ifx_error(); ifx_errormsg(); die; }


$rid = ifx_prepare("select doc from xxx", $cid);
if (! $rid) { ifx_error(); ifx_errormsg(); die; }
if (! ifx_do($rid)) { ifx_error(); ifx_errormsg(); die; }

$row = ifx_fetch_row($rid);
$blob = ifx_get_blob($row["doc"]);



gdb backtrace:

#0  0x4023ef93 in __libc_free (mem=0x80e964d) at malloc.c:3012
3012    malloc.c: No such file or directory.
(gdb) bt
#0  0x4023ef93 in __libc_free (mem=0x80e964d) at malloc.c:3012
#1  0x806ffa5 in php3_intifx_create_tmpfile (bid=1)
    at /tmp/php-4.0.1pl2/ext/informix/
#2  0x806d186 in php_if_ifx_do (ht=1, return_value=0x8151614, this_ptr=0x0, 
    return_value_used=1) at /tmp/php-4.0.1pl2/ext/informix/
#3  0x80e08f9 in execute (op_array=0x8132604) at ./zend_execute.c:1558
#4  0x805d7cb in php_execute_script (primary_file=0xbffffa44) at main.c:1157
#5  0x805c1c9 in main (argc=2, argv=0xbffffaa4) at cgi_main.c:661

with ifx_blobinfile_mode(0) the error goes to:

#0  0x806fb58 in php3_intifx_free_blob (bid=0, list=0x812b138)
    at /tmp/php-4.0.1pl2/ext/informix/
3429     if (type!=IFXL(le_idresult) && !(Ifx_blob->type==TYPE_BLTEXT || Ifx_blob->type==TYPE_BLBYTE)) {
(gdb) bt
#0  0x806fb58 in php3_intifx_free_blob (bid=0, list=0x812b138)
    at /tmp/php-4.0.1pl2/ext/informix/
#1  0x806fb17 in php_if_ifx_free_blob (ht=1, return_value=0x818872c, 
    this_ptr=0x0, return_value_used=0)
    at /tmp/php-4.0.1pl2/ext/informix/
#2  0x80e08f9 in execute (op_array=0x8132604) at ./zend_execute.c:1558
#3  0x805d7cb in php_execute_script (primary_file=0xbffffa34) at main.c:1157
#4  0x805c1c9 in main (argc=2, argv=0xbffffa94) at cgi_main.c:661

if i convert some of the free-statements in 
php3_intifx_create_tmpfile() to efree-statements,
then the blob is stored in a tempfile, but php 
also dumps core in php3_intifx_free_blob().


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2000-09-04 17:01 UTC]
It is caused by the "tempnam()" function that fails for some reason or other
and the return value is not checked so that free gets called with NULL as

I don't know why tempnam() fails on you but not checking the return value
of tempnam() is a bug that will be fixed.

 [2000-09-04 17:20 UTC]
Fixed the crash caused by the invalid free() in the current CVS, but you will still have to find out why tempnam() fails on your system.

 [2000-10-18 09:12 UTC] helmut dot koeberle at bytec dot de
Changed to Version 4.0.3pl1 with the following error:

Program received signal SIGSEGV, Segmentation fault.
0x8087cbf in php3_intifx_get_blob (bid=0, list=0x81dc084, content=0xbfffe198)
    at /ali1/btc/src/apache/php-4.0.3pl1/ext/informix/
3622     if (type!=IFXL(le_idresult) && !(Ifx_blob->type==TYPE_BLTEXT || Ifx_blob->type==TYPE_BLBYTE)) {
(gdb) bt
#0  0x8087cbf in php3_intifx_get_blob (bid=0, list=0x81dc084, 
    at /ali1/btc/src/apache/php-4.0.3pl1/ext/informix/
#1  0x8087c40 in php_if_ifx_get_blob (ht=1, return_value=0x823b96c, 
    this_ptr=0x0, return_value_used=1)
    at /ali1/btc/src/apache/php-4.0.3pl1/ext/informix/
#2  0x80fc9ec in execute (op_array=0x82084fc) at ./zend_execute.c:1519
#3  0x80d9bf8 in zend_execute_scripts (type=8, file_count=3) at zend.c:717
#4  0x8068821 in php_execute_script (primary_file=0xbffff854) at main.c:1200
#5  0x80671b9 in main (argc=2, argv=0xbffff8b4) at cgi_main.c:715

 [2000-10-30 12:30 UTC] helmut dot koeberle at bytec dot de
In line 3621 of
Ifx_blob = (IFX_IDRES *) zend_list_find(bid,&type);
returns NULL and therefore in line 3622
if (type!=IFXL(le_idresult) && !(Ifx_blob->type==TYPE_BLTEXT || Ifx_blob->
gets a SIGSEGV

We use INFORMIX-ESQL Version 9.30.UC1 and we can reproduce
this problem on RedHat, SuSE and Debian.
 [2000-11-09 14:48 UTC]
It was a user coding error, but using blob_in_file mode actually crashed 
php4 when generating the temp file by freeing memory that was never

This crash is fixed in current CVS.

The erroneous script code :
  $blob = ifx_get_blob($row["doc"]);
  ifx_free_blob($blob); // $blob is not a blob id !

The correct script code :
  $blob_id = $row["doc"]; // first get the blob id
  $blob     = ifx_get_blob($blob_id);
  ifx_free_blob($blob_id); // free the blob id

You have to free the blob identifier, not the blob 
(which is a file name anyway in this case).

PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri May 24 01:01:31 2024 UTC