php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #62534 Segmentation Fault inside module ibm_db2
Submitted: 2012-07-11 16:27 UTC Modified: 2012-10-30 15:20 UTC
From: apha at apha dot com dot br Assigned: rahulpriyadarshi (profile)
Status: Closed Package: ibm_db2 (PECL)
PHP Version: 5.4.4 OS: SUSE 10.3 (S390x)
Private report: No CVE-ID: None
 [2012-07-11 16:27 UTC] apha at apha dot com dot br
Description:
------------
I've changed my PHP version from 5.3.10 to 5.4.4 with ibm_db2 1.9.3. Compilation and Installation works perfect, but when I use the function db2_execute to insert data (such as test script posted), I received Segmentation Fault. I've tried to compile ibm_db2 with PHP and as module and in both case I have the same error.

System/PHP/etc

OS version / HW information:

$ cat /etc/SuSE-release
SUSE Linux Enterprise Server 10 (s390x)
VERSION = 10
PATCHLEVEL = 3
$ uname -a 
Linux hows004gcc 2.6.16.60-0.83.2-default #1 SMP Fri Sep 2 13:49:16 UTC 2011 s390x s390x s390x GNU/Linux


PHP version / Compile line:

$ /usr/local/php/bin/php -v
PHP 5.4.4 (cli) (built: Jul 11 2012 12:01:18) (DEBUG)
Copyright (c) 1997-2012 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2012 Zend Technologies


Configure Command =>  './configure'  '--prefix=/usr/local/php5.4.4' '--enable-debug' '--with-apxs2=/usr/local/apache2lab/bin/apxs' '--with-libxml-dir=/usr/local/libxml/' '--enable-calendar' '--with-ldap' '--with-pdo-ibm=/opt/ibm/db2/V9.5/' '--with-pdo-odbc=ibm-db2,/home/db2inst3/sqllib/' '--with-gd' '--with-jpeg-dir=/usr/lib'

How I've installed ibm_db2 1.9.3 as module:

$ /usr/local/php/bin/phpize
$ ./configure --with-php-config=/usr/local/php/bin/php-config --with-IBM_DB2=/opt/ibm/db2/V9.5/
$ make


To bypass the problem reported, I commeted out (with //) the instruction efree inside ibm_db2.c on line 4253, and just set NULL to the pointer;

                         /* Free Values */
                        if (prev_ptr->value != NULL) {
                                if ( Z_TYPE_P(prev_ptr->value) == IS_STRING ) {
                                        if((prev_ptr->value)->value.str.val != NULL || (prev_ptr->value)->value.str.len != 0) {
                                                //efree((prev_ptr->value)->value.str.val); 
 						(prev_ptr->value)->value.str.val = NULL;
                                        }
                                }

After that, insert data into Db2 start to work as expected. It's just a workaround to test. So I'd like to know if exist any patch for it.

Thanks in advance,
Raphael Gallo

Test script:
---------------
The code I'm using to test:

cat /tmp/tst.php
<?php

require_once("/tmp/db.inc.php");

$conn = db2_connect(DB,USER,PASS);

$sqlInsert = "INSERT INTO ROADMAP.ROADMAP (TITLE, DESCRIPTION,  PLATFORM, POOL, POD, DELETED, PUBLISHED) VALUES (?,?,?,?,?, 'N' , 'N' )";

$arg = array('Roadmap','Roadmap','GR2','POOL2','POD2');
print_r($arg);
$stmt = db2_prepare($conn,$sqlInsert);

if ($stmt) {
   print_r("BEFORE DB2_EXECUTE\r\n");
   echo db2_execute($stmt,$arg);
   print_r("AFTER DB2_EXECUTE\r\n");
   echo db2_stmt_errormsg($stmt);
}

echo "END\r\n";

?>

Expected result:
----------------
$ /usr/local/php/bin/php /tmp/tst.php
Array
(
    [0] => Roadmap
    [1] => Roadmap
    [2] => GR2
    [3] => POOL2
    [4] => POD2
)
BEFORE DB2_EXECUTE
1AFTER DB2_EXECUTE
END


Actual result:
--------------
$ /usr/local/php/bin/php /tmp/tst.php
Array
(
    [0] => Roadmap
    [1] => Roadmap
    [2] => GR2
    [3] => POOL2
    [4] => POD2
)
BEFORE DB2_EXECUTE
Segmentation fault


With backtrace (FULL):
$ gdb /usr/local/php/bin/php
GNU gdb (GDB) SUSE (6.8.50.20090302-1.5.18)
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "s390x-suse-linux".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
(gdb) run /tmp/tst.php
Starting program: /usr/local/php5.4.4/bin/php /tmp/tst.php
Missing separate debuginfo for /lib/ld64.so.1
Missing separate debuginfo for /lib64/libcrypt.so.1
Missing separate debuginfo for /lib64/librt.so.1
Missing separate debuginfo for /usr/lib64/libldap-2.3.so.0
Missing separate debuginfo for /usr/lib64/libpng.so.3
Missing separate debuginfo for /lib64/libz.so.1
Missing separate debuginfo for /usr/lib64/libjpeg.so.62
Missing separate debuginfo for /lib64/libm.so.6
Missing separate debuginfo for /lib64/libnsl.so.1
Missing separate debuginfo for /usr/lib64/libxml2.so.2
Missing separate debuginfo for /lib64/libdl.so.2
Missing separate debuginfo for /lib64/libc.so.6
Missing separate debuginfo for /usr/lib64/liblber-2.3.so.0
Missing separate debuginfo for /lib64/libresolv.so.2
Missing separate debuginfo for /lib64/libpthread.so.0
[Thread debugging using libthread_db enabled]
Missing separate debuginfo for /usr/lib64/libsasl2.so.2
Missing separate debuginfo for /usr/lib64/libssl.so.0.9.8
Missing separate debuginfo for /usr/lib64/libcrypto.so.0.9.8
Missing separate debuginfo for /lib64/libpam.so.0
Missing separate debuginfo for /usr/lib64/libstdc++.so.5
Missing separate debuginfo for /lib64/libgcc_s.so.1
Missing separate debuginfo for /lib64/libaudit.so.0
Missing separate debuginfo for /lib64/libnss_files.so.2
Array
(
    [0] => Roadmap
    [1] => Roadmap
    [2] => GR2
    [3] => POOL2
    [4] => POD2
)
BEFORE DB2_EXECUTE

Program received signal SIGSEGV, Segmentation fault.
0x00000000805293ca in zend_mm_check_ptr (heap=0x80ba0710, ptr=0x20002887f18, silent=1, __zend_filename=0x200029fddfe "/tmp/php-5.4.4/ext/ibm_db2/ibm_db2.c",
    __zend_lineno=4253, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /tmp/php-5.4.4/Zend/zend_alloc.c:1380
1380            if (p->info._size != ZEND_MM_NEXT_BLOCK(p)->info._prev) {
(gdb) bt full
#0  0x00000000805293ca in zend_mm_check_ptr (heap=0x80ba0710, ptr=0x20002887f18, silent=1, __zend_filename=0x200029fddfe "/tmp/php-5.4.4/ext/ibm_db2/ibm_db2.c",
    __zend_lineno=4253, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /tmp/php-5.4.4/Zend/zend_alloc.c:1380
        p = 0x20002887ec8
        no_cache_notice = 0
        had_problems = 0
        valid_beginning = 1
#1  0x000000008052b918 in _zend_mm_free_int (heap=0x80ba0710, p=0x20002887f18, __zend_filename=0x200029fddfe "/tmp/php-5.4.4/ext/ibm_db2/ibm_db2.c", __zend_lineno=4253,
    __zend_orig_filename=0x0, __zend_orig_lineno=0) at /tmp/php-5.4.4/Zend/zend_alloc.c:2064
        mm_block = 0x2000193d000
        next_block = 0x200029fea40
        size = 2199023312822
#2  0x000000008052d5fe in _efree (ptr=0x20002887f18, __zend_filename=0x200029fddfe "/tmp/php-5.4.4/ext/ibm_db2/ibm_db2.c", __zend_lineno=4253, __zend_orig_filename=0x0,
    __zend_orig_lineno=0) at /tmp/php-5.4.4/Zend/zend_alloc.c:2436
No locals.
#3  0x00000200029f2672 in zif_db2_execute (ht=2, return_value=0x2000285d948, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1)
    at /tmp/php-5.4.4/ext/ibm_db2/ibm_db2.c:4253
        argc = 2
        stmt_id = -1
        stmt = 0x2000285d790
        parameters_array = 0x2000285d718
        stmt_res = 0x2000285bba0
        rc = 0
        numOpts = 5
        i = 5
        bind_params = 1
        num = 5
        valuePtr = 0x2000285d948
        tmp_curr = 0x0
        prev_ptr = 0x20005316070
        curr_ptr = 0x20005316108
        data = 0x2000285d5f0
#4  0x00000000805cf864 in zend_do_fcall_common_helper_SPEC (execute_data=0x200028200e8) at /tmp/php-5.4.4/Zend/zend_vm_execute.h:642
        ret = 0x20002820338
        opline = 0x2000285b240
        should_change_scope = 0 '\0'
        fbc = 0x80c0d690
#5  0x00000000805d9b50 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0x200028200e8) at /tmp/php-5.4.4/Zend/zend_vm_execute.h:2219
        opline = 0x2000285b240
        fname = 0x2000285cb08
#6  0x00000000805cdaea in execute (op_array=0x2000285b690) at /tmp/php-5.4.4/Zend/zend_vm_execute.h:410
        ret = 0
        execute_data = 0x200028200e8
        nested = 1 '\1'
        original_in_execution = 0 '\0'
#7  0x000000008057961c in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /tmp/php-5.4.4/Zend/zend.c:1279
        files = {{__gpr = 5, __fpr = 0, __overflow_arg_area = 0x3ffffaaa4b0, __reg_save_area = 0x3ffffaaa410}}
        i = 1
        file_handle = 0x3ffffaada20
        orig_op_array = 0x0
        orig_retval_ptr_ptr = 0x0
---Type <return> to continue, or q <return> to quit---
#8  0x00000000804ab97e in php_execute_script (primary_file=0x3ffffaada20) at /tmp/php-5.4.4/main/main.c:2473
        realfile = "/tmp/tst.php\0\205\201\220\0\0\0\0\200\272\a\20\0\0\0\0\0\0^0\0\0\0\0\0\0\0\16\0\0\3\377\377\252\264\300\0\0\2\0\1\223\320\0\0\0\0\0\200\245\275H\0\0\0\0\200R}Z\0\0\3\377\377\252\264\300\0\0\0\0\200\246,\212\0\0\0\0\0\0\0\1\0\0\2\0\2\205IH\0\0\0\0\200\272\a\20\0\0\2\0\2\205H\370\0\0\0\0\200\272\a\20\0\0\0\0\0\0\2X\0\0\0\0\0\0\0\t\0\0\0\0\200\272\r\360\0\0\3\377\377\252\245\200\0\0\3\377\0\0\0\0\0\0\0\fhows\0\0\3\377\377\252\265H\0\0\2\0\1\223\320\0\0\0\0\0\200\245\303 \0\0\0\0\200R\265\352\0\0\0\0\0\0\0\0\0\0\3\377\0\0\0\17\0\0\0\0\200\2\264\234\0\0\3\377\377\252\265\200\0\0\0\0\0\0\1\302\0\0\3\377\377\252\340\200\0\0\0\0\200\2\264\234", '\0' <repeats 12 times>"\200"...
        __orig_bailout = 0x3ffffaad8b8
        __bailout = {{__jmpbuf = {{__gregs = {4398040930828, 4398040932480, 2147660956, 0, 2199023381648, 4398040921112, 2199049719808, 2158263200, 2152382281, 4398040919791},
                __fpregs = {0, 0, 0, 0, 0, 608, 2158412208, 2199065565792}}}, __mask_was_saved = 0, __saved_mask = {__val = {2199065530032, 2158414984, 2199065529720,
                2199065528904, 2199065530176, 0, 4398040932480, 2147660956, 0, 2199023381648, 4398040925568, 2199049719808, 2158416472, 2154889516, 4398040925568,
                2159775216}}}}
        prepend_file_p = 0x0
        append_file_p = 0x0
        prepend_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, isatty = 0, mmap = {len = 0,
                pos = 0, map = 0x0, buf = 0x0, old_handle = 0x0, old_closer = 0}, reader = 0, fsizer = 0, closer = 0}}, free_filename = 0 '\0'}
        append_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, isatty = 0, mmap = {len = 0,
                pos = 0, map = 0x0, buf = 0x0, old_handle = 0x0, old_closer = 0}, reader = 0, fsizer = 0, closer = 0}}, free_filename = 0 '\0'}
        old_cwd = 0x3ffffaaa4d0 ""
        use_heap = 0 '\0'
        retval = 0
#9  0x00000000807113cc in do_cli (argc=2, argv=0x3ffffaae098) at /tmp/php-5.4.4/sapi/cli/php_cli.c:988
        __orig_bailout = 0x3ffffaadcf8
        __bailout = {{__jmpbuf = {{__gregs = {4398040931860, 4398040932480, 2147660956, 0, 2199023381648, 4398040926008, 2199049719808, 2158416472, 2154892869, 4398040927687},
                __fpregs = {0, 0, 0, 0, 2158263176, 2152381225, 4398040931383, 0}}}, __mask_was_saved = 0, __saved_mask = {__val = {0, 0, 1, 0, 4398040930584, 2199049719808,
                2158416968, 2152478570, 4398040930584, 0, 4393751543813, 2159669352, 0, 0, 2199026131551, 2199023381648}}}}
        c = -1
        file_handle = {type = ZEND_HANDLE_MAPPED, filename = 0x3ffffaae400 "/tmp/tst.php", opened_path = 0x0, handle = {fd = 512, fp = 0x2000285aa68, stream = {
              handle = 0x2000285aa68, isatty = 0, mmap = {len = 615, pos = 0, map = 0x2000002b000, buf = 0x2000002b000 <Address 0x2000002b000 out of bounds>,
                old_handle = 0x80d365a0, old_closer = 0x805a4b60 <zend_stream_stdio_closer>}, reader = 0x805a4b08 <zend_stream_stdio_reader>,
              fsizer = 0x805a4bc0 <zend_stream_stdio_fsizer>, closer = 0x805a4d5c <zend_stream_mmap_closer>}}, free_filename = 0 '\0'}
        behavior = 1
        reflection_what = 0x0
        request_started = 1
        exit_status = 0
        php_optarg = 0x0
        orig_optarg = 0x0
        php_optind = 2
        orig_optind = 1
        exec_direct = 0x0
        exec_run = 0x0
        exec_begin = 0x0
        exec_end = 0x0
        arg_free = 0x3ffffaae400 "/tmp/tst.php"
        arg_excp = 0x3ffffaae0a0
        script_file = 0x3ffffaae400 "/tmp/tst.php"
        translated_path = 0x80d367e0 "/tmp/tst.php"
        interactive = 0
        lineno = 1
        param_error = 0x0
        hide_argv = 0
#10 0x0000000080712c24 in main (argc=2, argv=0x3ffffaae098) at /tmp/php-5.4.4/sapi/cli/php_cli.c:1361
---Type <return> to continue, or q <return> to quit---
        __orig_bailout = 0x0
        __bailout = {{__jmpbuf = {{__gregs = {4398040931860, 4398040932480, 2147660956, 0, 2199023381648, 4398040931184, 2199049719808, 2158416968, 2154897679, 4398040928655},
                __fpregs = {0, 0, 0, 0, 1, 2199023386816, 4398040931616, 2199023382528}}}, __mask_was_saved = 0, __saved_mask = {__val = {2159494392, 2199049444032,
                2147640428, 4398040931632, 0, 4398040932504, 0, 2199065009424, 1, 0, 1, 8388608, 24641422, 2199023382656, 2154966628, 4398040932504}}}}
        c = -1
        exit_status = 0
        module_started = 1
        sapi_started = 1
        php_optarg = 0x0
        php_optind = 1
        use_extended_info = 0
        ini_path_override = 0x0
        ini_entries = 0x80ba0690 "html_errors=0\nregister_argc_argv=1\nimplicit_flush=1\noutput_buffering=0\nmax_execution_time=0\nmax_input_time=-1\n"
        ini_entries_len = 110
        ini_ignore = 0
        sapi_module = 0x80b7fa00
(gdb) quit


Patches

INTERNED_string (last revision 2012-10-22 07:45 UTC by rahulpriyadarshi@php.net)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-07-11 21:00 UTC] johannes@php.net
-Package: DBX related +Package: ibm_db2
 [2012-10-22 07:45 UTC] rahulpriyadarshi@php.net
The following patch has been added/updated:

Patch Name: INTERNED_string
Revision:   1350891958
URL:        https://bugs.php.net/patch-display.php?bug=62534&patch=INTERNED_string&revision=1350891958
 [2012-10-22 07:52 UTC] rahulpriyadarshi@php.net
-: apha at apha dot com dot br +: rahulpriyadarshi@php.net -Status: Open +Status: Analyzed -Assigned To: +Assigned To: rahulpriyadarshi
 [2012-10-22 07:52 UTC] rahulpriyadarshi@php.net
The above segmentation fault is coming due to INTERNED String changes in PHP-5.4.x. The solution provided by you has some memory leaks, I have created a intermediate patch for this issue.

Please give a try to this patch and let us know how it works for you.
 [2012-10-22 07:55 UTC] rahulpriyadarshi@php.net
-: rahulpriyadarshi@php.net +: johannes@php.net
 [2012-10-22 07:56 UTC] rahulpriyadarshi@php.net
The above segmentation fault is coming due to INTERNED String changes in PHP-5.4.x. The solution provided by you has some memory leaks, I have created a intermediate patch for this issue.

Please give a try to this patch and let us know how it works for you.
 [2012-10-30 15:20 UTC] apha at apha dot com dot br
I've patched ibm_db2 and it works fine as below:

$ ./php -f /tmp/tst.php
Array
(
    [0] => Roadmap
    [1] => Roadmap
    [2] => GR2
    [3] => POOL2
    [4] => POD2
)
BEFORE DB2_EXECUTE
1AFTER DB2_EXECUTE
END
$

Thanks for helping.
 [2012-10-30 15:20 UTC] apha at apha dot com dot br
-: johannes@php.net +: apha at apha dot com dot br -Status: Analyzed +Status: Closed
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Mon Oct 18 19:03:35 2021 UTC