php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #6561 PHP crashes while retrieving data from Oracle
Submitted: 2000-09-05 16:21 UTC Modified: 2000-10-19 15:22 UTC
From: edink at proventum dot net Assigned:
Status: Closed Package: Reproducible Crash
PHP Version: 4.0.2 OS: Linux 2.2 (RedHat 6.2)
Private report: No CVE-ID:
 [2000-09-05 16:21 UTC] edink at proventum dot net
Very hard to reproduce exactly. It happens while retrieving data from an Oracle 8 database. The same code works fine in 4.0.1pl2. The latest CVS (05/09/00) has the same problem.

It happens in the following code segment (please note that it works for some values of $parent while it fails on others):

---------------
    $reply=array();
    $cat=new Category;
    db_select("select * from $BASEDB.CATAGORY where PARENT_ID=$parent order by NAME");
    while (db_fetch_array($row))
      {
        $cat->id=$row["ID"];
        $cat->name=$row["NAME"];
        $cat->parent_id=$row["PARENT_ID"];
        $cat->is_leaf=($row["IS_LEAF"]=="Y"?1:0);
        $cat->custom=0;
        $reply[]=$cat;
      }
---------------
db_select will just do OciParse and then OciExecute, while db_fetch_array wraps OciFetchInto:

function db_fetch_array(&$a)
{
  global $DB_LINK, $STMT;
  $res=@ociFetchInto($STMT, $a, OCI_ASSOC+OCI_RETURN_NULLS+OCI_RETURN_LOBS);
  return $res;
}

Configure:
'./configure' '--enable-track-vars' '--disable-pear' '--with-ttf=/usr' '--with-ftp' '--with-gdbm' '--with-gd=/usr' '--with-oci8=/ora01/app/oracle/product/8.0.5' '--with-regex=system' '--enable-sysvsem' '--enable-sysvshm' '--enable-xml' '--disable-libtool-lock' '--with-apxs=/data/x5/apache/bin/apxs' '--disable-debug'

Backtrace:
(gdb) r -X
Starting program: /data/x5/apache/bin/httpd -X

Program received signal SIGSEGV, Segmentation fault.
0x4026747b in _efree (ptr=0x4034dd8c) at zend_alloc.c:212
212                     REMOVE_POINTER_FROM_LIST(p);
(gdb) bt
#0  0x4026747b in _efree (ptr=0x4034dd8c) at zend_alloc.c:212
#1  0x4027dc72 in _zval_dtor (zvalue=0x81bedcc) at zend_variables.c:62
#2  0x40277b3b in _zval_ptr_dtor (zval_ptr=0x81cfcc0) at zend_execute_API.c:261
#3  0x40281ff4 in zend_hash_destroy (ht=0x81a604c) at zend_hash.c:564
#4  0x4027dc8f in _zval_dtor (zvalue=0x81ceb4c) at zend_variables.c:69
#5  0x40277b3b in _zval_ptr_dtor (zval_ptr=0x81c1ae8) at zend_execute_API.c:261
#6  0x40282094 in zend_hash_clean (ht=0x814b4ec) at zend_hash.c:590
#7  0x4027296c in execute (op_array=0x814b004) at ./zend_execute.c:1575
#8  0x4027eed0 in zend_execute_scripts (type=8, file_count=3) at zend.c:713
#9  0x4028e272 in php_execute_script (primary_file=0xbffff854) at main.c:1178
#10 0x4028aed9 in apache_php_module_main (r=0x8131eec, display_source_mode=0) at sapi_apache.c:89
#11 0x4028b79b in send_php (r=0x8131eec, display_source_mode=0, filename=0x0) at mod_php4.c:503
#12 0x4028b7cc in send_parsed_php (r=0x8131eec) at mod_php4.c:514
#13 0x80542e3 in ap_invoke_handler ()
#14 0x8067819 in process_request_internal ()
#15 0x806787c in ap_process_request ()
#16 0x805f11e in child_main ()
#17 0x805f2ac in make_child ()
#18 0x805f409 in startup_children ()
#19 0x805fa36 in standalone_main ()
#20 0x80601c3 in main ()
#21 0x400ba9cb in __libc_start_main (main=0x805fe7c <main>, argc=2, argv=0xbffffa14, init=0x804e870 <_init>,
    fini=0x809419c <_fini>, rtld_fini=0x4000ae60 <_dl_fini>, stack_end=0xbffffa0c)
    at ../sysdeps/generic/libc-start.c:92

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2000-10-02 19:31 UTC] edink at proventum dot net

 [2000-10-19 15:22 UTC] edink at proventum dot net
Fixed in 4.0.3
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 24 19:01:53 2014 UTC