php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70221 persistent sqlite connection + custom function segfaults
Submitted: 2015-08-09 14:27 UTC Modified: 2015-08-09 19:13 UTC
From: shish+phpwtf at shishnet dot org Assigned:
Status: Closed Package: PDO SQLite
PHP Version: 7.0Git-2015-08-09 (Git) OS: linux
Private report: No CVE-ID:
 [2015-08-09 14:27 UTC] shish+phpwtf at shishnet dot org
Description:
------------
When using PDO with the sqlite engine and persistent connections, and adding a custom sqlite function, the process exits with status code 1 (which makes my unit tests fail) whether it is successful (should exit with 0) or not (should exit with 2)

- in php5.[456] the exit code is 0
- with persistent connections turned off, the exit is 0
- with no custom function, the exit is 0
- no exceptions are thrown, the script proceeds as though nothing is wrong
- if you add "exit(2)" to the end of the test script, you can see that even this "explicitly exit with code 2" exits with code 1 if an sqlite function has been added to a persistent connection.

I guess maybe there is some sort of "if using persistent connections, then add a register_shutdown_function() function which cleans up custom functions so that custom functions added to this connection won't affect following requests", and that code is calling exit(1)?

Test script:
---------------
<?php
$db = new PDO('sqlite:test.sqlite', null, null, array(PDO::ATTR_PERSISTENT => true));
function _test() { return 42; }
$db->sqliteCreateFunction('test', '_test', 0);
print("Everything is fine, no exceptions here\n");

Expected result:
----------------
the script should exit with code 0 (or code 2 if you add "exit(2);" at the end)

Actual result:
--------------
the script exits with code 1

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-08-09 16:21 UTC] cmb@php.net
-Status: Open +Status: Verified
 [2015-08-09 16:21 UTC] cmb@php.net
I can confirm that the script triggers a segfault during module
shutdown with current master (64a51893).

(gdb) bt
#0  0x00007ffff6cf53d7 in kill () at ../sysdeps/unix/syscall-template.S:81
#1  0x00000000006e6d27 in zend_mm_panic (
    message=0x99270d "zend_mm_heap corrupted")
    at /home/cmb/php-src/Zend/zend_alloc.c:357
#2  0x00000000006e897b in zend_mm_free_heap (heap=0x7ffff6800040,
    ptr=0x7ffff685e910,
    __zend_filename=0x8ed280 "/home/cmb/php-src/Zend/zend_string.h",
    __zend_lineno=271, __zend_orig_filename=0x0, __zend_orig_lineno=0)
    at /home/cmb/php-src/Zend/zend_alloc.c:1386
#3  0x00000000006ead4d in _efree (ptr=0x7ffff685e910,
    __zend_filename=0x8ed280 "/home/cmb/php-src/Zend/zend_string.h",
    __zend_lineno=271, __zend_orig_filename=0x0, __zend_orig_lineno=0)
    at /home/cmb/php-src/Zend/zend_alloc.c:2371
#4  0x00000000005a09e5 in zend_string_release (s=0x7ffff685e910)
    at /home/cmb/php-src/Zend/zend_string.h:271
#5  0x00000000005a481b in cls_method_dtor (el=0xcfdeb0)
    at /home/cmb/php-src/ext/pdo/pdo_dbh.c:1259
#6  0x000000000072f161 in zend_hash_destroy (ht=0xcfde10)
    at /home/cmb/php-src/Zend/zend_hash.c:1179
#7  0x00000000005a594a in dbh_free (dbh=0xcebe20, free_persistent=1 '\001')
    at /home/cmb/php-src/ext/pdo/pdo_dbh.c:1529
#8  0x00000000005a5bcc in php_pdo_pdbh_dtor (res=0xcfdc70)
    at /home/cmb/php-src/ext/pdo/pdo_dbh.c:1574
#9  0x0000000000732a84 in plist_entry_destructor (zv=0x7fffffffe370)
    at /home/cmb/php-src/Zend/zend_list.c:202
#10 0x000000000072e844 in _zend_hash_del_el_ex (
    ht=0xc3b8d0 <executor_globals+592>, idx=0, p=0xcfdd00, prev=0x0)
    at /home/cmb/php-src/Zend/zend_hash.c:935
#11 0x000000000072e924 in _zend_hash_del_el (
    ht=0xc3b8d0 <executor_globals+592>, idx=0, p=0xcfdd00)
    at /home/cmb/php-src/Zend/zend_hash.c:959
#12 0x000000000072fb42 in zend_hash_graceful_reverse_destroy (
    ht=0xc3b8d0 <executor_globals+592>)
    at /home/cmb/php-src/Zend/zend_hash.c:1405
#13 0x0000000000732b8a in zend_destroy_rsrc_list (
    ht=0xc3b8d0 <executor_globals+592>)
    at /home/cmb/php-src/Zend/zend_list.c:244
#14 0x0000000000719e95 in zend_shutdown ()
    at /home/cmb/php-src/Zend/zend.c:816
#15 0x0000000000696b5c in php_module_shutdown ()
    at /home/cmb/php-src/main/main.c:2343
#16 0x00000000007d3a17 in main (argc=2, argv=0xc3f960)
    at /home/cmb/php-src/sapi/cli/php_cli.c:1353
 [2015-08-09 19:13 UTC] cmb@php.net
-Summary: persistent sqlite connection + custom function silently forces exit code 1 +Summary: persistent sqlite connection + custom function segfaults
 [2015-08-10 11:06 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=aaf76387064e0ed16464bc843b9d31041bf831f0
Log: Fixed bug #70221 (persistent sqlite connection + custom function segfaults)
 [2015-08-10 11:06 UTC] laruence@php.net
-Status: Verified +Status: Closed
 [2015-08-18 16:24 UTC] ab@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=aaf76387064e0ed16464bc843b9d31041bf831f0
Log: Fixed bug #70221 (persistent sqlite connection + custom function segfaults)
 [2016-07-20 11:37 UTC] davey@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=aaf76387064e0ed16464bc843b9d31041bf831f0
Log: Fixed bug #70221 (persistent sqlite connection + custom function segfaults)
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sat Apr 29 07:01:45 2017 UTC