PHP :: Bug #73085 :: oci_execute segfault

Bug #73085	oci_execute segfault
Submitted:	2016-09-15 05:07 UTC	Modified:	2016-10-13 04:47 UTC
From:	sergei dot solomonov at gmail dot com	Assigned:
Status:	Duplicate	Package:	OCI8 related
PHP Version:	7.1.0RC1	OS:	Ubuntu 15.04
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	sergei dot solomonov at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2016-09-15 05:07 UTC] sergei dot solomonov at gmail dot com

Description:
------------
PHP v7.1.0RC1 on Ubuntu 15.04.
Looks like all 7.* versions affected, but works fine with php 5.5 and 5.6 versions.
Default php.ini-development config was used.

Test script demonstrates some strange oci_execute / oci_bind_by_name behaviour.
Code intentionally simplified and may look strange.
Example below leads to segfault after `$stmt->execute();`.
Some slight changes or reordering lines / commands may lead to other result.

Also it may be related to https://bugs.php.net/bug.php?id=73080

Test script:
---------------
<?php
class Statement
{
    private $stmt;

    function __construct($sql) {
        $this->connection = oci_connect('user', 'password', 'db', 'UTF8');
        $this->stmt = oci_parse($this->connection, $sql);
    }

    function execute() {
        oci_execute($this->stmt);
    }

    function runOciFunctionAndHandleResult($funcName, array $funcArgs) {
        call_user_func_array("oci_$funcName", $funcArgs);
    }

    function bind($name, &$variable) {
        $args = func_get_args(); // without this assigning result to variable works fine!
        // $args not used here, because original code a bit simplified to demonstration strange behaviour
        $this->runOciFunctionAndHandleResult(
            'bind_by_name',
            [$this->stmt, ":$name", &$variable]
        );
    }

    function bindParams(array $bindParams = []) {
        foreach ($bindParams as $bvName => &$bvValue) {
            $this->bind($bvName, $bvValue[0]);
        }
    }
}

$stmt = new Statement(
    'declare
         lp1 varchar2(1000); lp2 varchar2(1000);
     begin
         lp1 := :p1; lp2 := :p2;
     end;'
);
$stmt->bindParams(['p1' => ['xxxxxxxxxxxxxxxxxxxxxxxx']]); // 24 or more chars would lead to segfault
$stmt->bind('p2', $code);

$stmt->execute();



Actual result:
--------------
Segmentation fault (core dumped)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2016-10-13 04:47 UTC] sixd@php.net

-Status: Open +Status: Duplicate

[2016-10-13 04:47 UTC] sixd@php.net

Seems fixed by the patch in bug #71148.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue Apr 16 14:01:29 2024 UTC