From: [EMAIL PROTECTED]
Operating system: Linux
PHP version: 5.2.5
PHP Bug Type: PDO related
Bug description: PDO_OCI crashes
Description:
------------
PDO/OCI segfaults while describing columns. I gave a stab at a quick
reproducing script, but did not manage unfortunately. I get this issue by
running the WorkflowDatabaseTiein component test suite with:
php -dmemory_limit=-1 UnitTest/src/runtests.php -v -D
oracle://ezc:[EMAIL PROTECTED]/ezctest
WorkflowDatabaseTiein/tests/execution_test.php
Reproduce code:
---------------
Database schema:
CREATE TABLE "execution" (
"execution_id" number NOT NULL,
"execution_next_thread_id" number NOT NULL,
"execution_parent" number NOT NULL,
"execution_started" number NOT NULL,
"execution_threads" clob,
"execution_variables" clob,
"execution_waiting_for" clob,
"workflow_id" number NOT NULL
)
CREATE SEQUENCE "execution_execution_id_seq" start with 1 increment by 1
nomaxvalue
CREATE OR REPLACE TRIGGER "execution_execution_id_trg" before insert on
"execution" for each row begin select "execution_execution_id_seq".nextval
into :new."execution_id" from dual; end;
ALTER TABLE "execution" ADD CONSTRAINT "execution_pkey" PRIMARY KEY (
"execution_id" )
CREATE INDEX "execution_parent" ON "execution" ( "execution_parent" )
CREATE TABLE "execution_state" (
"execution_id" number NOT NULL,
"node_activated_from" clob NOT NULL,
"node_id" number NOT NULL,
"node_state" clob,
"node_thread_id" number NOT NULL
)
ALTER TABLE "execution_state" ADD CONSTRAINT "execution_state_pkey"
PRIMARY KEY ( "execution_id", "node_id" )
CREATE TABLE "node" (
"node_class" varchar2(255) NOT NULL,
"node_configuration" clob,
"node_id" number NOT NULL,
"workflow_id" number NOT NULL
)
CREATE SEQUENCE "node_node_id_seq" start with 1 increment by 1 nomaxvalue
CREATE OR REPLACE TRIGGER "node_node_id_trg" before insert on "node" for
each row begin select "node_node_id_seq".nextval into :new."node_id" from
dual; end;
ALTER TABLE "node" ADD CONSTRAINT "node_pkey" PRIMARY KEY ( "node_id" )
CREATE INDEX "workflow_id" ON "node" ( "workflow_id" )
CREATE TABLE "node_connection" (
"in_node_id" number NOT NULL,
"out_node_id" number NOT NULL
)
CREATE INDEX "in_node_id" ON "node_connection" ( "in_node_id" )
CREATE TABLE "variable_handler" (
"class" varchar2(255) NOT NULL,
"variable" varchar2(255) NOT NULL,
"workflow_id" number NOT NULL
)
ALTER TABLE "variable_handler" ADD CONSTRAINT "variable_handler_pkey"
PRIMARY KEY ( "class", "workflow_id" )
CREATE TABLE "workflow" (
"workflow_created" number NOT NULL,
"workflow_id" number NOT NULL,
"workflow_name" varchar2(64) NOT NULL,
"workflow_version" number DEFAULT 1 NOT NULL
)
CREATE SEQUENCE "workflow_workflow_id_seq" start with 1 increment by 1
nomaxvalue
CREATE OR REPLACE TRIGGER "workflow_workflow_id_trg" before insert on
"workflow" for each row begin select "workflow_workflow_id_seq".nextval
into :new."workflow_id" from dual; end;
ALTER TABLE "workflow" ADD CONSTRAINT "workflow_pkey" PRIMARY KEY (
"workflow_id" )
CREATE UNIQUE INDEX "name_version" ON "workflow" ( "workflow_name",
"workflow_version" )
Actual result:
--------------
Segfault:
backtrace:
#0 0xb7447574 in kghualloc () from
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1
No symbol table info available.
#1 0xb73e865f in kohalc () from
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1
No symbol table info available.
#2 0xb73e7f4f in kohalc () from
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1
No symbol table info available.
#3 0xb73e8902 in kohalw () from
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1
No symbol table info available.
#4 0xb7283b83 in kollalfn () from
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1
No symbol table info available.
#5 0xb6d401d3 in kpugdesc () from
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1
No symbol table info available.
#6 0xb6e0e5a6 in OCIDescriptorAlloc () from
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1
No symbol table info available.
#7 0x08209985 in oci_stmt_describe (stmt=0xb30291a8, colno=2) at
/root/src/php-5.2.5/ext/pdo_oci/oci_statement.c:553
S = (pdo_oci_stmt *) 0xb32c384c
param = (OCIParam *) 0x8959404
colname = (text *) 0x8963b4c "node_configuration"
dtype = 112
data_size = 4000
scale = 0
precis = 0
namelen = 18
col = (struct pdo_column_data *) 0xb3031b40
dyn = 0 '\0'
#8 0x081f94c0 in pdo_stmt_describe_columns (stmt=0xb30291a8) at
/root/src/php-5.2.5/ext/pdo/pdo_stmt.c:198
col = 2
#9 0x081fa38c in zim_PDOStatement_execute (ht=0, return_value=0xb3027f54,
return_value_ptr=0x0, this_ptr=0xb32cb20c, return_value_used=0)
at /root/src/php-5.2.5/ext/pdo/pdo_stmt.c:509
input_params = (zval *) 0x0
ret = 1
stmt = (pdo_stmt_t *) 0xb30291a8
#10 0x0847d9e6 in execute_internal (execute_data_ptr=0xbfbd4f14,
return_value_used=0) at /root/src/php-5.2.5/Zend/zend_execute.c:1385
return_value_ptr = (zval **) 0xbfbd3f94
#11 0xb6525765 in xdebug_execute_internal
(current_execute_data=0xbfbd4f14, return_value_used=0) at
/tmp/pear/cache/xdebug-2.0.3/xdebug.c:1605
edata = (zend_execute_data *) 0xbfbd4f14
fse = (function_stack_entry *) 0x89d1ca8
cur_opcode = (zend_op *) 0x0
do_return = 1
function_nr = 9158
#12 0x0847e093 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfbd4f14) at
/root/src/php-5.2.5/Zend/zend_vm_execute.h:202
return_reference = 0 '\0'
opline = (zend_op *) 0xb31a6400
original_return_value = (zval **) 0x847fa09
current_scope = (zend_class_entry *) 0xb3197098
current_this = (zval *) 0xb3021d94
return_value_used = 0
should_change_scope = 1 '\001'
ctor_opline = (zend_op *) 0xb654c19c
#13 0x0847ecc7 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0xbfbd4f14) at
/root/src/php-5.2.5/Zend/zend_vm_execute.h:322
No locals.
#14 0x0847dbe0 in execute (op_array=0xb3215f08) at
/root/src/php-5.2.5/Zend/zend_vm_execute.h:92
execute_data = {opline = 0xb31a6400, function_state =
{function_symbol_table = 0xb32c2504, function = 0x88125e0, reserved =
{0xbfbd7274, 0xbfbd50d4, 0xbfbd4f58,
0xb6523748}}, fbc = 0x88125e0, op_array = 0xb3215f08, object =
0xb32cb20c, Ts = 0xbfbd3860, CVs = 0xbfbd3810, original_in_execution = 1
'\001',
symbol_table = 0xb32ab6f8, prev_execute_data = 0xbfbd5f34,
old_error_reporting = 0x0}
#15 0xb65253f7 in xdebug_execute (op_array=0xb3215f08) at
/tmp/pear/cache/xdebug-2.0.3/xdebug.c:1541
dummy = (zval **) 0x0
edata = (zend_execute_data *) 0xbfbd5f34
fse = (function_stack_entry *) 0x89ce800
xfse = (function_stack_entry *) 0x5
magic_cookie = 0x0
do_return = 1
function_nr = 9032
le = (xdebug_llist_element *) 0xbfbd5038
eval_id = 0
#16 0x0847e1f7 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfbd5f34) at
/root/src/php-5.2.5/Zend/zend_vm_execute.h:234
opline = (zend_op *) 0xb309d7f8
original_return_value = (zval **) 0xbfbd61a8
current_scope = (zend_class_entry *) 0xb310be10
current_this = (zval *) 0xb302b098
return_value_used = 1
should_change_scope = 1 '\001'
ctor_opline = (zend_op *) 0xb654c19c
#17 0x0847ecc7 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0xbfbd5f34) at
/root/src/php-5.2.5/Zend/zend_vm_execute.h:322
No locals.
#18 0x0847dbe0 in execute (op_array=0xb3096670) at
/root/src/php-5.2.5/Zend/zend_vm_execute.h:92
execute_data = {opline = 0xb309d7f8, function_state =
{function_symbol_table = 0xb32ab6f8, function = 0xb3215f08, reserved =
{0xbfbd7274, 0xbfbd60d8, 0xbfbd5f78,
0xb6523748}}, fbc = 0xb3215f08, op_array = 0xb3096670, object =
0xb3021d94, Ts = 0xbfbd50f0, CVs = 0xbfbd50b0, original_in_execution = 1
'\001',
symbol_table = 0xb32ab8fc, prev_execute_data = 0xbfbd61d4,
old_error_reporting = 0x0}
#19 0xb65253f7 in xdebug_execute (op_array=0xb3096670) at
/tmp/pear/cache/xdebug-2.0.3/xdebug.c:1541
dummy = (zval **) 0x0
edata = (zend_execute_data *) 0xbfbd61d4
fse = (function_stack_entry *) 0x89c3760
xfse = (function_stack_entry *) 0x19
magic_cookie = 0x0
do_return = 1
function_nr = 8930
le = (xdebug_llist_element *) 0xbfbd6058
eval_id = 0
#20 0x0847e1f7 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfbd61d4) at
/root/src/php-5.2.5/Zend/zend_vm_execute.h:234
opline = (zend_op *) 0xb3105fa0
original_return_value = (zval **) 0xbfbd67b8
current_scope = (zend_class_entry *) 0xb310be10
current_this = (zval *) 0xb302b098
return_value_used = 0
should_change_scope = 1 '\001'
ctor_opline = (zend_op *) 0xb654c19c
#21 0x0847ecc7 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0xbfbd61d4) at
/root/src/php-5.2.5/Zend/zend_vm_execute.h:322
No locals.
(goes on for a bit - it's not a stack overflow)
The functions that I am calling just around it segfaulting:
-> ezcQuerySelectOracle->prepare()
/root/ezcomponents/trunk/WorkflowDatabaseTiein/src/definition_storage.php:94
-> ezcQuery->prepare()
/root/ezcomponents/trunk/Database/src/sqlabstraction/implementations/query_select_oracle.php:176
-> ezcQuerySelectOracle->getQuery()
/root/ezcomponents/trunk/Database/src/sqlabstraction/query.php:432
-> ezcQuerySelect->getQuery()
/root/ezcomponents/trunk/Database/src/sqlabstraction/implementations/query_select_oracle.php:143
>=> 'SELECT "node_id", "node_class", "node_configuration" FROM
"node" WHERE "workflow_id" = :ezcValue1'
>=> 'SELECT "node_id", "node_class", "node_configuration" FROM
"node" WHERE "workflow_id" = :ezcValue1'
-> PDO->prepare('SELECT "node_id", "node_class", "node_configuration"
FROM "node" WHERE "workflow_id" = :ezcValue1')
/root/ezcomponents/trunk/Database/src/sqlabstraction/query.php:432
>=> class PDOStatement { public $queryString = 'SELECT "node_id",
"node_class", "node_configuration" FROM "node" WHERE "workflow_id" =
:ezcValue1' }
-> ezcQuery->doBind($stmt = class PDOStatement { public $queryString
= 'SELECT "node_id", "node_class", "node_configuration" FROM "node" WHERE
"workflow_id" = :ezcValue1' })
/root/ezcomponents/trunk/Database/src/sqlabstraction/query.php:433
-> PDOStatement->bindValue(':ezcValue1', 1, 2)
/root/ezcomponents/trunk/Database/src/sqlabstraction/query.php:393
>=> TRUE
>=> NULL
>=> class PDOStatement { public $queryString = 'SELECT "node_id",
"node_class", "node_configuration" FROM "node" WHERE "workflow_id" =
:ezcValue1' }
>=> class PDOStatement { public $queryString = 'SELECT "node_id",
"node_class", "node_configuration" FROM "node" WHERE "workflow_id" =
:ezcValue1' }
-> PDOStatement->execute()
/root/ezcomponents/trunk/WorkflowDatabaseTiein/src/definition_storage.php:95
valgrind:
==8810==
==8810== Invalid write of size 4
==8810== at 0x4EC3574: kghualloc (in
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810== by 0x4E6465E: (within
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810== by 0x4E63F4E: kohalc (in
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810== by 0x4E64901: kohalw (in
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810== by 0x4CFFB82: kollalfn (in
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810== by 0x47BC1D2: kpugdesc (in
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810== by 0x488A5A5: OCIDescriptorAlloc (in
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810== by 0x8209984: oci_stmt_describe (oci_statement.c:553)
==8810== by 0x81F94BF: pdo_stmt_describe_columns (pdo_stmt.c:198)
==8810== by 0x81FA38B: zim_PDOStatement_execute (pdo_stmt.c:509)
==8810== by 0x847D9E5: execute_internal (zend_execute.c:1385)
==8810== by 0x5AB6764: xdebug_execute_internal (xdebug.c:1605)
==8810== Address 0x3D34 is not stack'd, malloc'd or (recently) free'd
==8810==
==8810== Process terminating with default action of signal 11 (SIGSEGV)
==8810== Access not within mapped region at address 0x3D34
==8810== at 0x4EC3574: kghualloc (in
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810== by 0x4E6465E: (within
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810== by 0x4E63F4E: kohalc (in
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810== by 0x4E64901: kohalw (in
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810== by 0x4CFFB82: kollalfn (in
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810== by 0x47BC1D2: kpugdesc (in
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810== by 0x488A5A5: OCIDescriptorAlloc (in
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810== by 0x8209984: oci_stmt_describe (oci_statement.c:553)
==8810== by 0x81F94BF: pdo_stmt_describe_columns (pdo_stmt.c:198)
==8810== by 0x81FA38B: zim_PDOStatement_execute (pdo_stmt.c:509)
==8810== by 0x847D9E5: execute_internal (zend_execute.c:1385)
==8810== by 0x5AB6764: xdebug_execute_internal (xdebug.c:1605)
==8810==
==8810== Invalid free() / delete / delete[]
==8810== at 0x401CFA5: free (vg_replace_malloc.c:233)
==8810== by 0x560CE4D: (within /lib/tls/libc-2.3.6.so)
==8810== by 0x560C601: __libc_freeres (in /lib/tls/libc-2.3.6.so)
==8810== by 0x40191F6: _vgnU_freeres (vg_preloaded.c:60)
==8810== by 0x5393863: (within
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810== by 0x4E6465E: (within
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810== by 0x4E63F4E: kohalc (in
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810== by 0x4E64901: kohalw (in
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810== by 0x4CFFB82: kollalfn (in
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810== by 0x47BC1D2: kpugdesc (in
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810== by 0x488A5A5: OCIDescriptorAlloc (in
/usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libclntsh.so.10.1)
==8810== by 0x8209984: oci_stmt_describe (oci_statement.c:553)
==8810== Address 0x5722720 is not stack'd, malloc'd or (recently) free'd
--
Edit bug report at http://bugs.php.net/?id=44852&edit=1
--
Try a CVS snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=44852&r=trysnapshot52
Try a CVS snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=44852&r=trysnapshot53
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=44852&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=44852&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=44852&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=44852&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=44852&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=44852&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=44852&r=support
Expected behavior: http://bugs.php.net/fix.php?id=44852&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=44852&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=44852&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=44852&r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=44852&r=php4
Daylight Savings: http://bugs.php.net/fix.php?id=44852&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=44852&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=44852&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=44852&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=44852&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=44852&r=mysqlcfg
