Bug #60104 [Asn]: Segmentation Fault in pdo_sqlite when using sqliteCreateFunction()

dmitry Mon, 07 Nov 2011 23:19:44 -0800

Edit report at https://bugs.php.net/bug.php?id=60104&edit=1


 ID:                 60104
 Updated by:         dmi...@php.net
 Reported by:        patrickalla...@php.net
 Summary:            Segmentation Fault in pdo_sqlite when using
                     sqliteCreateFunction()
 Status:             Assigned
 Type:               Bug
 Package:            Reproducible crash
 Operating System:   Gentoo Linux
 PHP Version:        trunk-SVN-2011-10-20 (SVN)
 Assigned To:        dmitry
 Block user comment: N
 Private report:     N

 New Comment:

I would say that the problem in "magic" PDO extension design. It creates and 
destroys method tables at runtime. See pdo_hash_methods() at pdo_dbh.c. As 
result ZE can't cache bindings of for such methods.

The problem may be solved in few ways.
1) Fix PDO
2) Introduce additional fn_flag that disables method caching
3) Disable method caching for classes with custom get_method handler

I think (2) is the simplest solution that won't make performance degradation. 
PDO fix would make it faster and reduce memory usage, but it's much more 
serious task. I just don't have time to do it myself.


Previous Comments:
------------------------------------------------------------------------
[2011-11-04 19:51:45] tony2...@php.net

Dmitry, could you take a look at it?
Looks like something is wrong with that caching thingie in the executor.. 

(gdb) f 0
#0  ZEND_INIT_METHOD_CALL_SPEC_CV_CONST_HANDLER (execute_data=0x7ffff7f9d1c0) 
at /local/qa/5_4_valgrind/Zend/zend_vm_execute.h:28949
28949           if ((EX(fbc)->common.fn_flags & ZEND_ACC_STATIC) != 0) {
(gdb) p *execute_data.fbc 
$10 = {type = 90 'Z', common = {type = 90 'Z', function_name = 
0x5a5a5a5a5a5a5a5a <Address 0x5a5a5a5a5a5a5a5a out of bounds>, scope = 
0x5a5a5a5a5a5a5a5a, 
    fn_flags = 1515870810, prototype = 0x5a5a5a5a5a5a5a5a, num_args = 
1515870810, required_num_args = 1515870810, arg_info = 0x5a5a5a5a5a5a5a5a}, 
  op_array = {type = 90 'Z', function_name = 0x5a5a5a5a5a5a5a5a <Address 
0x5a5a5a5a5a5a5a5a out of bounds>, scope = 0x5a5a5a5a5a5a5a5a, 
    fn_flags = 1515870810, prototype = 0x5a5a5a5a5a5a5a5a, num_args = 
1515870810, required_num_args = 1515870810, arg_info = 0x5a5a5a5a5a5a5a5a, 
    refcount = 0x5a5a5a5a5a5a5a5a, opcodes = 0x5a5a5a5a5a5a5a5a, last = 
1515870810, vars = 0x5a5a5a5a5a5a5a5a, last_var = 1515870810, T = 1515870810, 
    brk_cont_array = 0x5a5a5a5a5a5a5a5a, last_brk_cont = 1515870810, 
try_catch_array = 0x5a5a5a5a5a5a5a5a, last_try_catch = 1515870810, 
    static_variables = 0x5a5a5a5a5a5a5a5a, this_var = 1515870810, filename = 
0x5a5a5a5a5a5a5a5a <Address 0x5a5a5a5a5a5a5a5a out of bounds>, 
    line_start = 1515870810, line_end = 1515870810, doc_comment = 
0x5a5a5a5a5a5a5a5a <Address 0x5a5a5a5a5a5a5a5a out of bounds>, 
    doc_comment_len = 1515870810, early_binding = 1515870810, literals = 
0x5a5a5a5a5a5a5a5a, last_literal = 1515870810, 
    run_time_cache = 0x5a5a5a5a5a5a5a5a, last_cache_slot = 1515870810, reserved 
= {0x5a5a5a5a5a5a5a5a, 0x5a5a5a5a5a5a5a5a, 0x5a5a5a5a5a5a5a5a, 
      0x5a5a5a5a5a5a5a5a}}, internal_function = {type = 90 'Z', function_name = 
0x5a5a5a5a5a5a5a5a <Address 0x5a5a5a5a5a5a5a5a out of bounds>, 
    scope = 0x5a5a5a5a5a5a5a5a, fn_flags = 1515870810, prototype = 
0x5a5a5a5a5a5a5a5a, num_args = 1515870810, required_num_args = 1515870810, 
    arg_info = 0x5a5a5a5a5a5a5a5a, handler = 0x5a5a5a5a5a5a5a5a, module = 
0x5a5a5a5a5a5a5a5a}}

------------------------------------------------------------------------
[2011-11-04 19:13:31] patrickalla...@php.net

Automatic comment from SVN on behalf of patrickallaert
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=318784
Log: Added test for #60104

------------------------------------------------------------------------
[2011-10-26 09:34:35] patrickalla...@php.net

I have been able to reproduce it without PHPUnit.
I committed ext/pdo_sqlite/tests/bug60104.phpt to make it easier.

------------------------------------------------------------------------
[2011-10-26 09:32:34] patrickalla...@php.net

Automatic comment from SVN on behalf of patrickallaert
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=318424
Log: Added test for #60104

------------------------------------------------------------------------
[2011-10-21 10:15:16] patrickalla...@php.net

The segfault appears the second time it executes $this->handler-
>sqliteCreateFunction() in the setUp().

If unset() isn't used in tearDown(), then there is no crash.

------------------------------------------------------------------------


The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

    https://bugs.php.net/bug.php?id=60104


-- 
Edit this bug report at https://bugs.php.net/bug.php?id=60104&edit=1

Bug #60104 [Asn]: Segmentation Fault in pdo_sqlite when using sqliteCreateFunction()

Reply via email to