From: andreybl at matrix dot co dot il
Operating system: Red Hat 3.0 ES
PHP version: 4.3.11
PHP Bug Type: Informix related
Bug description: ifx_fetch_row() : SEGV if row has TEXT fields (PHP Apache
Module only)
Description:
------------
Apache version: 1.3.33
Informix server version: IDS 9.40.UC5
Informix SDK version: csdk_informix.2.90
'./configure' '--with-informix=/isoc/informix'
'--with-config-file-path=/isoc/apache/conf' '--enable-track-vars'
'--with-apache=/isoc/sources/apache' '--without-mysql'
NOTE:
The problem occurs in PHP Apache Module ONLY and NOT occurs in PHP CGI.
Description:
Segmentation Fault in httpd when call to the
ifx_fetch_row() while among the fields to be selected there is a field of
type TEXT containing NON-NULL data:
- In httpd log file (./apache/logs/error_log):
[Thu May 5 12:02:10 2005] [notice] child pid 20754 exit signal
Segmentation fault (11)
- In browser:
"The page cannot be displayed"
Seems my BUG is simillar to #8715, which was closed since there was No
feedback. So probably the problem in #8715 still persists too.
Please, take care of this report as soon as possible, since it is of
Critical severity for me. Actually this stops the whole project.
Thanks,
Andrey
Reproduce code:
---------------
$trace = fopen('/tmp/php_bug.txt', 'w+');
$conn_id = ifx_connect('DB', 'USER', 'PASS');
if (!$conn_id)
{
echo "FAILED TO CONNECT"; die();
}
fwrite($trace, "after ifx_connect\n"); fflush($trace);
$res_id = ifx_query('SELECT * FROM registrars where regid = 5',
$conn_id);
if (!$res_id)
{
echo "FAILED TO PREPARE"; echo ifx_getsqlca(); die();
}
fwrite($trace, "after ifx_query\n"); fflush($trace);
$row = ifx_fetch_row($res_id);
fwrite($trace, "after ifx_fetch_row: regid = {$row['regid']}\n");
fflush($trace);
ifx_free_result($res_id);
fwrite($trace, "after ifx_free_result\n"); fflush($trace);
ifx_close($conn_id);
fwrite($trace, "after ifx_close\n"); fflush($trace);
Expected result:
----------------
Hm. I expect the httpd not to crash.
Actual result:
--------------
Here is the backtrace:
Program received signal SIGSEGV, Segmentation fault.
0xb7359e6f in _int_free () from /lib/tls/libc.so.6
(gdb) bt
#0 0xb7359e6f in _int_free () from /lib/tls/libc.so.6
#1 0xb7358e68 in free () from /lib/tls/libc.so.6
#2 0xb7583c3c in ifx_free_sqldata () from
/isoc/informix/lib/esql/libifsql.so
#3 0xb7583a80 in sqli_desc_dealloc () from
/isoc/informix/lib/esql/libifsql.so
#4 0x080b4a14 in zif_ifx_free_result ()
#5 0x080abca6 in execute ()
#6 0x0809fa5b in zend_execute_scripts ()
#7 0x0808193b in php_execute_script ()
#8 0x080aee8e in apache_php_module_main ()
#9 0x0807a772 in ap_get_server_built ()
#10 0x0807a7dc in ap_get_server_built ()
#11 0x0812e6d3 in ap_invoke_handler ()
#12 0x0814356f in ap_some_auth_required ()
#13 0x081435ce in ap_process_request ()
#14 0x0813a731 in ap_child_terminate ()
#15 0x0813a8d1 in ap_child_terminate ()
#16 0x0813aa37 in ap_child_terminate ()
#17 0x0813b0ee in ap_child_terminate ()
#18 0x0813b90c in main ()
(gdb) qui
In the test program above I fetch only one row. If the TEXT field in the
row has NULL value everything's OK and the output in the php_bug.txt file
(see the programm) is the following:
after ifx_connect
after ifx_query
after ifx_fetch_row: regid = 3
after ifx_free_result
after ifx_close
i.e. all the functions returned ok.
If the TEXT field in the row has non-NULL data, then the SEGV occurs and
the output in the php_bug.txt test file is:
after ifx_connect
after ifx_query
after ifx_fetch_row: regid = 11
i.e. ifx_free_result did not return.
NOTE: if the TEXT-type field is not in the list of the filds to be
selected, then everything is OK.
--
Edit bug report at http://bugs.php.net/?id=32954&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=32954&r=trysnapshot4
Try a CVS snapshot (php5.0):
http://bugs.php.net/fix.php?id=32954&r=trysnapshot50
Try a CVS snapshot (php5.1):
http://bugs.php.net/fix.php?id=32954&r=trysnapshot51
Fixed in CVS: http://bugs.php.net/fix.php?id=32954&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=32954&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=32954&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=32954&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=32954&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=32954&r=support
Expected behavior: http://bugs.php.net/fix.php?id=32954&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=32954&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=32954&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=32954&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=32954&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=32954&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=32954&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=32954&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=32954&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=32954&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=32954&r=mysqlcfg
