ID: 39756
User updated by: tobias dot barth at web-arts dot com
Reported By: tobias dot barth at web-arts dot com
Status: Open
Bug Type: ODBC related
Operating System: SuSE Linux 10.1
PHP Version: 4.4.4
New Comment:
P.S.: inserting the third line with id 3:
insert into
pressestimmen(id,title,headline,text,bild_name,bild_type,bild_size,bild)
values(3,'test','test','testtext','test','test/test',100000,'te')
causes the same crash ;)
Previous Comments:
------------------------------------------------------------------------
[2006-12-07 01:10:43] tobias dot barth at web-arts dot com
I have now created an example, which always crashes on my machine.
1) create the user "CRASHTEST" on a MaxDB 7.6 database (log in as DBA
in the sqlstudio and type: create user CRASHTEST password CRASHTEST
resource not exclusive)
2) login in as user "CRASHTEST" and run the following sql script:
CREATE TABLE "PRESSESTIMMEN"
(
"ID" Fixed (18,0) NOT NULL,
"TITLE" Varchar (100) ASCII,
"HEADLINE" Varchar (250) ASCII,
"TEXT" Long ASCII,
"BILD_NAME" Varchar (100) ASCII,
"BILD_TYPE" Varchar (120) ASCII,
"BILD_SIZE" Fixed (18,0),
"BILD" Char (2) ASCII,
PRIMARY KEY ("ID")
)
//
insert into
pressestimmen(id,title,headline,text,bild_name,bild_type,bild_size,bild)
values(1,'test','test','testtext','test','test/test',100000,'te')
//
insert into
pressestimmen(id,title,headline,text,bild_name,bild_type,bild_size,bild)
values(2,'test','test','testtext','test','test/test',100000,'te')
//
insert into
pressestimmen(id,title,headline,text,bild_name,bild_type,bild_size,bild)
values(2,'test','test','testtext','test','test/test',100000,'te')
3)
run the following php script (my unixODBC instance is called "OLTP"):
<?
$dbcon = odbc_connect ("OLTP", "CRASHTEST", "CRASHTEST");
$z=odbc_exec("select * from pressestimmen where id=3");
$a = odbc_exec ($dbcon, "select id from pressestimmen");
echo "end of script";flush();
?>
this crashes, and the gdb backtrace is:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 47129735329440 (LWP 15483)]
0x00002add3ea84f01 in _int_malloc () from /lib64/libc.so.6
(gdb) bt
#0 0x00002add3ea84f01 in _int_malloc () from /lib64/libc.so.6
#1 0x00002add3ea86d76 in malloc () from /lib64/libc.so.6
#2 0x00002add413c20cb in _emalloc (size=21) at
/usr/src/php4-STABLE-200612061330/Zend/zend_alloc.c:177
#3 0x00002add4132277a in odbc_bindcols (result=0x555555b26668) at
/usr/src/php4-STABLE-200612061330/ext/odbc/php_odbc.c:674
#4 0x00002add41325c0f in zif_odbc_exec (ht=<value optimized out>,
return_value=0x555555b25188, this_ptr=<value optimized out>,
return_value_used=<value optimized out>) at
/usr/src/php4-STABLE-200612061330/ext/odbc/php_odbc.c:1323
#5 0x00002add413eb1ce in execute (op_array=0x555555b20478) at
/usr/src/php4-STABLE-200612061330/Zend/zend_execute.c:1681
#6 0x00002add413d1a9a in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /usr/src/php4-STABLE-200612061330/Zend/zend.c:935
#7 0x00002add413a34b7 in php_execute_script
(primary_file=0x7fff6d02ba50) at
/usr/src/php4-STABLE-200612061330/main/main.c:1752
#8 0x00002add413ef83d in php_handler (r=0x555555b0d0a8) at
/usr/src/php4-STABLE-200612061330/sapi/apache2handler/sapi_apache2.c:581
#9 0x000055555558c6ba in ap_run_handler () from
/usr/sbin/httpd2-prefork
#10 0x000055555558faa2 in ap_invoke_handler () from
/usr/sbin/httpd2-prefork
#11 0x000055555559a1c8 in ap_process_request () from
/usr/sbin/httpd2-prefork
#12 0x0000555555597409 in ap_register_input_filter () from
/usr/sbin/httpd2-prefork
#13 0x0000555555593772 in ap_run_process_connection () from
/usr/sbin/httpd2-prefork
#14 0x000055555559dc09 in ap_graceful_stop_signalled () from
/usr/sbin/httpd2-prefork
#15 0x000055555559de0e in ap_graceful_stop_signalled () from
/usr/sbin/httpd2-prefork
#16 0x000055555559e911 in ap_mpm_run () from /usr/sbin/httpd2-prefork
#17 0x0000555555579cb8 in main () from /usr/sbin/httpd2-prefork
(gdb)
it crashes in the second call to odbc_exec. when I place a
echo "1";exit; between both calls to odbc_exec, the "1" is displayed
and it does not crash.
------------------------------------------------------------------------
[2006-12-06 18:47:14] [EMAIL PROTECTED]
Oh, so which one of these two segfaults do you actualy encounter?
One of them doesn't look to be ODBC related and another one seem to be
caused by your database, which for some reason returns lengths == 62
and value == NULL (which is most likely a bug in the MaxDB ODBC
driver).
------------------------------------------------------------------------
[2006-12-06 18:34:20] tobias dot barth at web-arts dot com
okay, I will create a test script. in the meantime - perhaps this trace
could help?
---Type <return> to continue, or q <return> to quit---
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 47707950089888 (LWP 29782)]
_efree (ptr=0x640000003c) at
/usr/src/php4-STABLE-200612061330/Zend/zend_alloc.c:256
256 CALCULATE_REAL_SIZE_AND_CACHE_INDEX(p->size);
(gdb) bt
#0 _efree (ptr=0x640000003c) at
/usr/src/php4-STABLE-200612061330/Zend/zend_alloc.c:256
#1 0x00002b63e17b0463 in _free_odbc_result (rsrc=<value optimized
out>) at /usr/src/php4-STABLE-200612061330/ext/odbc/php_odbc.c:173
#2 0x00002b63e1869efe in list_entry_destructor (ptr=<value optimized
out>) at /usr/src/php4-STABLE-200612061330/Zend/zend_list.c:177
#3 0x00002b63e186983a in zend_hash_del_key_or_index
(ht=0x2b63e19faaa8, arKey=0x0, nKeyLength=0, h=12, flag=<value
optimized out>)
at /usr/src/php4-STABLE-200612061330/Zend/zend_hash.c:529
#4 0x00002b63e186a107 in _zend_list_delete (id=<value optimized out>)
at /usr/src/php4-STABLE-200612061330/Zend/zend_list.c:56
#5 0x00002b63e1870c08 in zend_assign_to_variable
(result=0x555555c63288, op1=<value optimized out>, op2=0x555555c632c8,
value=0x555555bfea08,
type=0, Ts=0x7fffccb7aa00) at
/usr/src/php4-STABLE-200612061330/Zend/zend_execute.c:483
#6 0x00002b63e187677c in execute (op_array=0x555555c04f38) at
/usr/src/php4-STABLE-200612061330/Zend/zend_execute.c:1393
#7 0x00002b63e18782a9 in execute (op_array=0x555555b651c0) at
/usr/src/php4-STABLE-200612061330/Zend/zend_execute.c:2278
#8 0x00002b63e1876249 in execute (op_array=0x555555b256c8) at
/usr/src/php4-STABLE-200612061330/Zend/zend_execute.c:1725
#9 0x00002b63e18782a9 in execute (op_array=0x555555b20ef8) at
/usr/src/php4-STABLE-200612061330/Zend/zend_execute.c:2278
#10 0x00002b63e1862a9a in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /usr/src/php4-STABLE-200612061330/Zend/zend.c:935
#11 0x00002b63e18344b7 in php_execute_script
(primary_file=0x7fffccb995d0) at
/usr/src/php4-STABLE-200612061330/main/main.c:1752
#12 0x00002b63e188083d in php_handler (r=0x555555b0d0a8) at
/usr/src/php4-STABLE-200612061330/sapi/apache2handler/sapi_apache2.c:581
#13 0x000055555558c6ba in ap_run_handler () from
/usr/sbin/httpd2-prefork
#14 0x000055555558faa2 in ap_invoke_handler () from
/usr/sbin/httpd2-prefork
#15 0x000055555559a1c8 in ap_process_request () from
/usr/sbin/httpd2-prefork
#16 0x0000555555597409 in ap_register_input_filter () from
/usr/sbin/httpd2-prefork
#17 0x0000555555593772 in ap_run_process_connection () from
/usr/sbin/httpd2-prefork
#18 0x000055555559dc09 in ap_graceful_stop_signalled () from
/usr/sbin/httpd2-prefork
#19 0x000055555559de0e in ap_graceful_stop_signalled () from
/usr/sbin/httpd2-prefork
#20 0x000055555559e911 in ap_mpm_run () from /usr/sbin/httpd2-prefork
#21 0x0000555555579cb8 in main () from /usr/sbin/httpd2-prefork
(gdb) quit
------------------------------------------------------------------------
[2006-12-06 17:36:33] [EMAIL PROTECTED]
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves.
A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external
resources such as databases, etc. If the script requires a
database to demonstrate the issue, please make sure it creates
all necessary tables, stored procedures etc.
Please avoid embedding huge scripts into the report.
I believe you don't need a database to reproduce the last one.
------------------------------------------------------------------------
[2006-12-06 17:29:41] tobias dot barth at web-arts dot com
The first call to the php script now finished without crash, but the
next one made the folloing back trace:
---Type <return> to continue, or q <return> to quit---
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 47766558578336 (LWP 14425)]
virtual_file_ex (state=0x7fff27625060, path=0x7fff27623010
"/home/votum/www/admin/pressestimmen.cfg", verify_path=0,
use_realpath=1)
at /usr/src/php4-STABLE-200612061330/TSRM/tsrm_virtual_cwd.c:380
380 state->cwd[copy_amount] = '\0';
(gdb) bt
#0 virtual_file_ex (state=0x7fff27625060, path=0x7fff27623010
"/home/votum/www/admin/pressestimmen.cfg", verify_path=0,
use_realpath=1)
at /usr/src/php4-STABLE-200612061330/TSRM/tsrm_virtual_cwd.c:380
#1 0x00002b7186da34a8 in expand_filepath (filepath=0x555555b27ab8
"pressestimmen.cfg", real_path=0x0)
at /usr/src/php4-STABLE-200612061330/main/fopen_wrappers.c:525
#2 0x00002b7186dad262 in _php_stream_fopen (filename=0x555555b27ab8
"pressestimmen.cfg", mode=0x555555b8bbf8 "r", opened_path=0x0,
options=4)
at /usr/src/php4-STABLE-200612061330/main/streams.c:1968
#3 0x00002b7186dacde5 in _php_stream_open_wrapper_ex
(path=0x555555b27ab8 "pressestimmen.cfg", mode=0x555555b8bbf8 "r",
options=4,
opened_path=0x0, context=0x0) at
/usr/src/php4-STABLE-200612061330/main/streams.c:2696
#4 0x00002b7186d47e75 in php_if_fopen (ht=<value optimized out>,
return_value=0x555555c028f8, this_ptr=<value optimized out>,
return_value_used=<value optimized out>) at
/usr/src/php4-STABLE-200612061330/ext/standard/file.c:1148
#5 0x00002b7186de51ce in execute (op_array=0x555555b72c50) at
/usr/src/php4-STABLE-200612061330/Zend/zend_execute.c:1681
#6 0x00002b7186ddf249 in execute (op_array=0x555555b75ac0) at
/usr/src/php4-STABLE-200612061330/Zend/zend_execute.c:1725
#7 0x00002b7186ddf249 in execute (op_array=0x555555be7118) at
/usr/src/php4-STABLE-200612061330/Zend/zend_execute.c:1725
#8 0x00002b7186de12a9 in execute (op_array=0x555555b22fd8) at
/usr/src/php4-STABLE-200612061330/Zend/zend_execute.c:2278
#9 0x00002b7186dcba9a in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /usr/src/php4-STABLE-200612061330/Zend/zend.c:935
#10 0x00002b7186d9d4b7 in php_execute_script
(primary_file=0x7fff27632060) at
/usr/src/php4-STABLE-200612061330/main/main.c:1752
#11 0x00002b7186de983d in php_handler (r=0x555555b13a58) at
/usr/src/php4-STABLE-200612061330/sapi/apache2handler/sapi_apache2.c:581
#12 0x000055555558c6ba in ap_run_handler () from
/usr/sbin/httpd2-prefork
#13 0x000055555558faa2 in ap_invoke_handler () from
/usr/sbin/httpd2-prefork
#14 0x000055555559a1c8 in ap_process_request () from
/usr/sbin/httpd2-prefork
#15 0x0000555555597409 in ap_register_input_filter () from
/usr/sbin/httpd2-prefork
#16 0x0000555555593772 in ap_run_process_connection () from
/usr/sbin/httpd2-prefork
#17 0x000055555559dc09 in ap_graceful_stop_signalled () from
/usr/sbin/httpd2-prefork
#18 0x000055555559de0e in ap_graceful_stop_signalled () from
/usr/sbin/httpd2-prefork
#19 0x000055555559e911 in ap_mpm_run () from /usr/sbin/httpd2-prefork
#20 0x0000555555579cb8 in main () from /usr/sbin/httpd2-prefork
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/39756
--
Edit this bug report at http://bugs.php.net/?id=39756&edit=1
