#48070 [Com]: PDO_OCI Segfault when using persistent connection

[jarismar dot php at gmail dot com]

 ID:               48070
 Comment by:       jarismar dot php at gmail dot com
 Reported By:      jarismar dot php at gmail dot com
 Status:           Open
 Bug Type:         PDO related
 Operating System: irrelevant
 PHP Version:      5.2CVS-2009-04-24 (CVS)
 New Comment:

I think, this happens because error messages are being created with
pestrdup and later destructed with efree.

I've changed the pdo_oci extension to use pefree when appropriate, it
seems to solve the problem.

This is the patch against PHP_5_2 tip.

cvs diff - u >
Index: oci_driver.c
===================================================================
RCS file: /repository/php-src/ext/pdo_oci/oci_driver.c,v
retrieving revision 1.24.2.4.2.11
diff -u -u -p -r1.24.2.4.2.11 oci_driver.c
--- oci_driver.c        31 Dec 2008 11:17:42 -0000      1.24.2.4.2.11
+++ oci_driver.c        24 Apr 2009 10:47:29 -0000
@@ -70,16 +70,15 @@ ub4 _oci_error(OCIError *err, pdo_dbh_t 
                S = (pdo_oci_stmt*)stmt->driver_data;
                einfo = &S->einfo;
                pdo_err = &stmt->error_code;
-               if (einfo->errmsg) {
-                       efree(einfo->errmsg);
-               }
        }
        else {
                einfo = &H->einfo;
-               if (einfo->errmsg) {
-                       pefree(einfo->errmsg, dbh->is_persistent);
-               }
        }
+       
+       if (einfo->errmsg) {
+               pefree(einfo->errmsg, dbh->is_persistent);
+       }
+
 
        einfo->errmsg = NULL;
        einfo->errcode = 0;
Index: oci_statement.c
===================================================================
RCS file: /repository/php-src/ext/pdo_oci/oci_statement.c,v
retrieving revision 1.16.2.10.2.9
diff -u -u -p -r1.16.2.10.2.9 oci_statement.c
--- oci_statement.c     31 Dec 2008 11:17:42 -0000      1.16.2.10.2.9
+++ oci_statement.c     24 Apr 2009 10:47:30 -0000
@@ -54,6 +54,7 @@ static php_stream *oci_create_lob_stream
 static int oci_stmt_dtor(pdo_stmt_t *stmt TSRMLS_DC) /* {{{ */
 {
        pdo_oci_stmt *S = (pdo_oci_stmt*)stmt->driver_data;
+       pdo_dbh_t *dbh = stmt->dbh;
        HashTable *BC = stmt->bound_columns;
        HashTable *BP = stmt->bound_params;
 
@@ -87,7 +88,7 @@ static int oci_stmt_dtor(pdo_stmt_t *stm
        }
 
        if (S->einfo.errmsg) {
-               efree(S->einfo.errmsg);
+               pefree(S->einfo.errmsg, dbh->is_persistent);
                S->einfo.errmsg = NULL;
        }


Previous Comments:
------------------------------------------------------------------------

[2009-04-24 14:09:13] jarismar dot php at gmail dot com

Description:
------------
When using persistent connections apache segfaults at end of the
request.
The segfault only happens if some statment has got error.

Reproduced on Windows (XP) and Linux (debian 2.6.29-1-686).



Reproduce code:
---------------
$sDSN = 'oci:dbname=//webreport:1521/adplabs';
$sUserName = 'rpttest82';
$sPassword = 'rpttest82';

$oPDO = new PDO($sDSN, $sUserName, $sPassword,
array(PDO::ATTR_PERSISTENT => true));
$oPDO->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
try {
  $oStatement = $oPDO->prepare('Select x from no_table');
  $oStatement->execute();
} catch (Exception $oException) {
  print $oException->getMessage()."\n";
}

Expected result:
----------------
SQLSTATE[HY000]: General error: 942 OCIStmtExecute: ORA-00942: table or
view does not exist
 (/home/jaris/php-latest/ext/pdo_oci/oci_statement.c:147)

Actual result:
--------------
Windows :

Unhandled exception at 0x0088ad16 (php5ts.dll) in Apache.exe:
0xC0000005: Access violation reading location 0x002c5cc4.

Debian :
segmentation fault
ALERT - canary mismatch on efree() - heap overflow detected (attacker
'REMOTE_ADDR not set', file 'unknown')


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=48070&edit=1