#48240 [Opn]: DBA Segmentation fault dba_nextkey

Tue, 12 May 2009 07:32:13 -0700 

 ID:               48240
 User updated by:  VJTD3 at VJTD3 dot com
 Reported By:      VJTD3 at VJTD3 dot com
 Status:           Open
 Bug Type:         DBM/DBA related
 Operating System: linux redhat fedora 10
 PHP Version:      5.2.9
 New Comment:

[New Thread 0xb7ff56c0 (LWP 10754)]

Program received signal SIGSEGV, Segmentation fault.
0x080d0c66 in dba_nextkey_db4 (info=0x84d75f0, newlen=0xbfffb360)
    at php-5.2.9/ext/dba/dba_db4.c:222
222             if (dba->cursor->c_get(dba->cursor, &gkey, &gval,
DB_NEXT) == 0)                                                          
                   {
(gdb) bt
#0  0x080d0c66 in dba_nextkey_db4 (info=0x84d75f0, newlen=0xbfffb360)
    at php-5.2.9/ext/dba/dba_db4.c:222
#1  0x080cf3cc in zif_dba_nextkey (ht=1, return_value=0x84d6e78,
    return_value_ptr=0x0, this_ptr=0x0, return_value_used=1)
    at php-5.2.9/ext/dba/dba.c:1101
#2  0x08304280 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfffb548)
    at php-5.2.9/Zend/zend_vm_execute.h:200
#3  0x08309bba in ZEND_DO_FCALL_SPEC_CONST_HANDLER
(execute_data=0xbfffb548)
    at php-5.2.9/Zend/zend_vm_execute.h:1729
#4  0x08303dfd in execute (op_array=0x84d7538)
    at php-5.2.9/Zend/zend_vm_execute.h:92
#5  0x082df04e in zend_execute_scripts (type=8, retval=0x0,
file_count=3)
    at php-5.2.9/Zend/zend.c:1134
#6  0x0828dd81 in php_execute_script (primary_file=0xbfffd8c4)
    at php-5.2.9/main/main.c:2023
#7  0x0835a851 in main (argc=2, argv=0xbfffda04)
    at php-5.2.9/sapi/cli/php_cli.c:1133
(gdb) frame 0
#0  0x080d0c66 in dba_nextkey_db4 (info=0x84d75f0, newlen=0xbfffb360)
    at php-5.2.9/ext/dba/dba_db4.c:222
222             if (dba->cursor->c_get(dba->cursor, &gkey, &gval,
DB_NEXT) == 0)                                                          
                   {
(gdb) frame 1
#1  0x080cf3cc in zif_dba_nextkey (ht=1, return_value=0x84d6e78,
    return_value_ptr=0x0, this_ptr=0x0, return_value_used=1)
    at php-5.2.9/ext/dba/dba.c:1101
1101            nkey = info->hnd->nextkey(info, &len TSRMLS_CC);
(gdb) frame 2
#2  0x08304280 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfffb548)
    at php-5.2.9/Zend/zend_vm_execute.h:200
200                             ((zend_internal_function *)
EX(function_state).f                                                    
                        unction)->handler(opline->extended_value,
EX_T(opline->result.u.var).var.ptr, EX                                  
                                         
(function_state).function->common.return_reference?&EX_T(opline->result.u.var).v
                                                                        
   ar.ptr:NULL, EX(object), return_value_used TSRMLS_CC);
(gdb) frame 3
#3  0x08309bba in ZEND_DO_FCALL_SPEC_CONST_HANDLER
(execute_data=0xbfffb548)
    at php-5.2.9/Zend/zend_vm_execute.h:1729
1729            return
zend_do_fcall_common_helper_SPEC(ZEND_OPCODE_HANDLER_ARGS               
                                                            
_PASSTHRU);
(gdb) frame 4
#4  0x08303dfd in execute (op_array=0x84d7538)
    at php-5.2.9/Zend/zend_vm_execute.h:92
92                      if (EX(opline)->handler(&execute_data
TSRMLS_CC) > 0) {
(gdb) frame 5
#5  0x082df04e in zend_execute_scripts (type=8, retval=0x0,
file_count=3)
    at php-5.2.9/Zend/zend.c:1134
1134                            zend_execute(EG(active_op_array)
TSRMLS_CC);
(gdb) frame 6
#6  0x0828dd81 in php_execute_script (primary_file=0xbfffd8c4)
    at php-5.2.9/main/main.c:2023
2023                    retval = (zend_execute_scripts(ZEND_REQUIRE
TSRMLS_CC, N                                                            
                ULL, 3, prepend_file_p, primary_file, append_file_p) ==
SUCCESS);
(gdb) frame 7
#7  0x0835a851 in main (argc=2, argv=0xbfffda04)
    at php-5.2.9/sapi/cli/php_cli.c:1133
1133                            php_execute_script(&file_handle
TSRMLS_CC);
(gdb)


if you need me to go into more i can. it looks like it's just
referencing a value not set till dba_firstkey is called. (does not have
a previous index to find the next.)


Previous Comments:
------------------------------------------------------------------------

[2009-05-12 13:30:59] VJTD3 at VJTD3 dot com

<?php
 $dba = dba_open('database', 'c', 'db4');
 dba_insert('php', 'crashed', $dba);
 $key = dba_nextkey($dba);
 echo $key.':'.dba_fetch($key, $dba)."\n";
?>

that alone will seg fault. it's happens on any database driver when
dba_nextkey is used before dba_firstkey. that snippet will create a
fresh database and crash to test easier.

------------------------------------------------------------------------

[2009-05-12 05:25:49] [email protected]

Could you provide a test db (or does this happen with any?) somewhere?
And/or a gdb backtrace of the crash?

------------------------------------------------------------------------

[2009-05-12 03:29:22] VJTD3 at VJTD3 dot com

Description:
------------
DBA Segmentation fault on function dba_nextkey without dba_firstkey
before dba_nextkey.

Reproduce code:
---------------
./configure --enable-dba --with-db4 --disable-libxml --disable-dom
--disable-simplexml --disable-libxml --disable-xml --disable-xmlreader
--disable-xmlwriter --without-pear

<?php
 $dba = dba_open('database', 'r', 'db4');
 $key = dba_nextkey($dba);
 echo $key.':'.dba_fetch($key, $dba)."\n";
?>

db4-4.7.25-7

Expected result:
----------------
the first key by default or at least a error vs seg fault. (yes, i know
dba_firstkey should be before dba_nextkey however segfaults are probably
not a good reaction, defaulting to the first record or a error is
better...)

Actual result:
--------------
seg fault


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=48240&edit=1

Reply via email to