ID: 48070 Updated by: mbecc...@php.net Reported By: jarismar dot php at gmail dot com -Status: Assigned +Status: Closed Bug Type: PDO related Operating System: * PHP Version: 5.2CVS-2009-04-24 (CVS) Assigned To: mbeccati New Comment:
This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2009-04-30 16:57:22] mbecc...@php.net It took some time as I wasn't able to reproduce it using the cli sapi. Looks like it's a duplicate of an existing bug that was fixed in 5.3+ but not backported to 5.2. The fix for #44301 matches the proposed patch for oci_statement.c, but leaves oci_driver.c potentially affected. I will fix in HEAD and backport to PHP_5_3 and PHP_5_2 soon. ------------------------------------------------------------------------ [2009-04-27 14:25:39] johan...@php.net Chris, please take a look, thanks. ------------------------------------------------------------------------ [2009-04-26 11:43:43] jarismar dot php at gmail dot com This seems to fix these two bugs also, Bug #42075 pdo_oci crash (with persistent connection) when couldn't connect to db Bug #44560 Apache crashes with PDO_OCI and both persistent and non-persistent connections. ------------------------------------------------------------------------ [2009-04-24 14:11:13] jarismar dot php at gmail dot com I think, this happens because error messages are being created with pestrdup and later destructed with efree. I've changed the pdo_oci extension to use pefree when appropriate, it seems to solve the problem. This is the patch against PHP_5_2 tip. cvs diff - u > Index: oci_driver.c =================================================================== RCS file: /repository/php-src/ext/pdo_oci/oci_driver.c,v retrieving revision 1.24.2.4.2.11 diff -u -u -p -r1.24.2.4.2.11 oci_driver.c --- oci_driver.c 31 Dec 2008 11:17:42 -0000 1.24.2.4.2.11 +++ oci_driver.c 24 Apr 2009 10:47:29 -0000 @@ -70,16 +70,15 @@ ub4 _oci_error(OCIError *err, pdo_dbh_t S = (pdo_oci_stmt*)stmt->driver_data; einfo = &S->einfo; pdo_err = &stmt->error_code; - if (einfo->errmsg) { - efree(einfo->errmsg); - } } else { einfo = &H->einfo; - if (einfo->errmsg) { - pefree(einfo->errmsg, dbh->is_persistent); - } } + + if (einfo->errmsg) { + pefree(einfo->errmsg, dbh->is_persistent); + } + einfo->errmsg = NULL; einfo->errcode = 0; Index: oci_statement.c =================================================================== RCS file: /repository/php-src/ext/pdo_oci/oci_statement.c,v retrieving revision 1.16.2.10.2.9 diff -u -u -p -r1.16.2.10.2.9 oci_statement.c --- oci_statement.c 31 Dec 2008 11:17:42 -0000 1.16.2.10.2.9 +++ oci_statement.c 24 Apr 2009 10:47:30 -0000 @@ -54,6 +54,7 @@ static php_stream *oci_create_lob_stream static int oci_stmt_dtor(pdo_stmt_t *stmt TSRMLS_DC) /* {{{ */ { pdo_oci_stmt *S = (pdo_oci_stmt*)stmt->driver_data; + pdo_dbh_t *dbh = stmt->dbh; HashTable *BC = stmt->bound_columns; HashTable *BP = stmt->bound_params; @@ -87,7 +88,7 @@ static int oci_stmt_dtor(pdo_stmt_t *stm } if (S->einfo.errmsg) { - efree(S->einfo.errmsg); + pefree(S->einfo.errmsg, dbh->is_persistent); S->einfo.errmsg = NULL; } ------------------------------------------------------------------------ [2009-04-24 14:09:13] jarismar dot php at gmail dot com Description: ------------ When using persistent connections apache segfaults at end of the request. The segfault only happens if some statment has got error. Reproduced on Windows (XP) and Linux (debian 2.6.29-1-686). Reproduce code: --------------- $sDSN = 'oci:dbname=//webreport:1521/adplabs'; $sUserName = 'rpttest82'; $sPassword = 'rpttest82'; $oPDO = new PDO($sDSN, $sUserName, $sPassword, array(PDO::ATTR_PERSISTENT => true)); $oPDO->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); try { $oStatement = $oPDO->prepare('Select x from no_table'); $oStatement->execute(); } catch (Exception $oException) { print $oException->getMessage()."\n"; } Expected result: ---------------- SQLSTATE[HY000]: General error: 942 OCIStmtExecute: ORA-00942: table or view does not exist (/home/jaris/php-latest/ext/pdo_oci/oci_statement.c:147) Actual result: -------------- Windows : Unhandled exception at 0x0088ad16 (php5ts.dll) in Apache.exe: 0xC0000005: Access violation reading location 0x002c5cc4. Debian : segmentation fault ALERT - canary mismatch on efree() - heap overflow detected (attacker 'REMOTE_ADDR not set', file 'unknown') ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=48070&edit=1
