[PHP] segment fault occurs sometimes when runing test case: cubrid_fetch_object.phpt

Details

Description

Environment:
Linux 64bit
PHP5.3
This problem only happens sometimes.

(gdb) r
Starting program: /home/jinhu/apps/php-5.3.13/bin/php cubrid_fetch_object.phpt
[Thread debugging using libthread_db enabled]
[New Thread 0x2b641a9576b0 (LWP 18018)]
-TEST-
cubrid_fetch_object
-SKIPIF-
-FILE-
object(stdClass)#1 (2) { ["s_name"]=> string(1) "X" ["f_name"]=> string(5) "Mixed" }
object(cubrid_fetch_object_test)#1 (2) { ["s_name"]=> string(1) "W" ["f_name"]=> string(5) "Woman" }

Program received signal SIGSEGV, Segmentation fault.
0x00000000008745cf in zend_is_callable_ex (callable=0x0, object_ptr=0x17acfbf8, check_flags=8, callable_name=0x7fff904bad48, callable_name_len=0x7fff904bac68,
fcc=0x7fff904baf70, error=0x7fff904bad40, tsrm_ls=0x1787a090) at /home/jinhu/Downloads/php-5.3.13/Zend/zend_API.c:2721
2721 switch (Z_TYPE_P(callable)) {
(gdb) bt
#0 0x00000000008745cf in zend_is_callable_ex (callable=0x0, object_ptr=0x17acfbf8, check_flags=8, callable_name=0x7fff904bad48, callable_name_len=0x7fff904bac68,
fcc=0x7fff904baf70, error=0x7fff904bad40, tsrm_ls=0x1787a090) at /home/jinhu/Downloads/php-5.3.13/Zend/zend_API.c:2721
#1 0x0000000000851fb0 in zend_call_function (fci=0x7fff904baf20, fci_cache=0x7fff904baf70, tsrm_ls=0x1787a090)
at /home/jinhu/Downloads/php-5.3.13/Zend/zend_execute_API.c:817
#2 0x00002b641dfe77bd in php_cubrid_fetch_hash () from /home/jinhu/apps/php-5.3.13/lib/extensions/cubrid.so
#3 0x00002b641dfd7aeb in zif_cubrid_fetch_object () from /home/jinhu/apps/php-5.3.13/lib/extensions/cubrid.so
#4 0x00000000008a2b65 in zend_do_fcall_common_helper_SPEC (execute_data=0x2b641e6b2098, tsrm_ls=0x1787a090)
at /home/jinhu/Downloads/php-5.3.13/Zend/zend_vm_execute.h:320
#5 0x00000000008a9d64 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0x2b641e6b2098, tsrm_ls=0x1787a090)
at /home/jinhu/Downloads/php-5.3.13/Zend/zend_vm_execute.h:1640
#6 0x00000000008a14f3 in execute (op_array=0x17acf688, tsrm_ls=0x1787a090) at /home/jinhu/Downloads/php-5.3.13/Zend/zend_vm_execute.h:107
#7 0x00000000008679c8 in zend_execute_scripts (type=8, tsrm_ls=0x1787a090, retval=0x0, file_count=3) at /home/jinhu/Downloads/php-5.3.13/Zend/zend.c:1236
#8 0x00000000007c11ef in php_execute_script (primary_file=0x7fff904bdc80, tsrm_ls=0x1787a090) at /home/jinhu/Downloads/php-5.3.13/main/main.c:2308
#9 0x000000000097898c in main (argc=2, argv=0x7fff904bded8) at /home/jinhu/Downloads/php-5.3.13/sapi/cli/php_cli.c:1184
(gdb)

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
李金虎 added a comment -

Analysis:

In PHP driver, php_cubrid_fetch_hash() defines fcc and initialized all members except fcc->initialized.
Then php_cubrid_fetch_hash() invokes zend_call_function() in PHP which the fcc->initialized will be used.
fcc->initialized is a random value. If it isn't 0, the function is OK, else the segment fault occurs.
The defination of fcc is as below:
In PHP 5.3, 5.4:
typedef struct _zend_fcall_info_cache {
zend_bool initialized;
zend_function *function_handler;
zend_class_entry *calling_scope;
zend_class_entry *called_scope;
zval *object_ptr;
} zend_fcall_info_cache;

In PHP 5.2:
typedef struct _zend_fcall_info_cache {
zend_bool initialized;
zend_function *function_handler;
zend_class_entry *calling_scope;
zval **object_pp;
} zend_fcall_info_cache;

There are some similar codes in the fetch_object() in the PHP driver of Mysql:
php-5.3.13/ext/mysqli/mysqli.c: Line: 1306
fcc.initialized = 1;
fcc.function_handler = ce->constructor;
fcc.calling_scope = EG(scope);
fcc.called_scope = Z_OBJCE_P(return_value);
fcc.object_ptr = return_value;

Show
李金虎 added a comment - Analysis: In PHP driver, php_cubrid_fetch_hash() defines fcc and initialized all members except fcc->initialized. Then php_cubrid_fetch_hash() invokes zend_call_function() in PHP which the fcc->initialized will be used. fcc->initialized is a random value. If it isn't 0, the function is OK, else the segment fault occurs. The defination of fcc is as below: In PHP 5.3, 5.4: typedef struct _zend_fcall_info_cache { zend_bool initialized; zend_function *function_handler; zend_class_entry *calling_scope; zend_class_entry *called_scope; zval *object_ptr; } zend_fcall_info_cache; In PHP 5.2: typedef struct _zend_fcall_info_cache { zend_bool initialized; zend_function *function_handler; zend_class_entry *calling_scope; zval **object_pp; } zend_fcall_info_cache; There are some similar codes in the fetch_object() in the PHP driver of Mysql: php-5.3.13/ext/mysqli/mysqli.c: Line: 1306 fcc.initialized = 1; fcc.function_handler = ce->constructor; fcc.calling_scope = EG(scope); fcc.called_scope = Z_OBJCE_P(return_value); fcc.object_ptr = return_value;
Hide
Permalink
李金虎 added a comment -

File: php_cubrid.c
Revision: 1048 commited in RB-8.4.3

Show
李金虎 added a comment - File: php_cubrid.c Revision: 1048 commited in RB-8.4.3
Hide
Permalink
李金虎 added a comment -

merge into RB-8.4.1
merge into RB-9.0.0
merge into trunk.

Resolved.

Show
李金虎 added a comment - merge into RB-8.4.1 merge into RB-9.0.0 merge into trunk. Resolved.

People

  • Assignee:
    李金虎
    Reporter:
    李金虎
Vote (0)
Watch (1)

Dates

  • Created:
    Updated:
    Resolved: