Uploaded image for project: 'CUBRID APIs'
  1. CUBRID APIs
  2. APIS-385

[PHP] segment fault occurs sometimes when runing test case: cubrid_fetch_object.phpt

    Details

      Description

      Environment:
      Linux 64bit
      PHP5.3
      This problem only happens sometimes.

      (gdb) r
      Starting program: /home/jinhu/apps/php-5.3.13/bin/php cubrid_fetch_object.phpt
      [Thread debugging using libthread_db enabled]
      [New Thread 0x2b641a9576b0 (LWP 18018)]
      -TEST-
      cubrid_fetch_object
      -SKIPIF-
      -FILE-
      object(stdClass)#1 (2) {
      ["s_name"]=>
      string(1) "X"
      ["f_name"]=>
      string(5) "Mixed"
      }
      object(cubrid_fetch_object_test)#1 (2) {
      ["s_name"]=>
      string(1) "W"
      ["f_name"]=>
      string(5) "Woman"
      }

      Program received signal SIGSEGV, Segmentation fault.
      0x00000000008745cf in zend_is_callable_ex (callable=0x0, object_ptr=0x17acfbf8, check_flags=8, callable_name=0x7fff904bad48, callable_name_len=0x7fff904bac68,
      fcc=0x7fff904baf70, error=0x7fff904bad40, tsrm_ls=0x1787a090) at /home/jinhu/Downloads/php-5.3.13/Zend/zend_API.c:2721
      2721 switch (Z_TYPE_P(callable)) {
      (gdb) bt
      #0 0x00000000008745cf in zend_is_callable_ex (callable=0x0, object_ptr=0x17acfbf8, check_flags=8, callable_name=0x7fff904bad48, callable_name_len=0x7fff904bac68,
      fcc=0x7fff904baf70, error=0x7fff904bad40, tsrm_ls=0x1787a090) at /home/jinhu/Downloads/php-5.3.13/Zend/zend_API.c:2721
      #1 0x0000000000851fb0 in zend_call_function (fci=0x7fff904baf20, fci_cache=0x7fff904baf70, tsrm_ls=0x1787a090)
      at /home/jinhu/Downloads/php-5.3.13/Zend/zend_execute_API.c:817
      #2 0x00002b641dfe77bd in php_cubrid_fetch_hash () from /home/jinhu/apps/php-5.3.13/lib/extensions/cubrid.so
      #3 0x00002b641dfd7aeb in zif_cubrid_fetch_object () from /home/jinhu/apps/php-5.3.13/lib/extensions/cubrid.so
      #4 0x00000000008a2b65 in zend_do_fcall_common_helper_SPEC (execute_data=0x2b641e6b2098, tsrm_ls=0x1787a090)
      at /home/jinhu/Downloads/php-5.3.13/Zend/zend_vm_execute.h:320
      #5 0x00000000008a9d64 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0x2b641e6b2098, tsrm_ls=0x1787a090)
      at /home/jinhu/Downloads/php-5.3.13/Zend/zend_vm_execute.h:1640
      #6 0x00000000008a14f3 in execute (op_array=0x17acf688, tsrm_ls=0x1787a090) at /home/jinhu/Downloads/php-5.3.13/Zend/zend_vm_execute.h:107
      #7 0x00000000008679c8 in zend_execute_scripts (type=8, tsrm_ls=0x1787a090, retval=0x0, file_count=3) at /home/jinhu/Downloads/php-5.3.13/Zend/zend.c:1236
      #8 0x00000000007c11ef in php_execute_script (primary_file=0x7fff904bdc80, tsrm_ls=0x1787a090) at /home/jinhu/Downloads/php-5.3.13/main/main.c:2308
      #9 0x000000000097898c in main (argc=2, argv=0x7fff904bded8) at /home/jinhu/Downloads/php-5.3.13/sapi/cli/php_cli.c:1184
      (gdb)

        Activity

        Hide
        jinhu 李金虎 added a comment -

        Analysis:

        In PHP driver, php_cubrid_fetch_hash() defines fcc and initialized all members except fcc->initialized.
        Then php_cubrid_fetch_hash() invokes zend_call_function() in PHP which the fcc->initialized will be used.
        fcc->initialized is a random value. If it isn't 0, the function is OK, else the segment fault occurs.
        The defination of fcc is as below:
        In PHP 5.3, 5.4:
        typedef struct _zend_fcall_info_cache {
        zend_bool initialized;
        zend_function *function_handler;
        zend_class_entry *calling_scope;
        zend_class_entry *called_scope;
        zval *object_ptr;
        } zend_fcall_info_cache;

        In PHP 5.2:
        typedef struct _zend_fcall_info_cache {
        zend_bool initialized;
        zend_function *function_handler;
        zend_class_entry *calling_scope;
        zval **object_pp;
        } zend_fcall_info_cache;

        There are some similar codes in the fetch_object() in the PHP driver of Mysql:
        php-5.3.13/ext/mysqli/mysqli.c: Line: 1306
        fcc.initialized = 1;
        fcc.function_handler = ce->constructor;
        fcc.calling_scope = EG(scope);
        fcc.called_scope = Z_OBJCE_P(return_value);
        fcc.object_ptr = return_value;

        Show
        jinhu 李金虎 added a comment - Analysis: In PHP driver, php_cubrid_fetch_hash() defines fcc and initialized all members except fcc->initialized. Then php_cubrid_fetch_hash() invokes zend_call_function() in PHP which the fcc->initialized will be used. fcc->initialized is a random value. If it isn't 0, the function is OK, else the segment fault occurs. The defination of fcc is as below: In PHP 5.3, 5.4: typedef struct _zend_fcall_info_cache { zend_bool initialized; zend_function *function_handler; zend_class_entry *calling_scope; zend_class_entry *called_scope; zval *object_ptr; } zend_fcall_info_cache; In PHP 5.2: typedef struct _zend_fcall_info_cache { zend_bool initialized; zend_function *function_handler; zend_class_entry *calling_scope; zval **object_pp; } zend_fcall_info_cache; There are some similar codes in the fetch_object() in the PHP driver of Mysql: php-5.3.13/ext/mysqli/mysqli.c: Line: 1306 fcc.initialized = 1; fcc.function_handler = ce->constructor; fcc.calling_scope = EG(scope); fcc.called_scope = Z_OBJCE_P(return_value); fcc.object_ptr = return_value;
        Hide
        jinhu 李金虎 added a comment -

        File: php_cubrid.c
        Revision: 1048 commited in RB-8.4.3

        Show
        jinhu 李金虎 added a comment - File: php_cubrid.c Revision: 1048 commited in RB-8.4.3
        Hide
        jinhu 李金虎 added a comment -

        merge into RB-8.4.1
        merge into RB-9.0.0
        merge into trunk.

        Resolved.

        Show
        jinhu 李金虎 added a comment - merge into RB-8.4.1 merge into RB-9.0.0 merge into trunk. Resolved.

          People

          • Assignee:
            jinhu 李金虎
            Reporter:
            jinhu 李金虎
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: