| Subject | crash in libfb.so.2 using a php query |
|---|---|
| Author | Marc Muncke |
| Post date | 2008-05-05T21:49:11Z |
Hello php group,
Title: crash in libfbclient.so.2 with php5-interbase client
Affects Version/s: 2.0.3
Environment: FreeBSD-7.0 Release on x86
I run a webpage that uses firebird and it ran fine in freebsd 6.2
The webpage uses php and it works fine on php5.2.3 with firebird 2.0.1
FreeBSD 7.0 comes with php 5.2.5 and firebird 2.0.3_2 what I installed
successfully on a new server but the scripts wont execute.
I can connect to the server using isql on localhost and with IBOConsole
php pages without query run fine as well.
The problem is when a php script instantiates a DB object for a query I
recieve a segmentation fault in libfbclient.so.2
I have entered a bug CORE-1836 on this and no one looks into it. I
understand better now that I should have posted here before. So, sorry
for not following the code of conduct but any help is appreciated anyway.
Marc M.
The problem has been traced like this :
---Type <return> to continue, or q <return> to quit---
Program received signal SIGSEGV, Segmentation fault.
0x28b5adff in ThreadData::restoreSpecific ()
from /usr/local/lib/libfbclient.so.2
(gdb)
(gdb)
(gdb) bt
#0 0x28b5adff in ThreadData::restoreSpecific ()
from /usr/local/lib/libfbclient.so.2
#1 0x28b6fd1f in error () from /usr/local/lib/libfbclient.so.2
#2 0x28b7733a in REM_attach_database () from
/usr/local/lib/libfbclient.so.2
#3 0x28b64b1b in isc_attach_database () from
/usr/local/lib/libfbclient.so.2
#4 0x28b2f411 in _php_ibase_attach_db ()
from /usr/local/lib/php/20060613-debug/interbase.so
#5 0x28b2f845 in _php_ibase_connect ()
from /usr/local/lib/php/20060613-debug/interbase.so
#6 0x289107a0 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfbfcc78)
at /usr/ports/lang/php5/work/php-5.2.5/Zend/zend_vm_execute.h:200
#7 0x28916299 in ZEND_DO_FCALL_SPEC_CONST_HANDLER
(execute_data=0xbfbfcc78)
at /usr/ports/lang/php5/work/php-5.2.5/Zend/zend_vm_execute.h:1681
#8 0x289102f2 in execute (op_array=0x28c48168)
at /usr/ports/lang/php5/work/php-5.2.5/Zend/zend_vm_execute.h:92
#9 0x2891091a in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfbfd018)
at /usr/ports/lang/php5/work/php-5.2.5/Zend/zend_vm_execute.h:234
#10 0x2891143d in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0xbfbfd018)
at /usr/ports/lang/php5/work/php-5.2.5/Zend/zend_vm_execute.h:322
#11 0x289102f2 in execute (op_array=0x28c483cc)
at /usr/ports/lang/php5/work/php-5.2.5/Zend/zend_vm_execute.h:92
#12 0x2891091a in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfbfd398)
at /usr/ports/lang/php5/work/php-5.2.5/Zend/zend_vm_execute.h:234
---Type <return> to continue, or q <return> to quit---
#13 0x2891143d in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0xbfbfd398)
at /usr/ports/lang/php5/work/php-5.2.5/Zend/zend_vm_execute.h:322
#14 0x289102f2 in execute (op_array=0x28c32258)
at /usr/ports/lang/php5/work/php-5.2.5/Zend/zend_vm_execute.h:92
#15 0x288ea902 in zend_execute_scripts (type=8, retval=0x0,
file_count=3)
at /usr/ports/lang/php5/work/php-5.2.5/Zend/zend.c:1215
#16 0x28896406 in php_execute_script (primary_file=0xbfbfe98c)
at /usr/ports/lang/php5/work/php-5.2.5/main/main.c:2025
#17 0x289665b2 in php_handler (r=0x28cc3050)
at
/usr/ports/lang/php5/work/php-5.2.5/sapi/apache2handler/sapi_apache2.c:635
#18 0x08074559 in ap_run_handler ()
#19 0x08077827 in ap_invoke_handler ()
#20 0x08082650 in ap_process_request ()
#21 0x0807f8eb in ap_process_http_connection ()
#22 0x0807b759 in ap_run_process_connection ()
#23 0x08086c97 in child_main ()
#24 0x08086f63 in make_child ()
#25 0x08087b11 in ap_mpm_run ()
#26 0x08061fe5 in main ()
-------------------------
this is my code :
<?php
# echo "<BR>This is using the IBSQL class<BR>";
class DB_Sql {
var $Host = "";
var $Database = "";
var $User = "";
var $Password = "";
// var $Charset = "WIN1250";
var $Charset = "";
var $Buffers = 0;
var $Dialect = 3;
var $Role = "";
var $Link_ID = 0;
var $Query_ID = "";
var $Record = array();
var $Row = 0;
var $Errno = 0;
var $Error = "";
var $Auto_Free = 0; ## set this to 1 to automatically free results
var $query = "";
/* public: constructor
function DB_Sql($query) {
$this->query($query);
}
*/
function DB_Sql() {
}
function connect() {
if ( 0 == $this->Link_ID ) {
// Chose your preffered connect method, Apache SAPI now supports
IB properly
$this->Link_ID=ibase_pconnect($this->Host . ":" .
$this->Database, $this->User, $this->Password,
$this->Charset, $this->Buffers ,
$this->Dialect,
$this->Role);
/*
$this->Link_ID=ibase_connect($this->Host . ":" . $this->Database,
$this->User, $this->Password,
$this->Charset, $this->Buffers ,
$this->Dialect,
$this->Role);
*/
if (!$this->Link_ID)
$this->halt("Link_ID == false, ibsql_pconnect failed");
}
}
function free_result(){
ibase_free_result($this->Query_ID);
$this->Query_ID = 0;
}
function query($Query_String) {
if (!$this->Link_ID)
$this->connect();
$Query_String = str_replace("password", "\"PASSWORD\"",
$Query_String);
$Query_String = str_replace("message", "m_essage", $Query_String);
// echo "querystring: " . $Query_String . "\n <br><hl>";
$this->Query_ID = ibase_query($this->Link_ID, $Query_String);
// $this->Query_ID = ibase_query($Query_String);
$this->Row = 0;
if (!$this->Query_ID) {
$this->Errno = 1;
$this->Error = "General Error (The IBSQL interface cannot
return detailed error messages).";
$this->halt("Invalid SQL: ".$Query_String);
}
$this->query = $Query_String;
// COMMIT
if ((stristr($Query_String, "INSERT") != "") ||
(stristr($Query_String, "UPDATE") != "") ||
(stristr($Query_String, "CREATE") != "")) {
// echo "Commiting!" . "\n <br><hl>";
ibase_commit_ret ($this->Link_ID );
}
// echo "Affected rows: " . $this->affected_rows() . "\n <br><hl>";
return $this->Query_ID;
}
function next_record() {
if ($this->Record = ibase_fetch_row($this->Query_ID)) {
// add to Record[<key>]
$count = ibase_num_fields($this->Query_ID);
for ($i=0; $i<$count; $i++){
$fieldinfo = ibase_field_info($this->Query_ID, $i);
$this->Record[strtolower($fieldinfo["name"])] = $this->Record[$i];
}
$this->Row += 1;
$stat = 1;
} else {
if ($this->Auto_Free) {
$this->free_result();
}
$stat = 0;
}
return $stat;
}
function seek($pos) {
$this->Row = $pos;
}
function metadata($table) {
$count = 0;
$id = 0;
$res = array();
$this->connect();
$id = ibase_query("select * from $table", $this->Link_ID);
if (!$id) {
$this->Errno = 1;
$this->Error = "General Error (The IBSQL interface cannot return
detailed error messages).";
$this->halt("Metadata query failed.");
}
$count = ibase_num_fields($id);
for ($i=0; $i<$count; $i++) {
$info = ibase_field_info($id, $i);
$res[$i]["table"] = $table;
$res[$i]["name"] = $info["name"];
$res[$i]["len"] = $info["length"];
$res[$i]["flags"] = $info["type"];
}
$this->free_result();
return $res;
}
function affected_rows() {
$nrows = 0;
$SqlStmt = "";
if ( stristr($this->QueryStmt, 'UPDATE') != "" ) {
$this->$query = trim($this->query);
$pieces = explode (" ", $this->query);
$table_name = $pieces[1];
$SqlStmt2 = stristr ($this->query, 'WHERE');
$SqlStmt = "SELECT COUNT(1) FROM " . $table_name . " " . $SqlStmt2;
}
if ( stristr($this->query, 'SELECT') != "" ) {
$SqlStmt = stristr ($this->query, 'FROM');
$SqlStmt2 = stristr ($this->query, 'WHERE');
$SqlStmt = "SELECT COUNT(1) " . $SqlStmt;
if ( stristr($SqlStmt, 'ORDER BY') != "" ) {
$aa = stripos ($SqlStmt, 'ORDER BY');
$SqlStmt = substr ( $SqlStmt ,0,$aa);
}
}
if ( stristr($this->QueryStmt, 'DELETE') != "" ) {
$SqlStmt = stristr ($this->query, 'FROM');
$SqlStmt2 = stristr ($this->query, 'WHERE');
$SqlStmt = "SELECT COUNT(1) " . $SqlStmt;
}
if ($SqlStmt != "") {
$this->connect();
$id = ibase_query( $this->Link_ID, $SqlStmt);
if (!$id) {
$this->Errno = 1;
$this->Error = "General Error (The IBSQL interface cannot
return detailed error messages).";
$this->halt("COUNT query failed.");
}
if ($row = ibase_fetch_row($id)) {
$count = ibase_num_fields($id);
$nrows = $row[0];
}
ibase_free_result($id);
}
// echo "stmt" .$SqlStmt;
return $nrows;
}
function num_rows() {
return $this->affected_rows();
}
function num_fields() {
return ibase_num_fields($this->Query_ID);
}
function nf() {
return $this->num_rows();
}
function np() {
print $this->num_rows();
}
function f($Field_Name) {
return $this->Record[strtolower($Field_Name)];
}
function p($Field_Name) {
print $this->f($Field_Name);
}
function halt($msg) {
printf("</td></tr></table><b>Database error:</b> %s<br>\n", $msg);
printf("<b>IBSQL Error</b>: %s (%s)<br>\n",
$this->Errno,
$this->Error);
die("Session halted.");
}
function disconnect () {
ibase_close($this->Link_ID);
}
}
// ------------------------------------- end include
// create Object
class DB_login extends DB_Sql {
var $Debug = 0; ## Set to 1 for debugging messages.
var $Halt_On_Error = "yes"; ## "yes" (halt with message), "no"
(ignore errors quietly), "report" (ignore errror, but spit a warning)
function DB_login () {
global $dbloginhost;
global $dbloginpass;
global $dbloginuser;
global $dblogindatabase;
$this->Host = $dbloginhost;
$this->Password = $dbloginpass;
$this->User = $dbloginuser;
$this->Database = $dblogindatabase;
$this->DB_Sql();
}
}
-----------------------------------------
// actual script code
#error_reporting(E_ALL); // used for debugging
error_reporting(E_ALL & ~E_NOTICE);
set_magic_quotes_runtime(0);
extract((array)$HTTP_POST_VARS);
extract((array)$HTTP_GET_VARS);
$ab = new DB_login;
srand((double)microtime()*1000000);
$n=rand(0,52);
// crash is here
$ab->query("select * from martist where id=".$n);
$ab->next_record();
echo("finished");
?>
Title: crash in libfbclient.so.2 with php5-interbase client
Affects Version/s: 2.0.3
Environment: FreeBSD-7.0 Release on x86
I run a webpage that uses firebird and it ran fine in freebsd 6.2
The webpage uses php and it works fine on php5.2.3 with firebird 2.0.1
FreeBSD 7.0 comes with php 5.2.5 and firebird 2.0.3_2 what I installed
successfully on a new server but the scripts wont execute.
I can connect to the server using isql on localhost and with IBOConsole
php pages without query run fine as well.
The problem is when a php script instantiates a DB object for a query I
recieve a segmentation fault in libfbclient.so.2
I have entered a bug CORE-1836 on this and no one looks into it. I
understand better now that I should have posted here before. So, sorry
for not following the code of conduct but any help is appreciated anyway.
Marc M.
The problem has been traced like this :
---Type <return> to continue, or q <return> to quit---
Program received signal SIGSEGV, Segmentation fault.
0x28b5adff in ThreadData::restoreSpecific ()
from /usr/local/lib/libfbclient.so.2
(gdb)
(gdb)
(gdb) bt
#0 0x28b5adff in ThreadData::restoreSpecific ()
from /usr/local/lib/libfbclient.so.2
#1 0x28b6fd1f in error () from /usr/local/lib/libfbclient.so.2
#2 0x28b7733a in REM_attach_database () from
/usr/local/lib/libfbclient.so.2
#3 0x28b64b1b in isc_attach_database () from
/usr/local/lib/libfbclient.so.2
#4 0x28b2f411 in _php_ibase_attach_db ()
from /usr/local/lib/php/20060613-debug/interbase.so
#5 0x28b2f845 in _php_ibase_connect ()
from /usr/local/lib/php/20060613-debug/interbase.so
#6 0x289107a0 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfbfcc78)
at /usr/ports/lang/php5/work/php-5.2.5/Zend/zend_vm_execute.h:200
#7 0x28916299 in ZEND_DO_FCALL_SPEC_CONST_HANDLER
(execute_data=0xbfbfcc78)
at /usr/ports/lang/php5/work/php-5.2.5/Zend/zend_vm_execute.h:1681
#8 0x289102f2 in execute (op_array=0x28c48168)
at /usr/ports/lang/php5/work/php-5.2.5/Zend/zend_vm_execute.h:92
#9 0x2891091a in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfbfd018)
at /usr/ports/lang/php5/work/php-5.2.5/Zend/zend_vm_execute.h:234
#10 0x2891143d in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0xbfbfd018)
at /usr/ports/lang/php5/work/php-5.2.5/Zend/zend_vm_execute.h:322
#11 0x289102f2 in execute (op_array=0x28c483cc)
at /usr/ports/lang/php5/work/php-5.2.5/Zend/zend_vm_execute.h:92
#12 0x2891091a in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfbfd398)
at /usr/ports/lang/php5/work/php-5.2.5/Zend/zend_vm_execute.h:234
---Type <return> to continue, or q <return> to quit---
#13 0x2891143d in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0xbfbfd398)
at /usr/ports/lang/php5/work/php-5.2.5/Zend/zend_vm_execute.h:322
#14 0x289102f2 in execute (op_array=0x28c32258)
at /usr/ports/lang/php5/work/php-5.2.5/Zend/zend_vm_execute.h:92
#15 0x288ea902 in zend_execute_scripts (type=8, retval=0x0,
file_count=3)
at /usr/ports/lang/php5/work/php-5.2.5/Zend/zend.c:1215
#16 0x28896406 in php_execute_script (primary_file=0xbfbfe98c)
at /usr/ports/lang/php5/work/php-5.2.5/main/main.c:2025
#17 0x289665b2 in php_handler (r=0x28cc3050)
at
/usr/ports/lang/php5/work/php-5.2.5/sapi/apache2handler/sapi_apache2.c:635
#18 0x08074559 in ap_run_handler ()
#19 0x08077827 in ap_invoke_handler ()
#20 0x08082650 in ap_process_request ()
#21 0x0807f8eb in ap_process_http_connection ()
#22 0x0807b759 in ap_run_process_connection ()
#23 0x08086c97 in child_main ()
#24 0x08086f63 in make_child ()
#25 0x08087b11 in ap_mpm_run ()
#26 0x08061fe5 in main ()
-------------------------
this is my code :
<?php
# echo "<BR>This is using the IBSQL class<BR>";
class DB_Sql {
var $Host = "";
var $Database = "";
var $User = "";
var $Password = "";
// var $Charset = "WIN1250";
var $Charset = "";
var $Buffers = 0;
var $Dialect = 3;
var $Role = "";
var $Link_ID = 0;
var $Query_ID = "";
var $Record = array();
var $Row = 0;
var $Errno = 0;
var $Error = "";
var $Auto_Free = 0; ## set this to 1 to automatically free results
var $query = "";
/* public: constructor
function DB_Sql($query) {
$this->query($query);
}
*/
function DB_Sql() {
}
function connect() {
if ( 0 == $this->Link_ID ) {
// Chose your preffered connect method, Apache SAPI now supports
IB properly
$this->Link_ID=ibase_pconnect($this->Host . ":" .
$this->Database, $this->User, $this->Password,
$this->Charset, $this->Buffers ,
$this->Dialect,
$this->Role);
/*
$this->Link_ID=ibase_connect($this->Host . ":" . $this->Database,
$this->User, $this->Password,
$this->Charset, $this->Buffers ,
$this->Dialect,
$this->Role);
*/
if (!$this->Link_ID)
$this->halt("Link_ID == false, ibsql_pconnect failed");
}
}
function free_result(){
ibase_free_result($this->Query_ID);
$this->Query_ID = 0;
}
function query($Query_String) {
if (!$this->Link_ID)
$this->connect();
$Query_String = str_replace("password", "\"PASSWORD\"",
$Query_String);
$Query_String = str_replace("message", "m_essage", $Query_String);
// echo "querystring: " . $Query_String . "\n <br><hl>";
$this->Query_ID = ibase_query($this->Link_ID, $Query_String);
// $this->Query_ID = ibase_query($Query_String);
$this->Row = 0;
if (!$this->Query_ID) {
$this->Errno = 1;
$this->Error = "General Error (The IBSQL interface cannot
return detailed error messages).";
$this->halt("Invalid SQL: ".$Query_String);
}
$this->query = $Query_String;
// COMMIT
if ((stristr($Query_String, "INSERT") != "") ||
(stristr($Query_String, "UPDATE") != "") ||
(stristr($Query_String, "CREATE") != "")) {
// echo "Commiting!" . "\n <br><hl>";
ibase_commit_ret ($this->Link_ID );
}
// echo "Affected rows: " . $this->affected_rows() . "\n <br><hl>";
return $this->Query_ID;
}
function next_record() {
if ($this->Record = ibase_fetch_row($this->Query_ID)) {
// add to Record[<key>]
$count = ibase_num_fields($this->Query_ID);
for ($i=0; $i<$count; $i++){
$fieldinfo = ibase_field_info($this->Query_ID, $i);
$this->Record[strtolower($fieldinfo["name"])] = $this->Record[$i];
}
$this->Row += 1;
$stat = 1;
} else {
if ($this->Auto_Free) {
$this->free_result();
}
$stat = 0;
}
return $stat;
}
function seek($pos) {
$this->Row = $pos;
}
function metadata($table) {
$count = 0;
$id = 0;
$res = array();
$this->connect();
$id = ibase_query("select * from $table", $this->Link_ID);
if (!$id) {
$this->Errno = 1;
$this->Error = "General Error (The IBSQL interface cannot return
detailed error messages).";
$this->halt("Metadata query failed.");
}
$count = ibase_num_fields($id);
for ($i=0; $i<$count; $i++) {
$info = ibase_field_info($id, $i);
$res[$i]["table"] = $table;
$res[$i]["name"] = $info["name"];
$res[$i]["len"] = $info["length"];
$res[$i]["flags"] = $info["type"];
}
$this->free_result();
return $res;
}
function affected_rows() {
$nrows = 0;
$SqlStmt = "";
if ( stristr($this->QueryStmt, 'UPDATE') != "" ) {
$this->$query = trim($this->query);
$pieces = explode (" ", $this->query);
$table_name = $pieces[1];
$SqlStmt2 = stristr ($this->query, 'WHERE');
$SqlStmt = "SELECT COUNT(1) FROM " . $table_name . " " . $SqlStmt2;
}
if ( stristr($this->query, 'SELECT') != "" ) {
$SqlStmt = stristr ($this->query, 'FROM');
$SqlStmt2 = stristr ($this->query, 'WHERE');
$SqlStmt = "SELECT COUNT(1) " . $SqlStmt;
if ( stristr($SqlStmt, 'ORDER BY') != "" ) {
$aa = stripos ($SqlStmt, 'ORDER BY');
$SqlStmt = substr ( $SqlStmt ,0,$aa);
}
}
if ( stristr($this->QueryStmt, 'DELETE') != "" ) {
$SqlStmt = stristr ($this->query, 'FROM');
$SqlStmt2 = stristr ($this->query, 'WHERE');
$SqlStmt = "SELECT COUNT(1) " . $SqlStmt;
}
if ($SqlStmt != "") {
$this->connect();
$id = ibase_query( $this->Link_ID, $SqlStmt);
if (!$id) {
$this->Errno = 1;
$this->Error = "General Error (The IBSQL interface cannot
return detailed error messages).";
$this->halt("COUNT query failed.");
}
if ($row = ibase_fetch_row($id)) {
$count = ibase_num_fields($id);
$nrows = $row[0];
}
ibase_free_result($id);
}
// echo "stmt" .$SqlStmt;
return $nrows;
}
function num_rows() {
return $this->affected_rows();
}
function num_fields() {
return ibase_num_fields($this->Query_ID);
}
function nf() {
return $this->num_rows();
}
function np() {
print $this->num_rows();
}
function f($Field_Name) {
return $this->Record[strtolower($Field_Name)];
}
function p($Field_Name) {
print $this->f($Field_Name);
}
function halt($msg) {
printf("</td></tr></table><b>Database error:</b> %s<br>\n", $msg);
printf("<b>IBSQL Error</b>: %s (%s)<br>\n",
$this->Errno,
$this->Error);
die("Session halted.");
}
function disconnect () {
ibase_close($this->Link_ID);
}
}
// ------------------------------------- end include
// create Object
class DB_login extends DB_Sql {
var $Debug = 0; ## Set to 1 for debugging messages.
var $Halt_On_Error = "yes"; ## "yes" (halt with message), "no"
(ignore errors quietly), "report" (ignore errror, but spit a warning)
function DB_login () {
global $dbloginhost;
global $dbloginpass;
global $dbloginuser;
global $dblogindatabase;
$this->Host = $dbloginhost;
$this->Password = $dbloginpass;
$this->User = $dbloginuser;
$this->Database = $dblogindatabase;
$this->DB_Sql();
}
}
-----------------------------------------
// actual script code
#error_reporting(E_ALL); // used for debugging
error_reporting(E_ALL & ~E_NOTICE);
set_magic_quotes_runtime(0);
extract((array)$HTTP_POST_VARS);
extract((array)$HTTP_GET_VARS);
$ab = new DB_login;
srand((double)microtime()*1000000);
$n=rand(0,52);
// crash is here
$ab->query("select * from martist where id=".$n);
$ab->next_record();
echo("finished");
?>