diff options
| author | Antony Dovgal <tony2001@php.net> | 2006-07-30 20:51:24 +0000 |
|---|---|---|
| committer | Antony Dovgal <tony2001@php.net> | 2006-07-30 20:51:24 +0000 |
| commit | aa1ced04cba02a3052a99220183f730254ca4a60 (patch) | |
| tree | 8cebd8945ce36c21ec575b03b136111e0ac73e74 | |
| parent | fb1c592640092a8a440905dc7add9a4ea663b0d5 (diff) | |
| download | php-git-aa1ced04cba02a3052a99220183f730254ca4a60.tar.gz | |
MFH: fix #38173 (Freeing nested cursors causes OCI8 to segfault)
| -rw-r--r-- | NEWS | 1 | ||||
| -rw-r--r-- | ext/oci8/oci8_interface.c | 5 | ||||
| -rw-r--r-- | ext/oci8/oci8_statement.c | 2 | ||||
| -rw-r--r-- | ext/oci8/php_oci8_int.h | 1 | ||||
| -rw-r--r-- | ext/oci8/tests/bug38173.phpt | 79 |
5 files changed, 87 insertions, 1 deletions
@@ -40,6 +40,7 @@ PHP NEWS execution). (Dmitry) - Fixed bug #38194 (ReflectionClass::isSubclassOf() returns TRUE for the class itself). (Ilia) +- Fixed bug #38173 (Freeing nested cursors causes OCI8 to segfault). (Tony) - Fixed bug #38132 (ReflectionClass::getStaticProperties() retains \0 in key names). (Ilia) - Fixed bug #38047 ("file" and "line" sometimes not set in backtrace from diff --git a/ext/oci8/oci8_interface.c b/ext/oci8/oci8_interface.c index f934b1c52d..6964cc3e1a 100644 --- a/ext/oci8/oci8_interface.c +++ b/ext/oci8/oci8_interface.c @@ -1483,7 +1483,10 @@ PHP_FUNCTION(oci_free_statement) } PHP_OCI_ZVAL_TO_STATEMENT(z_statement, statement); - zend_list_delete(statement->id); + if (!statement->nested) { + /* nested cursors cannot be freed, they are allocated once and used during the fetch */ + zend_list_delete(statement->id); + } RETURN_TRUE; } diff --git a/ext/oci8/oci8_statement.c b/ext/oci8/oci8_statement.c index 16a2b7e182..32cf84d913 100644 --- a/ext/oci8/oci8_statement.c +++ b/ext/oci8/oci8_statement.c @@ -94,6 +94,7 @@ php_oci_statement *php_oci_statement_create (php_oci_connection *connection, cha statement->connection = connection; statement->has_data = 0; + statement->nested = 0; if (OCI_G(default_prefetch) > 0) { php_oci_statement_set_prefetch(statement, OCI_G(default_prefetch) TSRMLS_CC); @@ -443,6 +444,7 @@ int php_oci_statement_execute(php_oci_statement *statement, ub4 mode TSRMLS_DC) case SQLT_RSET: outcol->statement = php_oci_statement_create(statement->connection, NULL, 0, 0 TSRMLS_CC); outcol->stmtid = outcol->statement->id; + outcol->statement->nested = 1; define_type = SQLT_RSET; outcol->is_cursor = 1; diff --git a/ext/oci8/php_oci8_int.h b/ext/oci8/php_oci8_int.h index 638cd2391a..b3e2c46137 100644 --- a/ext/oci8/php_oci8_int.h +++ b/ext/oci8/php_oci8_int.h @@ -166,6 +166,7 @@ typedef struct { /* php_oci_statement {{{ */ int ncolumns; /* number of columns in the result */ unsigned executed:1; /* statement executed flag */ unsigned has_data:1; /* statement has more data flag */ + unsigned nested:1; /* statement handle is valid */ ub2 stmttype; /* statement type */ } php_oci_statement; /* }}} */ diff --git a/ext/oci8/tests/bug38173.phpt b/ext/oci8/tests/bug38173.phpt new file mode 100644 index 0000000000..b92df9e39e --- /dev/null +++ b/ext/oci8/tests/bug38173.phpt @@ -0,0 +1,79 @@ +--TEST-- +Bug #38173 (Freeing nested cursors causes OCI8 to segfault) +--SKIPIF-- +<?php if (!extension_loaded('oci8')) die("skip no oci8 extension"); ?> +--FILE-- +<?php + +require dirname(__FILE__)."/connect.inc"; + +$create_1 = "CREATE TABLE t1 (id INTEGER)"; +$create_2 = "CREATE TABLE t2 (id INTEGER)"; +$drop_1 = "DROP TABLE t1"; +$drop_2 = "DROP TABLE t2"; + +$s1 = oci_parse($c, $drop_1); +$s2 = oci_parse($c, $drop_2); +@oci_execute($s1); +@oci_execute($s2); + +$s1 = oci_parse($c, $create_1); +$s2 = oci_parse($c, $create_2); +oci_execute($s1); +oci_execute($s2); + +for($i=0; $i < 5; $i++) { + $insert = "INSERT INTO t1 VALUES(".$i.")"; + $s = oci_parse($c, $insert); + oci_execute($s); +} + +for($i=0; $i < 5; $i++) { + $insert = "INSERT INTO t2 VALUES(".$i.")"; + $s = oci_parse($c, $insert); + oci_execute($s); +} + +$query =" +SELECT + t1.*, + CURSOR( SELECT * FROM t2 ) as cursor +FROM + t1 +"; + +$sth = oci_parse($c, $query); +oci_execute($sth); + +// dies on oci_free_statement on 2nd pass through loop +while ( $row = oci_fetch_assoc($sth) ) { + print "Got row!\n"; + var_dump(oci_execute($row['CURSOR'])); + var_dump(oci_free_statement($row['CURSOR'])); +} + +$s1 = oci_parse($c, $drop_1); +$s2 = oci_parse($c, $drop_2); +@oci_execute($s1); +@oci_execute($s2); + +echo "Done\n"; + +?> +--EXPECT-- +Got row! +bool(true) +bool(true) +Got row! +bool(true) +bool(true) +Got row! +bool(true) +bool(true) +Got row! +bool(true) +bool(true) +Got row! +bool(true) +bool(true) +Done |