Browse Source

MFH: fix #38173 (Freeing nested cursors causes OCI8 to segfault)

PECL_OPENSSL
Antony Dovgal 20 years ago
parent
commit
aa1ced04cb
  1. 1
      NEWS
  2. 5
      ext/oci8/oci8_interface.c
  3. 2
      ext/oci8/oci8_statement.c
  4. 1
      ext/oci8/php_oci8_int.h
  5. 79
      ext/oci8/tests/bug38173.phpt

1
NEWS

@ -40,6 +40,7 @@ PHP NEWS
execution). (Dmitry)
- Fixed bug #38194 (ReflectionClass::isSubclassOf() returns TRUE for the class
itself). (Ilia)
- Fixed bug #38173 (Freeing nested cursors causes OCI8 to segfault). (Tony)
- Fixed bug #38132 (ReflectionClass::getStaticProperties() retains \0 in key
names). (Ilia)
- Fixed bug #38047 ("file" and "line" sometimes not set in backtrace from

5
ext/oci8/oci8_interface.c

@ -1483,7 +1483,10 @@ PHP_FUNCTION(oci_free_statement)
}
PHP_OCI_ZVAL_TO_STATEMENT(z_statement, statement);
zend_list_delete(statement->id);
if (!statement->nested) {
/* nested cursors cannot be freed, they are allocated once and used during the fetch */
zend_list_delete(statement->id);
}
RETURN_TRUE;
}

2
ext/oci8/oci8_statement.c

@ -94,6 +94,7 @@ php_oci_statement *php_oci_statement_create (php_oci_connection *connection, cha
statement->connection = connection;
statement->has_data = 0;
statement->nested = 0;
if (OCI_G(default_prefetch) > 0) {
php_oci_statement_set_prefetch(statement, OCI_G(default_prefetch) TSRMLS_CC);
@ -443,6 +444,7 @@ int php_oci_statement_execute(php_oci_statement *statement, ub4 mode TSRMLS_DC)
case SQLT_RSET:
outcol->statement = php_oci_statement_create(statement->connection, NULL, 0, 0 TSRMLS_CC);
outcol->stmtid = outcol->statement->id;
outcol->statement->nested = 1;
define_type = SQLT_RSET;
outcol->is_cursor = 1;

1
ext/oci8/php_oci8_int.h

@ -166,6 +166,7 @@ typedef struct { /* php_oci_statement {{{ */
int ncolumns; /* number of columns in the result */
unsigned executed:1; /* statement executed flag */
unsigned has_data:1; /* statement has more data flag */
unsigned nested:1; /* statement handle is valid */
ub2 stmttype; /* statement type */
} php_oci_statement; /* }}} */

79
ext/oci8/tests/bug38173.phpt

@ -0,0 +1,79 @@
--TEST--
Bug #38173 (Freeing nested cursors causes OCI8 to segfault)
--SKIPIF--
<?php if (!extension_loaded('oci8')) die("skip no oci8 extension"); ?>
--FILE--
<?php
require dirname(__FILE__)."/connect.inc";
$create_1 = "CREATE TABLE t1 (id INTEGER)";
$create_2 = "CREATE TABLE t2 (id INTEGER)";
$drop_1 = "DROP TABLE t1";
$drop_2 = "DROP TABLE t2";
$s1 = oci_parse($c, $drop_1);
$s2 = oci_parse($c, $drop_2);
@oci_execute($s1);
@oci_execute($s2);
$s1 = oci_parse($c, $create_1);
$s2 = oci_parse($c, $create_2);
oci_execute($s1);
oci_execute($s2);
for($i=0; $i < 5; $i++) {
$insert = "INSERT INTO t1 VALUES(".$i.")";
$s = oci_parse($c, $insert);
oci_execute($s);
}
for($i=0; $i < 5; $i++) {
$insert = "INSERT INTO t2 VALUES(".$i.")";
$s = oci_parse($c, $insert);
oci_execute($s);
}
$query ="
SELECT
t1.*,
CURSOR( SELECT * FROM t2 ) as cursor
FROM
t1
";
$sth = oci_parse($c, $query);
oci_execute($sth);
// dies on oci_free_statement on 2nd pass through loop
while ( $row = oci_fetch_assoc($sth) ) {
print "Got row!\n";
var_dump(oci_execute($row['CURSOR']));
var_dump(oci_free_statement($row['CURSOR']));
}
$s1 = oci_parse($c, $drop_1);
$s2 = oci_parse($c, $drop_2);
@oci_execute($s1);
@oci_execute($s2);
echo "Done\n";
?>
--EXPECT--
Got row!
bool(true)
bool(true)
Got row!
bool(true)
bool(true)
Got row!
bool(true)
bool(true)
Got row!
bool(true)
bool(true)
Got row!
bool(true)
bool(true)
Done
Loading…
Cancel
Save