Skip Menu |

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the DBD-Oracle CPAN distribution.

Report information
The Basics
Id: 57256
Status: resolved
Priority: 0/
Queue: DBD-Oracle
People
Owner: Nobody in particular
Requestors: markus.hartung [...] pensionsmyndigheten.se
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in:
  • 1.24
  • 1.24a
  • 1.24b
Fixed in:
  • 1.25
  • 1.25-withoutworldwriteables
  • 1.25_brokentar
  • 1.26

History Show all quoted text
  Thu May 06 06:58:07 2010 markus.hartung [...] pensionsmyndigheten.se - Ticket created
Subject: Double free problem in dbdimp.c
Date: Thu, 6 May 2010 12:57:47 +0200
To: "'bug-DBD-Oracle [...] rt.cpan.org'" <bug-DBD-Oracle [...] rt.cpan.org>
From: Markus Hartung <markus.hartung [...] pensionsmyndigheten.se>
Hello, I have noticed a problem with double frees in the dbdimp.c program. I'm running DBD::Oracle version 1.24a And when examining the code it seems that the if-statement on line 3499 does just free phs and utf8_flgs and then falls through to the free-statement on line 3451. I don't really know what the do_bind_array_exec does but it seems that if that the frees are there because the if-statement did have a croak call before. So without the croak I suggest removing the frees on line 3500 and 3501. This double free seem to have been in the source for some time now, I guess it's my compiler that is more cranky than usual. I haven't been able to get a simple test-case that will crash on do_bind_array_exec yet as it's not happening to me so often. But when I run our automated night-tests it will crash on this problem. I'll update with more info when I have a test-case that will trigger this crash. ---- Stacktrace: *** glibc detected *** /usr/local/bin/perl: double free or corruption (fasttop): 0x0000000015bda040 *** Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 46988053247184 (LWP 26045)] 0x000000374d070454 in malloc_consolidate () from /lib64/libc.so.6 (gdb) bt #0 0x000000374d070454 in malloc_consolidate () from /lib64/libc.so.6 #1 0x000000374d072a1a in _int_malloc () from /lib64/libc.so.6 #2 0x000000374d07486d in calloc () from /lib64/libc.so.6 #3 0x000000374cc09e25 in _dl_new_object () from /lib64/ld-linux-x86-64.so.2 #4 0x000000374cc05adc in _dl_map_object_from_fd () from /lib64/ld-linux-x86-64.so.2 #5 0x000000374cc07d43 in _dl_map_object () from /lib64/ld-linux-x86-64.so.2 #6 0x000000374cc10c8d in dl_open_worker () from /lib64/ld-linux-x86-64.so.2 #7 0x000000374cc0ced6 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2 #8 0x000000374cc1068c in _dl_open () from /lib64/ld-linux-x86-64.so.2 #9 0x000000374d108ab0 in do_dlopen () from /lib64/libc.so.6 #10 0x000000374cc0ced6 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2 #11 0x000000374d108c17 in __libc_dlopen_mode () from /lib64/libc.so.6 #12 0x000000374d0e5dfa in init () from /lib64/libc.so.6 #13 0x000000374d80bea3 in pthread_once () from /lib64/libpthread.so.0 #14 0x000000374d0e5e97 in backtrace () from /lib64/libc.so.6 #15 0x000000374d06a85f in __libc_message () from /lib64/libc.so.6 #16 0x000000374d0722ef in _int_free () from /lib64/libc.so.6 #17 0x000000374d07273b in free () from /lib64/libc.so.6 #18 0x00002abc44635ef9 in ora_st_execute_array (sth=0x11741ff8, imp_sth=0x147d57c0, tuples=0x14b83a98, tuples_status=0x11749240, columns=0x7316a0, exe_count=3) at dbdimp.c:3451 #19 0x00002abc4462228e in XS_DBD__Oracle__st_ora_execute_array (cv=0x11750940) at Oracle.xs:236 #20 0x0000000000481ae5 in Perl_pp_entersub () #21 0x000000000048016e in Perl_runops_standard () #22 0x000000000042dd48 in Perl_call_sv () #23 0x00002abc42fc5961 in XS_DBI_dispatch () from /home/marhat/HEAD/lib/site_perl/5.12.0/x86_64-linux/auto/DBI/DBI.so #24 0x0000000000481ae5 in Perl_pp_entersub () #25 0x000000000048016e in Perl_runops_standard () #26 0x000000000042dd48 in Perl_call_sv () #27 0x00002abc42fc5961 in XS_DBI_dispatch () from /home/marhat/HEAD/lib/site_perl/5.12.0/x86_64-linux/auto/DBI/DBI.so #28 0x0000000000481ae5 in Perl_pp_entersub () #29 0x000000000048016e in Perl_runops_standard () #30 0x000000000042e71d in perl_run () #31 0x000000000041bb85 in main () (gdb) #0 0x000000374d070454 in malloc_consolidate () from /lib64/libc.so.6 #1 0x000000374d072a1a in _int_malloc () from /lib64/libc.so.6 #2 0x000000374d07486d in calloc () from /lib64/libc.so.6 #3 0x000000374cc09e25 in _dl_new_object () from /lib64/ld-linux-x86-64.so.2 #4 0x000000374cc05adc in _dl_map_object_from_fd () from /lib64/ld-linux-x86-64.so.2 #5 0x000000374cc07d43 in _dl_map_object () from /lib64/ld-linux-x86-64.so.2 #6 0x000000374cc10c8d in dl_open_worker () from /lib64/ld-linux-x86-64.so.2 #7 0x000000374cc0ced6 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2 #8 0x000000374cc1068c in _dl_open () from /lib64/ld-linux-x86-64.so.2 #9 0x000000374d108ab0 in do_dlopen () from /lib64/libc.so.6 #10 0x000000374cc0ced6 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2 #11 0x000000374d108c17 in __libc_dlopen_mode () from /lib64/libc.so.6 #12 0x000000374d0e5dfa in init () from /lib64/libc.so.6 #13 0x000000374d80bea3 in pthread_once () from /lib64/libpthread.so.0 #14 0x000000374d0e5e97 in backtrace () from /lib64/libc.so.6 #15 0x000000374d06a85f in __libc_message () from /lib64/libc.so.6 #16 0x000000374d0722ef in _int_free () from /lib64/libc.so.6 #17 0x000000374d07273b in free () from /lib64/libc.so.6 #18 0x00002abc44635ef9 in ora_st_execute_array (sth=0x11741ff8, imp_sth=0x147d57c0, tuples=0x14b83a98, tuples_status=0x11749240, columns=0x7316a0, exe_count=3) at dbdimp.c:3451 #19 0x00002abc4462228e in XS_DBD__Oracle__st_ora_execute_array (cv=0x11750940) at Oracle.xs:236 #20 0x0000000000481ae5 in Perl_pp_entersub () #21 0x000000000048016e in Perl_runops_standard () #22 0x000000000042dd48 in Perl_call_sv () #23 0x00002abc42fc5961 in XS_DBI_dispatch () from /home/marhat/HEAD/lib/site_perl/5.12.0/x86_64-linux/auto/DBI/DBI.so #24 0x0000000000481ae5 in Perl_pp_entersub () #25 0x000000000048016e in Perl_runops_standard () #26 0x000000000042dd48 in Perl_call_sv () #27 0x00002abc42fc5961 in XS_DBI_dispatch () from /home/marhat/HEAD/lib/site_perl/5.12.0/x86_64-linux/auto/DBI/DBI.so #28 0x0000000000481ae5 in Perl_pp_entersub () #29 0x000000000048016e in Perl_runops_standard () #30 0x000000000042e71d in perl_run () #31 0x000000000041bb85 in main () Show quoted text
>uname -a
Linux xx 2.6.18-164.el5 #1 SMP Tue Aug 18 15:51:48 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux Show quoted text
>perl -V
Summary of my perl5 (revision 5 version 12 subversion 0) configuration: Platform: osname=linux, osvers=2.6.18-164.el5, archname=x86_64-linux uname='linux dpluplu5 2.6.18-164.el5 #1 smp tue aug 18 15:51:48 edt 2009 x86_64 x86_64 x86_64 gnulinux ' config_args='-Dprefix=/opt/perl-5.12.0 -de -Accflags=-DUSE_PERL_ATOF=0 -Dusethreads -Duseithreads -A prepend:libswanted=cl pthread ' hint=recommended, useposix=true, d_sigaction=define useithreads=undef, usemultiplicity=undef useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef use64bitint=define, use64bitall=define, uselongdouble=undef usemymalloc=n, bincompat5005=undef Compiler: cc='cc', ccflags ='-DUSE_PERL_ATOF=0 -Dusethreads -Duseithreads -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64', optimize='-O2', cppflags='-DUSE_PERL_ATOF=0 -Dusethreads -Duseithreads -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include' ccversion='', gccversion='4.1.2 20080704 (Red Hat 4.1.2-46)', gccosandvers='' intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678 d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16 ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8 alignbytes=8, prototype=define Linker and Libraries: ld='cc', ldflags =' -fstack-protector -L/usr/local/lib' libpth=/usr/local/lib /lib /usr/lib /lib64 /usr/lib64 /usr/local/lib64 libs=-lpthread -lnsl -ldb -ldl -lm -lcrypt -lutil -lc perllibs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc libc=/lib/libc-2.5.so, so=so, useshrplib=false, libperl=libperl.a gnulibc_version='2.5' Dynamic Linking: dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E' cccdlflags='-fPIC', lddlflags='-shared -O2 -L/usr/local/lib -fstack-protector' Characteristics of this binary (from libperl): Compile-time options: PERL_DONT_CREATE_GVSV PERL_MALLOC_WRAP USE_64_BIT_ALL USE_64_BIT_INT USE_LARGE_FILES USE_PERLIO Built under linux Compiled at Apr 30 2010 18:17:38 %ENV: @INC: /opt/perl-5.12.0/lib/site_perl/5.12.0/x86_64-linux /opt/perl-5.12.0/lib/site_perl/5.12.0 /opt/perl-5.12.0/lib/5.12.0/x86_64-linux /opt/perl-5.12.0/lib/5.12.0 . Show quoted text
>gcc -v
Using built-in specs. Target: x86_64-redhat-linux Configured with: ../configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --enable-shared --enable-threads=posix --enable-checking=release --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-libgcj-multifile --enable-languages=c,c++,objc,obj-c++,java,fortran,ada --enable-java-awt=gtk --disable-dssi --enable-plugin --with-java-home=/usr/lib/jvm/java-1.4.2-gcj-1.4.2.0/jre --with-cpu=generic --host=x86_64-redhat-linux Thread model: posix gcc version 4.1.2 20080704 (Red Hat 4.1.2-46) -- Markus Hartung Software developer at The Swedish pension authority
  Fri May 07 12:52:48 2010 champoux [...] pythian.com - Correspondence added
Had a look at this one and me thinks we will run into a nasty a little problem it we take this one out. If I remember correctly without the frees this caused some deep perl warinings? Can you give me a test case??
  Fri May 07 12:52:50 2010 The RT System itself - Status changed from 'new' to 'open'
  Fri May 07 12:52:50 2010 champoux [...] pythian.com - Status changed from 'open' to 'stalled'
  Fri May 07 13:10:33 2010 markus.hartung [...] pensionsmyndigheten.se - Correspondence added
Subject: SV: [rt.cpan.org #57256] Double free problem in dbdimp.c
Date: Fri, 7 May 2010 19:10:15 +0200
To: "bug-DBD-Oracle [...] rt.cpan.org" <bug-DBD-Oracle [...] rt.cpan.org>
From: Markus Hartung <markus.hartung [...] pensionsmyndigheten.se>
Hello, Thanks for the response.. The crash I'm suffering from is intermittent so I haven't been able to build a good testcase yet. I'll try come up with a testcase for the problem I'm suffering, but it might take me a while as it's not always occuring :( Show quoted text
-----Ursprungligt meddelande----- Från: Pythian Remote DBA via RT [mailto:bug-DBD-Oracle@rt.cpan.org] Skickat: den 7 maj 2010 18:53 Till: Markus Hartung Ämne: [rt.cpan.org #57256] Double free problem in dbdimp.c <URL: https://rt.cpan.org/Ticket/Display.html?id=57256 > Had a look at this one and me thinks we will run into a nasty a little problem it we take this one out. If I remember correctly without the frees this caused some deep perl warinings? Can you give me a test case??
  Fri May 07 13:10:36 2010 The RT System itself - Status changed from 'stalled' to 'open'
  Fri May 28 13:05:03 2010 champoux [...] pythian.com - Correspondence added
Ok I have fixed this and I think your suggestion will not cause any problems Still haven't checked to see if we get any memory leaks that will come later me thinks You will find 'fixed' version here http://svn.perl.org/modules/dbd-oracle/trunk
  Fri May 28 13:05:04 2010 champoux [...] pythian.com - Status changed from 'open' to 'resolved'
  Tue Dec 21 19:10:19 2010 champoux [...] pythian.com - Broken in 1.24 added
  Tue Dec 21 19:10:19 2010 champoux [...] pythian.com - Broken in 1.24a added
  Tue Dec 21 19:10:19 2010 champoux [...] pythian.com - Broken in 1.24b added
  Tue Dec 21 19:10:19 2010 champoux [...] pythian.com - Fixed in 1.25 added
  Tue Dec 21 19:10:19 2010 champoux [...] pythian.com - Fixed in 1.25-withoutworldwriteables added
  Tue Dec 21 19:10:19 2010 champoux [...] pythian.com - Fixed in 1.25_brokentar added
  Tue Dec 21 19:10:19 2010 champoux [...] pythian.com - Fixed in 1.26 added