[PCBC-147] Segmentation Fault (segfault) when querying view Created: 15/Nov/12  Updated: 19/Nov/12  Resolved: 19/Nov/12

Status: Resolved
Project: Couchbase PHP client library
Component/s: library
Affects Version/s: 1.1.0-dp5
Fix Version/s: 1.1.0
Security Level: Public

Type: Bug Priority: Blocker
Reporter: Jeff Minard Assignee: Mark Nunberg
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment: PHP 5.3.13 / 5.3.15, Redhat 5.6

Attachments: File cbt.php     Text File gdb-bt-git.txt     Text File gdb-bt.txt     Text File gdb.txt     Text File php-m-i.txt     Text File strace.txt    

 Description   
When doing a query against a view, the php application segfaults. Set/get/delete commands all work fine.

Attached is an strace, a stack trace from gdb, and various other support files, including the repro script.

 Comments   
Comment by Jeff Minard [ 15/Nov/12 ]
I was asked to run a gdb, but I don't really think it looks that helpful. I've attached it.
Comment by Jeff Minard [ 15/Nov/12 ]
gdb file, looks pretty useless without a php debug symbols version
Comment by Mark Nunberg [ 15/Nov/12 ]
My bad. Type 'bt' when you get the segfault :)

That'll show you the stack trace
Comment by Jeff Minard [ 15/Nov/12 ]
Yes, this looks much more helpful :)
Comment by Jeff Minard [ 15/Nov/12 ]
Here is the same segfault when using the latest couchbase.so compiled from the github master branch (so, cutting edge, I'd seen some lcb changes, so I figured I'd give ya both).
Comment by Mark Nunberg [ 15/Nov/12 ]
Can you try this patch?

diff --git a/views.c b/views.c
index 6c7bc30..7d03c5a 100644
--- a/views.c
+++ b/views.c
@@ -52,12 +52,13 @@ void php_couchbase_complete_callback(lcb_http_request_t request,
                return;
        }
 
+ /** We have one extra byte in 'data' */
        hti = emalloc(sizeof(*hti) + resp->v.v0.nbytes);
        hti->ndata = resp->v.v0.nbytes;
- memcpy(hti->data, resp->v.v0.bytes, hti->ndata + 1);
+
        if (hti->ndata) {
- hti->data[hti->ndata - 1] = '\0';
- hti->ndata--;
+ memcpy(hti->data, resp->v.v0.bytes, hti->ndata);
+ hti->data[hti->ndata] = '\0';
        }
 
        ctx->res->rc = error;

I'll make it as a gerrit changeset as well..
Comment by Mark Nunberg [ 15/Nov/12 ]
http://review.couchbase.org/22573
Comment by Jeff Minard [ 15/Nov/12 ]
That changed fixed the segfault, yes. The value assigned to the variable from the $cb->view() call is bool(false)
Comment by Matt Ingenthron [ 15/Nov/12 ]
Thanks for the quick work Mark! Looks like it'll be closeable after it's reviewed and in.
Generated at Sat Oct 25 00:51:57 CDT 2014 using JIRA 5.2.4#845-sha1:c9f4cc41abe72fb236945343a1f485c2c844dac9.