From: uwendel at mysql dot com
Operating system: Linux
PHP version: 5.3CVS-2008-02-21 (CVS)
PHP Bug Type: PDO related
Bug description: PDO_PGSQL crash on SELECT "?"
Description:
------------
PDO_PGSQL will crash when executing the following:
$pdo = new PDO(...);
$stmt = $pdo->prepare("SELECT \"?\"");
$stmt->execute(array("questionmark"));
Reproduce code:
---------------
[EMAIL PROTECTED]:~/php53> valgrind sapi/cli/php -r '$pdo = new
PDO("pgsql:host=localhost port=5432 dbname=phptest user=postgres
password="); $stmt = $pdo->prepare("SELECT \"?\"");
$stmt->execute(array("questionmark"));'
==13955== Memcheck, a memory error detector.
==13955== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==13955== Using LibVEX rev 1732, a library for dynamic binary
translation.
==13955== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==13955== Using valgrind-3.2.3, a dynamic binary instrumentation
framework.
==13955== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==13955== For more details, rerun with: -v
==13955==
==13955== Conditional jump or move depends on uninitialised value(s)
==13955== at 0x715D43F: slpmloclfv (in
/usr/lib/oracle/10.2.0.3/client64/lib/libclntsh.so.10.1)
==13955== by 0x715D17E: slpmloc (in
/usr/lib/oracle/10.2.0.3/client64/lib/libclntsh.so.10.1)
==13955== by 0x715A6A4: lpmloadpkg (in
/usr/lib/oracle/10.2.0.3/client64/lib/libclntsh.so.10.1)
==13955== by 0x71404EE: lfvLoadPkg (in
/usr/lib/oracle/10.2.0.3/client64/lib/libclntsh.so.10.1)
==13955== by 0x7140179: lfvSetShlMode (in
/usr/lib/oracle/10.2.0.3/client64/lib/libclntsh.so.10.1)
==13955== by 0x713FF78: lfvini1 (in
/usr/lib/oracle/10.2.0.3/client64/lib/libclntsh.so.10.1)
==13955== by 0x713FC94: lfvinit (in
/usr/lib/oracle/10.2.0.3/client64/lib/libclntsh.so.10.1)
==13955== by 0x6D62C29: kpummpin (in
/usr/lib/oracle/10.2.0.3/client64/lib/libclntsh.so.10.1)
==13955== by 0x66CC064: kpuenvcr (in
/usr/lib/oracle/10.2.0.3/client64/lib/libclntsh.so.10.1)
==13955== by 0x676CE5D: OCIEnvCreate (in
/usr/lib/oracle/10.2.0.3/client64/lib/libclntsh.so.10.1)
==13955== by 0x49D857: zm_startup_pdo_oci (pdo_oci.c:96)
==13955== by 0x603A76: zend_startup_module_ex (zend_API.c:1607)
==13955==
==13955== Invalid read of size 4
==13955== at 0x608E90: zend_hash_num_elements (zend_hash.c:1014)
==13955== by 0x4A2BE2: pgsql_stmt_param_hook (pgsql_statement.c:254)
==13955== by 0x495C13: dispatch_param_event (pdo_stmt.c:173)
==13955== by 0x49785A: zim_PDOStatement_execute (pdo_stmt.c:494)
==13955== by 0x62C1A3: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:190)
==13955== by 0x61E4CA: execute (zend_vm_execute.h:91)
==13955== by 0x5F1A32: zend_eval_string (zend_execute_API.c:1278)
==13955== by 0x5F1BA7: zend_eval_string_ex (zend_execute_API.c:1311)
==13955== by 0x68A80C: main (php_cli.c:1175)
==13955== Address 0x8 is not stack'd, malloc'd or (recently) free'd
==13955==
==13955== Process terminating with default action of signal 11 (SIGSEGV)
==13955== Access not within mapped region at address 0x8
==13955== at 0x608E90: zend_hash_num_elements (zend_hash.c:1014)
==13955== by 0x4A2BE2: pgsql_stmt_param_hook (pgsql_statement.c:254)
==13955== by 0x495C13: dispatch_param_event (pdo_stmt.c:173)
==13955== by 0x49785A: zim_PDOStatement_execute (pdo_stmt.c:494)
==13955== by 0x62C1A3: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:190)
==13955== by 0x61E4CA: execute (zend_vm_execute.h:91)
==13955== by 0x5F1A32: zend_eval_string (zend_execute_API.c:1278)
==13955== by 0x5F1BA7: zend_eval_string_ex (zend_execute_API.c:1311)
==13955== by 0x68A80C: main (php_cli.c:1175)
==13955==
==13955== Invalid free() / delete / delete[]
==13955== at 0x4C2191B: free (in
/usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so)
==13955== by 0x7D7EB6A: (within /lib64/libc-2.6.1.so)
==13955== by 0x7D7E738: __libc_freeres (in /lib64/libc-2.6.1.so)
==13955== by 0x4A1D354: _vgnU_freeres (in
/usr/lib64/valgrind/amd64-linux/vgpreload_core.so)
==13955== by 0x4A2BE2: pgsql_stmt_param_hook (pgsql_statement.c:254)
==13955== by 0x495C13: dispatch_param_event (pdo_stmt.c:173)
==13955== by 0x49785A: zim_PDOStatement_execute (pdo_stmt.c:494)
==13955== by 0x62C1A3: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:190)
==13955== by 0x61E4CA: execute (zend_vm_execute.h:91)
==13955== by 0x5F1A32: zend_eval_string (zend_execute_API.c:1278)
==13955== by 0x5F1BA7: zend_eval_string_ex (zend_execute_API.c:1311)
==13955== by 0x68A80C: main (php_cli.c:1175)
==13955== Address 0x4049978 is not stack'd, malloc'd or (recently)
free'd
==13955==
==13955== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 20 from 2)
==13955== malloc/free: in use at exit: 3,103,433 bytes in 10,493 blocks.
==13955== malloc/free: 11,015 allocs, 523 frees, 3,424,549 bytes
allocated.
==13955== For counts of detected errors, rerun with: -v
==13955== searching for pointers to 10,493 not-freed blocks.
==13955== checked 4,529,816 bytes.
==13955==
==13955== LEAK SUMMARY:
==13955== definitely lost: 0 bytes in 0 blocks.
==13955== possibly lost: 0 bytes in 0 blocks.
==13955== still reachable: 3,103,433 bytes in 10,493 blocks.
==13955== suppressed: 0 bytes in 0 blocks.
==13955== Rerun with --leak-check=full to see details of leaked memory.
Speicherzugriffsfehler
--
Edit bug report at http://bugs.php.net/?id=44200&edit=1
--
Try a CVS snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=44200&r=trysnapshot52
Try a CVS snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=44200&r=trysnapshot53
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=44200&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=44200&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=44200&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=44200&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=44200&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=44200&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=44200&r=support
Expected behavior: http://bugs.php.net/fix.php?id=44200&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=44200&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=44200&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=44200&r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=44200&r=php4
Daylight Savings: http://bugs.php.net/fix.php?id=44200&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=44200&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=44200&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=44200&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=44200&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=44200&r=mysqlcfg
