Edit report at https://bugs.php.net/bug.php?id=53280&edit=1
ID: 53280 Updated by: mar...@php.net Reported by: popescu_dumitru at yahoo dot com Summary: PDO_Firebird segfaults query column count less than param count -Status: Assigned +Status: Closed Type: Bug Package: PDO related Operating System: Fedora 13 PHP Version: 5.3.3 Assigned To: mariuz Block user comment: N Private report: N Previous Comments: ------------------------------------------------------------------------ [2011-12-28 19:58:13] mar...@php.net Automatic comment from SVN on behalf of mariuz Revision: http://svn.php.net/viewvc/?view=revision&revision=321487 Log: Fixed PDO_Firebird: bug 53280 segfaults if query column count is less than param count ------------------------------------------------------------------------ [2011-12-28 18:52:14] mar...@php.net Automatic comment from SVN on behalf of mariuz Revision: http://svn.php.net/viewvc/?view=revision&revision=321484 Log: Added test case for PDO_Firebird: bug 53280 segfaults if query column count is less than param count ------------------------------------------------------------------------ [2010-11-09 17:03:33] popescu_dumitru at yahoo dot com Description: ------------ PDO_Firebird segfaults if query column count is less than param count Test script: --------------- <?php /* CREATE TABLE test(A VARCHAR(30), B VARCHAR(30), C VARCHAR(30)); INSERT INTO test VALUES ('A', 'B', 'C'); */ $dbh = new PDO("firebird:dbname=localhost:/tmp/test.gdb", "SYSDBA", "masterkey"); $stmt1 = "SELECT B FROM test WHERE A = ? AND B = ?"; $stmt2 = "SELECT B, C FROM test WHERE A = ? AND B = ?"; $stmth2 = $dbh->prepare($stmt2); $stmth2->execute(array('A', 'B')); $rows = $stmth2->fetchAll(); // <------ OK var_dump($rows); $stmth1 = $dbh->prepare($stmt1); $stmth1->execute(array('A', 'B')); $rows = $stmth1->fetchAll(); // <------- segfault var_dump($rows); ?> Expected result: ---------------- array(1) { [0]=> array(4) { ["B"]=> string(1) "B" [0]=> string(1) "B" ["C"]=> string(1) "C" [1]=> string(1) "C" } } array(1) { [0]=> array(2) { ["B"]=> string(1) "B" [0]=> string(1) "B" } } Actual result: -------------- (gdb) bt #0 0x008b8b76 in firebird_stmt_get_col (stmt=0x88e7b48, colno=1, ptr=0xbfffcee8, len=0xbfffcee4, caller_frees=0xbfffcee0) at /root/src/php-5.3.3/ext/pdo_firebird/firebird_statement.c:273 #1 0x008b9c64 in firebird_stmt_param_hook (stmt=0x88e7b48, param=0x88e872c, event_type=PDO_PARAM_EVT_FETCH_POST) at /root/src/php-5.3.3/ext/pdo_firebird/firebird_statement.c:556 #2 0x081d39d5 in dispatch_param_event (stmt=0x88e7b48, event_type=PDO_PARAM_EVT_FETCH_POST) at /root/src/php-5.3.3/ext/pdo/pdo_stmt.c:184 #3 0x081d554a in do_fetch_common (stmt=0x88e7b48, ori=PDO_FETCH_ORI_NEXT, offset=0, do_bind=1) at /root/src/php-5.3.3/ext/pdo/pdo_stmt.c:703 #4 0x081d5b5e in do_fetch (stmt=0x88e7b48, do_bind=1, return_value=0x88e8304, how=PDO_FETCH_BOTH, ori=PDO_FETCH_ORI_NEXT, offset=0, return_all=0x0) at /root/src/php-5.3.3/ext/pdo/pdo_stmt.c:861 #5 0x081d7972 in zim_PDOStatement_fetchAll (ht=0, return_value=0x88e83c4, return_value_ptr=0x0, this_ptr=0x88e798c, return_value_used=1) at /root/src/php-5.3.3/ext/pdo/pdo_stmt.c:1543 #6 0x08421390 in zend_do_fcall_common_helper_SPEC (execute_data=0x89161b0) at /root/src/php-5.3.3/Zend/zend_vm_execute.h:316 #7 0x0842194a in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x89161b0) at /root/src/php-5.3.3/Zend/zend_vm_execute.h:421 #8 0x08420a2d in execute (op_array=0x88e4d7c) at /root/src/php-5.3.3/Zend/zend_vm_execute.h:107 #9 0x083f4260 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/src/php-5.3.3/Zend/zend.c:1194 #10 0x0838c746 in php_execute_script (primary_file=0xbffff4dc) at /root/src/php-5.3.3/main/main.c:2260 #11 0x084b6eef in main (argc=2, argv=0xbffff654) at /root/src/php-5.3.3/sapi/cli/php_cli.c:1192 ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=53280&edit=1