Bug #61895 [Opn]: PHP core crash when call $pdoStmt->execute($array_params) with PDO_Firebird

andrey at tranvi dot info Tue, 01 May 2012 23:26:31 -0700

Edit report at https://bugs.php.net/bug.php?id=61895&edit=1


 ID:                 61895
 User updated by:    andrey at tranvi dot info
 Reported by:        andrey at tranvi dot info
 Summary:            PHP core crash when call
                     $pdoStmt->execute($array_params) with PDO_Firebird
 Status:             Open
 Type:               Bug
 Package:            PDO related
 Operating System:   Windows
 PHP Version:        5.3.11
 Block user comment: N
 Private report:     N

 New Comment:

If I create new PDOStatement, and free in loop, like this:
    foreach ($data as $item)
    {        
        $q=$db->prepare($sql);
$q->execute(array(":NIOKR_TYPE"=>$type,":INV_NO"=>$item[0],":NAME"=>$item[1],
                              
":CREATOR"=>$item[2],":N_DOG"=>$item[3],":AUTHOR"=>$item[4],
                              
":AYEAR"=>$item[5],":CITY"=>$item[6],":ANNOTATION"=>$item[7],
                              
":ACOUNT"=>$item[8],":GRIF"=>$item[9],":ACOMMENT"=>$item[10]));
           $q=null;
    }


 PHP crash in another place. 

With this backtrace:
>       php5ts_debug.dll!zend_mm_check_ptr(_zend_mm_heap * heap=0x01941c38, 
> void * ptr=0x025e6b68, int silent=0, char * __zend_filename=0x10587080, 
> unsigned int __zend_lineno=447, char * __zend_orig_filename=0x10592b18, 
> unsigned int __zend_orig_lineno=36)  Ð¡ÑÑÐ¾ÐºÐ° 1357 + 0x12 Ð±Ð°Ð¹Ñ      C
        php5ts_debug.dll!zend_mm_check_ptr(_zend_mm_heap * heap=0x01941c38, 
void * ptr=0x025e6b68, int silent=1, char * __zend_filename=0x10587080, 
unsigned int __zend_lineno=447, char * __zend_orig_filename=0x10592b18, 
unsigned int __zend_orig_lineno=36)  Ð¡ÑÑÐ¾ÐºÐ° 1352 + 0x1f Ð±Ð°Ð¹Ñ      C
        php5ts_debug.dll!_zend_mm_free_int(_zend_mm_heap * heap=0x01941c38, 
void * p=0x025e6b68, char * __zend_filename=0x10587080, unsigned int 
__zend_lineno=447, char * __zend_orig_filename=0x10592b18, unsigned int 
__zend_orig_lineno=36)  Ð¡ÑÑÐ¾ÐºÐ° 1993 + 0x1f Ð±Ð°Ð¹Ñ      C
        php5ts_debug.dll!_efree(void * ptr=0x025e6b68, char * 
__zend_filename=0x10587080, unsigned int __zend_lineno=447, char * 
__zend_orig_filename=0x10592b18, unsigned int __zend_orig_lineno=36)  
Ð¡ÑÑÐ¾ÐºÐ° 2361 + 0x2b Ð±Ð°Ð¹Ñ        C
        php5ts_debug.dll!_zval_dtor_func(_zval_struct * zvalue=0x025e5848, char 
* __zend_filename=0x10587080, unsigned int __zend_lineno=447)  Ð¡ÑÑÐ¾ÐºÐ° 36 
+ 0x29 Ð±Ð°Ð¹Ñ  C
        php5ts_debug.dll!_zval_dtor(_zval_struct * zvalue=0x025e5848, char * 
__zend_filename=0x10587080, unsigned int __zend_lineno=447)  Ð¡ÑÑÐ¾ÐºÐ° 35 + 
0x11 Ð±Ð°Ð¹Ñ       C
        php5ts_debug.dll!_zval_ptr_dtor(_zval_struct * * zval_ptr=0x025e53e8, 
char * __zend_filename=0x1064d5dc, unsigned int __zend_lineno=293)  
Ð¡ÑÑÐ¾ÐºÐ° 447 + 0x17 Ð±Ð°Ð¹Ñ      C
        php5ts_debug.dll!param_dtor(void * data=0x025e53d8)  Ð¡ÑÑÐ¾ÐºÐ° 293 + 
0x1a Ð±Ð°Ð¹Ñ   C
        php5ts_debug.dll!zend_hash_destroy(_hashtable * ht=0x025e58d8)  
Ð¡ÑÑÐ¾ÐºÐ° 529 + 0x11 Ð±Ð°Ð¹Ñ        C
        php5ts_debug.dll!free_statement(_pdo_stmt_t * stmt=0x025e2e38, void * * 
* tsrm_ls=0x02833f98)  Ð¡ÑÑÐ¾ÐºÐ° 2390 + 0xc Ð±Ð°Ð¹Ñ C
        php5ts_debug.dll!php_pdo_stmt_delref(_pdo_stmt_t * stmt=0x025e2e38, 
void * * * tsrm_ls=0x02833f98)  Ð¡ÑÑÐ¾ÐºÐ° 2448 + 0xd Ð±Ð°Ð¹Ñ    C
        php5ts_debug.dll!pdo_dbstmt_free_storage(_pdo_stmt_t * stmt=0x025e2e38, 
void * * * tsrm_ls=0x02833f98)  Ð¡ÑÑÐ¾ÐºÐ° 2454 + 0xd Ð±Ð°Ð¹Ñ        C
        php5ts_debug.dll!zend_objects_store_del_ref_by_handle_ex(unsigned int 
handle=2, const _zend_object_handlers * handlers=0x10797860, void * * * 
tsrm_ls=0x02833f98)  Ð¡ÑÑÐ¾ÐºÐ° 220 + 0x14 Ð±Ð°Ð¹Ñ     C
        php5ts_debug.dll!zend_objects_store_del_ref(_zval_struct * 
zobject=0x00c1f49c, void * * * tsrm_ls=0x02833f98)  Ð¡ÑÑÐ¾ÐºÐ° 172 + 0x14 
Ð±Ð°Ð¹Ñ C
        php5ts_debug.dll!_zval_dtor_func(_zval_struct * zvalue=0x00c1f49c, char 
* __zend_filename=0x10586530, unsigned int __zend_lineno=703)  Ð¡ÑÑÐ¾ÐºÐ° 52 
+ 0x15 Ð±Ð°Ð¹Ñ  C
        php5ts_debug.dll!_zval_dtor(_zval_struct * zvalue=0x00c1f49c, char * 
__zend_filename=0x10586530, unsigned int __zend_lineno=703)  Ð¡ÑÑÐ¾ÐºÐ° 35 + 
0x11 Ð±Ð°Ð¹Ñ       C
        php5ts_debug.dll!zend_assign_to_variable(_zval_struct * * 
variable_ptr_ptr=0x025e4754, _zval_struct * value=0x02560570, int is_tmp_var=0, 
void * * * tsrm_ls=0x02833f98)  Ð¡ÑÑÐ¾ÐºÐ° 703 + 0x17 Ð±Ð°Ð¹Ñ      C
        php5ts_debug.dll!ZEND_ASSIGN_SPEC_CV_CONST_HANDLER(_zend_execute_data * 
execute_data=0x025806e8, void * * * tsrm_ls=0x02833f98)  Ð¡ÑÑÐ¾ÐºÐ° 24163 + 
0x13 Ð±Ð°Ð¹Ñ     C
        php5ts_debug.dll!execute(_zend_op_array * op_array=0x02e938f0, void * * 
* tsrm_ls=0x02833f98)  Ð¡ÑÑÐ¾ÐºÐ° 107 + 0x11 Ð±Ð°Ð¹Ñ C
        php5ts_debug.dll!zend_execute_scripts(int type=8, void * * * 
tsrm_ls=0x02833f98, _zval_struct * * retval=0x00000000, int file_count=3, ...)  
Ð¡ÑÑÐ¾ÐºÐ° 1236 + 0x21 Ð±Ð°Ð¹Ñ  C
        php5ts_debug.dll!php_execute_script(_zend_file_handle * 
primary_file=0x00c1fed8, void * * * tsrm_ls=0x02833f98)  Ð¡ÑÑÐ¾ÐºÐ° 2308 + 
0x1b Ð±Ð°Ð¹Ñ      C
        php.exe!main(int argc=4, char * * argv=0x02833e30)  Ð¡ÑÑÐ¾ÐºÐ° 1184 + 
0x13 Ð±Ð°Ð¹Ñ   C
        php.exe!__tmainCRTStartup()  Ð¡ÑÑÐ¾ÐºÐ° 586 + 0x19 Ð±Ð°Ð¹Ñ   C
        php.exe!mainCRTStartup()  Ð¡ÑÑÐ¾ÐºÐ° 403      C
        kernel32.dll!763fed6c()         
        [Ð£ÐºÐ°Ð·Ð°Ð½Ð½ÑÐµ Ð½Ð¸Ð¶Ðµ ÑÑÐµÐ¹Ð¼Ñ Ð¼Ð¾Ð³ÑÑ Ð±ÑÑÑ 
Ð½ÐµÐ²ÐµÑÐ½Ñ Ð¸ (Ð¸Ð»Ð¸) Ð¾ÑÑÑÑÑÑÐ²Ð¾Ð²Ð°ÑÑ, ÑÐ¸Ð¼Ð²Ð¾Ð»Ñ Ð´Ð»Ñ 
kernel32.dll Ð½Ðµ Ð·Ð°Ð³ÑÑÐ¶ÐµÐ½Ñ]        
        ntdll.dll!778237f5()    
        ntdll.dll!778237c8()


Previous Comments:
------------------------------------------------------------------------
[2012-05-02 06:13:41] andrey at tranvi dot info

Backtrace:

        php5ts_debug.dll!zend_error(int type=2, const char * format=0x10592b4c, 
...)  Ð¡ÑÑÐ¾ÐºÐ° 979  C
>       php5ts_debug.dll!_zval_dtor_func(_zval_struct * zvalue=0x026e4408, char 
> * __zend_filename=0x10587080, unsigned int __zend_lineno=447)  Ð¡ÑÑÐ¾ÐºÐ° 
> 35 + 0x2d Ð±Ð°Ð¹Ñ  C
        php5ts_debug.dll!_zval_dtor(_zval_struct * zvalue=0x026e4408, char * 
__zend_filename=0x10587080, unsigned int __zend_lineno=447)  Ð¡ÑÑÐ¾ÐºÐ° 35 + 
0x11 Ð±Ð°Ð¹Ñ       C
        php5ts_debug.dll!_zval_ptr_dtor(_zval_struct * * zval_ptr=0x026e6660, 
char * __zend_filename=0x1064d5dc, unsigned int __zend_lineno=293)  
Ð¡ÑÑÐ¾ÐºÐ° 447 + 0x17 Ð±Ð°Ð¹Ñ      C
        php5ts_debug.dll!param_dtor(void * data=0x026e6650)  Ð¡ÑÑÐ¾ÐºÐ° 293 + 
0x1a Ð±Ð°Ð¹Ñ   C
        php5ts_debug.dll!zend_hash_destroy(_hashtable * ht=0x026e4bc8)  
Ð¡ÑÑÐ¾ÐºÐ° 529 + 0x11 Ð±Ð°Ð¹Ñ        C
        php5ts_debug.dll!zim_PDOStatement_execute(int ht=1, _zval_struct * 
return_value=0x026e2f60, _zval_struct * * return_value_ptr=0x00000000, 
_zval_struct * this_ptr=0x026e2b20, int return_value_used=0, void * * * 
tsrm_ls=0x02993f98)  Ð¡ÑÑÐ¾ÐºÐ° 453 + 0xc Ð±Ð°Ð¹Ñ  C
        php5ts_debug.dll!zend_do_fcall_common_helper_SPEC(_zend_execute_data * 
execute_data=0x026806e8, void * * * tsrm_ls=0x02993f98)  Ð¡ÑÑÐ¾ÐºÐ° 320 + 
0x78 Ð±Ð°Ð¹Ñ        C
        php5ts_debug.dll!ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER(_zend_execute_data 
* execute_data=0x026806e8, void * * * tsrm_ls=0x02993f98)  Ð¡ÑÑÐ¾ÐºÐ° 426     
 C
        php5ts_debug.dll!execute(_zend_op_array * op_array=0x02e038f0, void * * 
* tsrm_ls=0x02993f98)  Ð¡ÑÑÐ¾ÐºÐ° 107 + 0x11 Ð±Ð°Ð¹Ñ C
        php5ts_debug.dll!zend_execute_scripts(int type=8, void * * * 
tsrm_ls=0x02993f98, _zval_struct * * retval=0x00000000, int file_count=3, ...)  
Ð¡ÑÑÐ¾ÐºÐ° 1236 + 0x21 Ð±Ð°Ð¹Ñ  C
        php5ts_debug.dll!php_execute_script(_zend_file_handle * 
primary_file=0x00c1fed8, void * * * tsrm_ls=0x02993f98)  Ð¡ÑÑÐ¾ÐºÐ° 2308 + 
0x1b Ð±Ð°Ð¹Ñ      C
        php.exe!main(int argc=4, char * * argv=0x02993e30)  Ð¡ÑÑÐ¾ÐºÐ° 1184 + 
0x13 Ð±Ð°Ð¹Ñ   C
        php.exe!__tmainCRTStartup()  Ð¡ÑÑÐ¾ÐºÐ° 586 + 0x19 Ð±Ð°Ð¹Ñ   C
        php.exe!mainCRTStartup()  Ð¡ÑÑÐ¾ÐºÐ° 403      C
        kernel32.dll!763fed6c()         
        [Ð£ÐºÐ°Ð·Ð°Ð½Ð½ÑÐµ Ð½Ð¸Ð¶Ðµ ÑÑÐµÐ¹Ð¼Ñ Ð¼Ð¾Ð³ÑÑ Ð±ÑÑÑ 
Ð½ÐµÐ²ÐµÑÐ½Ñ Ð¸ (Ð¸Ð»Ð¸) Ð¾ÑÑÑÑÑÑÐ²Ð¾Ð²Ð°ÑÑ, ÑÐ¸Ð¼Ð²Ð¾Ð»Ñ Ð´Ð»Ñ 
kernel32.dll Ð½Ðµ Ð·Ð°Ð³ÑÑÐ¶ÐµÐ½Ñ]        
        ntdll.dll!778237f5()    
        ntdll.dll!778237c8()

------------------------------------------------------------------------
[2012-05-02 05:32:13] andrey at tranvi dot info

Description:
------------
Here: http://pastebin.com/SPgP5xQX php code, minified for crashing.
Here: http://pastebin.com/MYZj9cPB sql code for creating database for test.

First, I try create prepared query:

$q=$db->prepare($sql);

when, in loop, I call $q->execute() with some params.

So, when I call execute() without any params - all ok. With 1 or 2 simple 
parameters - all ok too. When parameters is array of 11 elements, PHP core 
crash.

Under debug version, it's write this log:

[Wed May 02 10:11:46 2012] [error] [client 127.0.0.1] PHP Warning:  String is 
not zero-terminated
(String is not zero-terminated
(ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
ZZZZZZZZE\xc2'\x1eZZ)\xf0\x15d\x10\xc4\x01) (source:
c:\\php-sdk\\php53dev\\vc9\\x86\\zend\\zend_execute_api.c:447) in
D:\\test\\yii\\testing\\test_niokr.php on line 107, referer: 
http://localhost/testing/


I tested it under php5.3.10, php5.3.11 (binary download from official site)
and sself build 5.3.11 with VC9,thread safe, debug version

Release version simple crash. Debug version write many warnings, and crash too.


Test script:
---------------
Here: http://pastebin.com/SPgP5xQX php code, minified for crashing.
Here: http://pastebin.com/MYZj9cPB sql code



------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=61895&edit=1

Bug #61895 [Opn]: PHP core crash when call $pdoStmt->execute($array_params) with PDO_Firebird

Reply via email to