Edit report at https://bugs.php.net/bug.php?id=63075&edit=1
ID: 63075
User updated by: Ew6jQ8tSJhf3 at dyweni dot com
Reported by: Ew6jQ8tSJhf3 at dyweni dot com
Summary: PHP Segfault in PDO ODBC Execute
Status: Open
Type: Bug
Package: PDO related
Operating System: Linux x86_64 (CentOS 5.8 final)
PHP Version: 5.4.6
Block user comment: N
Private report: N
New Comment:
I tested the 5.3.16-1.ius.el5 version of PHP from the IUS repository... These
have the same issue.
I tested the 5.3.3-13.el5_8 version of PHP from the CentOS5 Updates
repository... These work OK.
Previous Comments:
------------------------------------------------------------------------
[2012-09-12 19:22:30] Ew6jQ8tSJhf3 at dyweni dot com
Breaking GDB at /usr/src/debug/php-5.4.6/ext/pdo/pdo_stmt.c:514:
(gdb) p stmt
$6 = (pdo_stmt_t *) 0x2aaaab283960
(gdb) p *stmt
$7 = {std = {ce = 0xbbd490, properties = 0x0, properties_table =
0x2aaaab284440, guards = 0x0}, methods = 0x2aaab09b9640, driver_data =
0x2aaaab283ad8, executed = 0,
supports_placeholders = 2, _reserved = 0, column_count = 0,
columns = 0x0, database_object_handle = {value = {lval = 46909632806913, dval
= 2.3176438028923198e-310, str = {val = 0x2aaa00000001 <Address 0x2aaa00000001
out of
bounds>, len = -1336223392}, ht = 0x2aaa00000001, obj = {handle = 1,
handlers = 0x2aaab05ad960}}, refcount__gc = 2, type = 5 '\005',
is_ref__gc = 0 '\000'}, dbh = 0x2aaaab2842b0, bound_params = 0x0,
bound_param_map = 0x0,
bound_columns = 0x0, row_count = 0,
query_string = 0x2aaaab284c20 "SELECT fid, original_filename, dateUploaded,
filesize, client FROM upload ORDER BY dateUploaded DESC", query_stringlen =
100,
active_query_string = 0x0, active_query_stringlen = 0, error_code = "00000",
lazy_object_ref = {value = {lval = 0, dval = 0, str = {val = 0x0, len = 0},
ht = 0x0, obj = {handle = 0, handlers = 0x0}}, refcount__gc = 0, type = 0
'\000', is_ref__gc
= 0 '\000'}, refcount = 1, default_fetch_type = PDO_FETCH_BOTH,
fetch = {column = 0, cls = {ce = 0x0, ctor_args = 0x0, retval_ptr = 0x0, fci
= {size = 0, function_table = 0x0, function_name = 0x0, symbol_table = 0x0,
retval_ptr_ptr =
0x0, param_count = 0, params = 0x0, object_ptr = 0x0,
no_separation = 0 '\000'}, fcc = {initialized = 0 '\000',
function_handler = 0x0, calling_scope = 0x0, called_scope = 0x0, object_ptr =
0x0}}, func = {function =
0x0, fetch_args = 0x0, object = 0x0, fci = {size = 0,
function_table = 0x0, function_name = 0x0, symbol_table = 0x0,
retval_ptr_ptr = 0x0, param_count = 0, params = 0x0, object_ptr = 0x0,
no_separation = 0 '\000'},
fcc = {initialized = 0 '\000', function_handler = 0x0,
calling_scope = 0x0, called_scope = 0x0, object_ptr = 0x0}, values =
0x0}, into = 0x0}, named_rewrite_template = 0x0}
(gdb) n
515 if (stmt->active_query_string &&
stmt->active_query_string != stmt->query_string) {
(gdb) p stmt
$12 = (pdo_stmt_t *) 0x2aaaffffffff
(gdb) p *stmt
Cannot access memory at address 0x2aaaffffffff
------------------------------------------------------------------------
[2012-09-12 19:17:09] Ew6jQ8tSJhf3 at dyweni dot com
Description:
------------
PHP 5.4.6
Microsoft SQL Server ODBC Driver V1.0 for Linux
PHP Segfaults while executing the call '$sth->execute()'
GDB Backtrace is:
Program received signal SIGSEGV, Segmentation fault.
zim_PDOStatement_execute (ht=<value optimized out>,
return_value=0x2aaaab284210,
return_value_ptr=<value optimized out>,
this_ptr=<value optimized out>, return_value_used=<value optimized out>)
at /usr/src/debug/php-5.4.6/ext/pdo/pdo_stmt.c:515
515 if (stmt->active_query_string && stmt-
>active_query_string != stmt->query_string) {
(gdb) bt
#0 zim_PDOStatement_execute (ht=<value optimized out>,
return_value=0x2aaaab284210, return_value_ptr=<value optimized out>,
this_ptr=<value optimized out>, return_value_used=<value optimized out>)
at /usr/src/debug/php-5.4.6/ext/pdo/pdo_stmt.c:515
#1 0x00000000006005e5 in zend_do_fcall_common_helper_SPEC
(execute_data=0x2aaaab250060) at /usr/src/debug/php-
5.4.6/Zend/zend_vm_execute.h:642
#2 0x000000000060643e in execute (op_array=0x2aaaab282fc8) at
/usr/src/debug/php-5.4.6/Zend/zend_vm_execute.h:410
#3 0x00000000005d1a8e in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /usr/src/debug/php-5.4.6/Zend/zend.c:1289
#4 0x0000000000576c38 in php_execute_script (primary_file=0x7fffffffc190) at
/usr/src/debug/php-5.4.6/main/main.c:2473
#5 0x00000000006785ed in do_cli (argc=2, argv=0x7fffffffd4b8) at
/usr/src/debug/php-5.4.6/sapi/cli/php_cli.c:988
#6 0x0000000000678f6d in main (argc=2, argv=0x7fffffffd4b8) at
/usr/src/debug/php-5.4.6/sapi/cli/php_cli.c:1364
Valgrind Output is:
==9423== Memcheck, a memory error detector
==9423== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==9423== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info
==9423== Command: php test.php
==9423==
==9423== Invalid read of size 8
==9423== at 0xA7588B4: zim_PDOStatement_execute (pdo_stmt.c:515)
==9423== by 0x6005E4: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:642)
==9423== by 0x60643D: execute (zend_vm_execute.h:410)
==9423== by 0x5D1A8D: zend_execute_scripts (zend.c:1289)
==9423== by 0x576C37: php_execute_script (main.c:2473)
==9423== by 0x6785EC: do_cli (php_cli.c:988)
==9423== by 0x678F6C: main (php_cli.c:1364)
==9423== Address 0x10000008f is not stack'd, malloc'd or (recently) free'd
==9423==
==9423==
==9423== Process terminating with default action of signal 11 (SIGSEGV)
==9423== Access not within mapped region at address 0x10000008F
==9423== at 0xA7588B4: zim_PDOStatement_execute (pdo_stmt.c:515)
==9423== by 0x6005E4: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:642)
==9423== by 0x60643D: execute (zend_vm_execute.h:410)
==9423== by 0x5D1A8D: zend_execute_scripts (zend.c:1289)
==9423== by 0x576C37: php_execute_script (main.c:2473)
==9423== by 0x6785EC: do_cli (php_cli.c:988)
==9423== by 0x678F6C: main (php_cli.c:1364)
==9423== If you believe this happened as a result of a stack
==9423== overflow in your program's main thread (unlikely but
==9423== possible), you can try to increase the size of the
==9423== main thread stack using the --main-stacksize= flag.
==9423== The main thread stack size used in this run was 10485760.
==9423==
==9423== HEAP SUMMARY:
==9423== in use at exit: 4,021,443 bytes in 19,132 blocks
==9423== total heap usage: 22,569 allocs, 3,437 frees, 5,755,940 bytes
allocated
Test script:
---------------
<?php
$pdo = new PDO('odbc:TestDB', "TestUser", "TestPassword");
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = 'SELECT fid, original_filename, dateUploaded, filesize, client FROM
upload ORDER BY dateUploaded DESC';
$sth = $pdo->prepare($stmt);
$sth->execute();
var_dump($sth->fetchAll());
Expected result:
----------------
The script should output the results from $sth->fetchAll.
Actual result:
--------------
The script crashes with a Segmentation Fault.
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=63075&edit=1
