From: geoff at lollywollydoodle dot com
Operating system: OS X 10.8.2
PHP version: 5.3.18
Package: MySQL related
Bug Type: Bug
Bug description:mysqlnd_stmt::bind_one_parameter uses wrong alloc for
stmt->param_bind
Description:
------------
This issue is specific to PDO, mysqlnd, PDO::ATTR_EMULATE_PREPARES =>
false, and
PDO::ATTR_PERSISTENT => true.
When you run a prepared statement with parameters this way, PHP crashes.
My fix is essentially the same as the one for bug 61411 but just in a
different
function. I browsed around git for at some other HEADs including master
and it
looks like this issue is still there in all of them.
Test script:
---------------
$dbh = new PDO('mysql:host=' . DBHOST . ';dbname=' . DBDATA, DBUSER,
DBPASS,
array(PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_PERSISTENT
=>
true));
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$s = $dbh->prepare('select * from t where id = :id limit 1');
$s->execute(array(':id' => 1));
$r = $s->fetch(PDO::FETCH_ASSOC);
Expected result:
----------------
Script to not crash, result set to be available
Actual result:
--------------
PHP crashes (php-cgi or httpd process).
#0 0x00007fff89a4a558 in malloc_error_break ()
#1 0x00007fff89a4b912 in free ()
#2 0x000000010a874c00 in _mysqlnd_pefree (ptr=0x103, persistent=1 '\001')
at
mysqlnd_debug.c:1062
#3 0x000000010a876107 in php_mysqlnd_stmt_free_stmt_content_pub
(s=0x7fdb94bf44d0) at mysqlnd_ps.c:2114
#4 0x000000010a877023 in php_mysqlnd_stmt_net_close_priv
(s=0x7fdb94bf44d0,
implicit=33 '!') at mysqlnd_ps.c:2209
#5 0x000000010a875f6e in php_mysqlnd_stmt_dtor_pub (s=0x103, implicit=0
'\0')
at mysqlnd_ps.c:2236
#6 0x000000010a756233 in pdo_mysql_stmt_dtor (stmt=0x10ae7f438) at
mysql_statement.c:64
#7 0x000000010a7503a5 in free_statement (stmt=0x103) at pdo_stmt.c:2406
#8 0x000000010a8f0041 in zend_objects_store_del_ref_by_handle_ex
(handle=259,
handlers=0x10af16000) at zend_objects_API.c:220
#9 0x000000010a8f00fa in zend_objects_store_del_ref (zobject=0x10b122100)
at
zend_objects_API.c:173
#10 0x000000010a8c46da in _zval_dtor [inlined] () at /Users/geoff/php-
5.3.17/Zend/zend_variables.h:35
#11 0x000000010a8c46da in _zval_ptr_dtor (zval_ptr=0x103) at
zend_variables.h:447
#12 0x000000010a9354dd in zend_leave_helper_SPEC (execute_data=0x103) at
zend_vm_execute.h:160
#13 0x000000010a934b31 in execute (op_array=0x103) at
zend_vm_execute.h:107
#14 0x000000010a8c5af5 in zend_call_function (fci=0x7fff55971af8) at
zend_execute_API.c:969
#15 0x000000010a8072f6 in zif_call_user_func_array (ht=259,
return_value=0x10b1214d0, return_value_ptr=0x1000, this_ptr=0x7fff8a0f45de,
return_value_used=0) at basic_functions.c:4814
#16 0x000000010a934439 in zend_do_fcall_common_helper_SPEC
(execute_data=0x103)
at zend_vm_execute.h:320
#17 0x000000010a934b31 in execute (op_array=0x10b041508) at
zend_vm_execute.h:107
#18 0x000000010a8c5af5 in zend_call_function (fci=0x7fff55971d98) at
zend_execute_API.c:969
#19 0x000000010a8072f6 in zif_call_user_func_array (ht=184816904,
return_value=0x10b12a6e8, return_value_ptr=0x1000, this_ptr=0x7fff8a0f45de,
return_value_used=0) at basic_functions.c:4814
#20 0x000000010a934439 in zend_do_fcall_common_helper_SPEC
(execute_data=0x10b041508) at zend_vm_execute.h:320
#21 0x000000010a934b31 in execute (op_array=0x10b040fa0) at
zend_vm_execute.h:107
#22 0x000000010a8cf878 in zend_execute_scripts (type=8,
retval=0x7fff55972010,
file_count=1435967504) at zend.c:1236
#23 0x000000010a87db02 in php_execute_script (primary_file=0x7fff559726b8)
at
main.c:2308
#24 0x000000010a949c90 in php_handler (r=0x10b040fa0) at
sapi_apache2.c:669
#25 0x000000010a28ee8d in ap_run_handler ()
#26 0x000000010a28f592 in ap_invoke_handler ()
#27 0x000000010a2c4e44 in ap_internal_redirect ()
#28 0x000000010a5e2d65 in handler_redirect ()
#29 0x000000010a28ee8d in ap_run_handler ()
#30 0x000000010a28f592 in ap_invoke_handler ()
#31 0x000000010a2c4efb in ap_process_request ()
#32 0x000000010a2c1043 in ap_process_http_connection ()
#33 0x000000010a2a40ad in ap_run_process_connection ()
#34 0x000000010a2a465b in ap_process_connection ()
#35 0x000000010a2ceeec in child_main ()
#36 0x000000010a2cd99e in make_child ()
#37 0x000000010a2cda50 in startup_children ()
#38 0x000000010a2ccb1f in ap_mpm_run ()
#39 0x000000010a297b12 in main ()
--
Edit bug report at https://bugs.php.net/bug.php?id=63530&edit=1
--
Try a snapshot (PHP 5.4):
https://bugs.php.net/fix.php?id=63530&r=trysnapshot54
Try a snapshot (PHP 5.3):
https://bugs.php.net/fix.php?id=63530&r=trysnapshot53
Try a snapshot (trunk):
https://bugs.php.net/fix.php?id=63530&r=trysnapshottrunk
Fixed in SVN: https://bugs.php.net/fix.php?id=63530&r=fixed
Fixed in release: https://bugs.php.net/fix.php?id=63530&r=alreadyfixed
Need backtrace: https://bugs.php.net/fix.php?id=63530&r=needtrace
Need Reproduce Script: https://bugs.php.net/fix.php?id=63530&r=needscript
Try newer version: https://bugs.php.net/fix.php?id=63530&r=oldversion
Not developer issue: https://bugs.php.net/fix.php?id=63530&r=support
Expected behavior: https://bugs.php.net/fix.php?id=63530&r=notwrong
Not enough info:
https://bugs.php.net/fix.php?id=63530&r=notenoughinfo
Submitted twice:
https://bugs.php.net/fix.php?id=63530&r=submittedtwice
register_globals: https://bugs.php.net/fix.php?id=63530&r=globals
PHP 4 support discontinued: https://bugs.php.net/fix.php?id=63530&r=php4
Daylight Savings: https://bugs.php.net/fix.php?id=63530&r=dst
IIS Stability: https://bugs.php.net/fix.php?id=63530&r=isapi
Install GNU Sed: https://bugs.php.net/fix.php?id=63530&r=gnused
Floating point limitations: https://bugs.php.net/fix.php?id=63530&r=float
No Zend Extensions: https://bugs.php.net/fix.php?id=63530&r=nozend
MySQL Configuration Error: https://bugs.php.net/fix.php?id=63530&r=mysqlcfg
