Edit report at https://bugs.php.net/bug.php?id=53716&edit=1
ID: 53716 Updated by: johan...@php.net Reported by: anthon dot pang at gmail dot com Summary: segfault in $stmt->execute() -Status: Closed +Status: Duplicate Type: Bug Package: PDO related Operating System: Ubuntu 10.04 PHP Version: 5.3.5 Assigned To: johannes Block user comment: N Private report: N New Comment: Same as (fixed) bug #61411 Previous Comments: ------------------------------------------------------------------------ [2013-01-08 11:16:14] johan...@php.net Thank you for your bug report. This issue has already been fixed in the latest released version of PHP, which you can download at http://www.php.net/downloads.php This seems to be fixed as of 5.3.14 and 5.4.4. ------------------------------------------------------------------------ [2013-01-08 03:50:22] ras...@php.net Johannes, could you take a look. We are freeing an invalid pointer here somehow. I was able to replicate it. It is on the free of a bound param. ext/pdo_mysql/mysql_statement.c does: if (S->stmt) { pdo_mysql_stmt_close(S->stmt); S->stmt = NULL; } which hits mysqlnd_stmt::dtor() in ext/mysqlnd/mysqlnd_ps.c which in turn calls mysqlnd_stmt::net_close() which does: s->m->free_stmt_content(s TSRMLS_CC); which, of course, hits mysqlnd_stmt::free_stmt_content() which calls: s->m->free_parameter_bind(s, stmt->param_bind TSRMLS_CC); which calls _mysqlnd_pefree() and we get the crash on the pefree() there in mysqlnd_alloc.c Interestingly enough there is no crash when run using USE_ZEND_ALLOC=0 ------------------------------------------------------------------------ [2013-01-08 03:14:22] avejidah at hotmail dot com I see that it's been a year since anyone posted here. This problem still exists in Ubuntu 12.04, fully updated mysqlnd 5.0.8-dev PHP 5.3.10-1ubuntu3.4 with Suhosin-Patch (cli) (built: Sep 12 2012 19:00:43) Copyright (c) 1997-2012 The PHP Group Zend Engine v2.3.0, Copyright (c) 1998-2012 Zend Technologies with Xdebug v2.1.0, Copyright (c) 2002-2010, by Derick Rethans -------- $conStr = 'mysql:host=localhost;port=3306;dbname=MASKED;charset=utf8'; $username = 'MASKED'; $password = 'MASKED'; $userID = 3; $pdo = new PDO($conStr, $username, $password, array ( PDO::ATTR_PERSISTENT => true, PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_EMULATE_PREPARES => false // Change to true = no crash. )); $stmt = $pdo->prepare (" SELECT * FROM Users u WHERE userID = :userID "); $stmt->bindValue(':userID', $userID); echo "Bound..."; if ($stmt->execute()) { echo 'Success'; } else throw new Exception('Failed to exec.'); ---- ------------------------------------------------------------------------ [2012-01-18 16:51:16] silvio dot ginter at volz-itsc dot de +1 for me.... This problem still exists in PHP 5.3.9 under OpenSUSE 11.4. All packages were taken from OpenSUSE Yast Repositories. Output of Apache HTTP Daemon: ----------------------------- [Wed Jan 18 16:45:06 2012] [notice] Apache/2.2.21 (Linux/SUSE) mod_ssl/2.2.21 OpenSSL/1.0.0c PHP/5.3.9 configured -- resuming normal operations *** glibc detected *** /usr/sbin/httpd2-prefork: free(): invalid pointer: 0x00007f1902d75608 *** Output of php -i | grep mysql ----------------------------- /etc/php5/conf.d/mysql.ini, /etc/php5/conf.d/mysqli.ini, /etc/php5/conf.d/mysqlnd.ini, /etc/php5/conf.d/pdo_mysql.ini, mysql Client API version => mysqlnd 5.0.8-dev - 20102224 - $Revision: 321634 $ mysql.allow_local_infile => On => On mysql.allow_persistent => On => On mysql.connect_timeout => 60 => 60 mysql.default_host => no value => no value mysql.default_password => no value => no value mysql.default_port => no value => no value mysql.default_socket => /var/lib/mysql/mysql.sock => /var/lib/mysql/mysql.sock mysql.default_user => no value => no value mysql.max_links => Unlimited => Unlimited mysql.max_persistent => Unlimited => Unlimited mysql.trace_mode => Off => Off mysqli Client API library version => mysqlnd 5.0.8-dev - 20102224 - $Revision: 321634 $ mysqli.allow_local_infile => On => On mysqli.allow_persistent => On => On mysqli.default_host => no value => no value mysqli.default_port => 3306 => 3306 mysqli.default_pw => no value => no value mysqli.default_socket => /var/lib/mysql/mysql.sock => /var/lib/mysql/mysql.sock mysqli.default_user => no value => no value mysqli.max_links => Unlimited => Unlimited mysqli.max_persistent => Unlimited => Unlimited mysqli.reconnect => Off => Off mysqlnd mysqlnd => enabled Version => mysqlnd 5.0.8-dev - 20102224 - $Revision: 321634 $ Tracing => d:t:x:O,/tmp/mysqlnd.trace PDO drivers => mysql, odbc, pgsql, sqlite, sqlite2 pdo_mysql Client API version => mysqlnd 5.0.8-dev - 20102224 - $Revision: 321634 $ pdo_mysql.default_socket => /var/lib/mysql/mysql.sock => /var/lib/mysql/mysql.sock ------------------------------------------------------------------------ [2011-06-13 03:33:31] fel...@php.net Please try using this snapshot: http://snaps.php.net/php5.3-latest.tar.gz For Windows: http://windows.php.net/snapshots/ ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=53716 -- Edit this bug report at https://bugs.php.net/bug.php?id=53716&edit=1
