Edit report at https://bugs.php.net/bug.php?id=63530&edit=1
ID: 63530 Updated by: u...@php.net Reported by: geoff at lollywollydoodle dot com Summary: mysqlnd_stmt::bind_one_parameter uses wrong alloc for stmt->param_bind Status: Open Type: Bug Package: MySQL related Operating System: OS X 10.8.2 PHP Version: 5.3.18 -Assigned To: +Assigned To: mysql Block user comment: N Private report: N New Comment: Andrey, can you apply the patch? Looks fine to me. Previous Comments: ------------------------------------------------------------------------ [2012-11-15 18:34:11] geoff at lollywollydoodle dot com Description: ------------ This issue is specific to PDO, mysqlnd, PDO::ATTR_EMULATE_PREPARES => false, and PDO::ATTR_PERSISTENT => true. When you run a prepared statement with parameters this way, PHP crashes. My fix is essentially the same as the one for bug 61411 but just in a different function. I browsed around git for at some other HEADs including master and it looks like this issue is still there in all of them. Test script: --------------- $dbh = new PDO('mysql:host=' . DBHOST . ';dbname=' . DBDATA, DBUSER, DBPASS, array(PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_PERSISTENT => true)); $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $s = $dbh->prepare('select * from t where id = :id limit 1'); $s->execute(array(':id' => 1)); $r = $s->fetch(PDO::FETCH_ASSOC); Expected result: ---------------- Script to not crash, result set to be available Actual result: -------------- PHP crashes (php-cgi or httpd process). #0 0x00007fff89a4a558 in malloc_error_break () #1 0x00007fff89a4b912 in free () #2 0x000000010a874c00 in _mysqlnd_pefree (ptr=0x103, persistent=1 '\001') at mysqlnd_debug.c:1062 #3 0x000000010a876107 in php_mysqlnd_stmt_free_stmt_content_pub (s=0x7fdb94bf44d0) at mysqlnd_ps.c:2114 #4 0x000000010a877023 in php_mysqlnd_stmt_net_close_priv (s=0x7fdb94bf44d0, implicit=33 '!') at mysqlnd_ps.c:2209 #5 0x000000010a875f6e in php_mysqlnd_stmt_dtor_pub (s=0x103, implicit=0 '\0') at mysqlnd_ps.c:2236 #6 0x000000010a756233 in pdo_mysql_stmt_dtor (stmt=0x10ae7f438) at mysql_statement.c:64 #7 0x000000010a7503a5 in free_statement (stmt=0x103) at pdo_stmt.c:2406 #8 0x000000010a8f0041 in zend_objects_store_del_ref_by_handle_ex (handle=259, handlers=0x10af16000) at zend_objects_API.c:220 #9 0x000000010a8f00fa in zend_objects_store_del_ref (zobject=0x10b122100) at zend_objects_API.c:173 #10 0x000000010a8c46da in _zval_dtor [inlined] () at /Users/geoff/php- 5.3.17/Zend/zend_variables.h:35 #11 0x000000010a8c46da in _zval_ptr_dtor (zval_ptr=0x103) at zend_variables.h:447 #12 0x000000010a9354dd in zend_leave_helper_SPEC (execute_data=0x103) at zend_vm_execute.h:160 #13 0x000000010a934b31 in execute (op_array=0x103) at zend_vm_execute.h:107 #14 0x000000010a8c5af5 in zend_call_function (fci=0x7fff55971af8) at zend_execute_API.c:969 #15 0x000000010a8072f6 in zif_call_user_func_array (ht=259, return_value=0x10b1214d0, return_value_ptr=0x1000, this_ptr=0x7fff8a0f45de, return_value_used=0) at basic_functions.c:4814 #16 0x000000010a934439 in zend_do_fcall_common_helper_SPEC (execute_data=0x103) at zend_vm_execute.h:320 #17 0x000000010a934b31 in execute (op_array=0x10b041508) at zend_vm_execute.h:107 #18 0x000000010a8c5af5 in zend_call_function (fci=0x7fff55971d98) at zend_execute_API.c:969 #19 0x000000010a8072f6 in zif_call_user_func_array (ht=184816904, return_value=0x10b12a6e8, return_value_ptr=0x1000, this_ptr=0x7fff8a0f45de, return_value_used=0) at basic_functions.c:4814 #20 0x000000010a934439 in zend_do_fcall_common_helper_SPEC (execute_data=0x10b041508) at zend_vm_execute.h:320 #21 0x000000010a934b31 in execute (op_array=0x10b040fa0) at zend_vm_execute.h:107 #22 0x000000010a8cf878 in zend_execute_scripts (type=8, retval=0x7fff55972010, file_count=1435967504) at zend.c:1236 #23 0x000000010a87db02 in php_execute_script (primary_file=0x7fff559726b8) at main.c:2308 #24 0x000000010a949c90 in php_handler (r=0x10b040fa0) at sapi_apache2.c:669 #25 0x000000010a28ee8d in ap_run_handler () #26 0x000000010a28f592 in ap_invoke_handler () #27 0x000000010a2c4e44 in ap_internal_redirect () #28 0x000000010a5e2d65 in handler_redirect () #29 0x000000010a28ee8d in ap_run_handler () #30 0x000000010a28f592 in ap_invoke_handler () #31 0x000000010a2c4efb in ap_process_request () #32 0x000000010a2c1043 in ap_process_http_connection () #33 0x000000010a2a40ad in ap_run_process_connection () #34 0x000000010a2a465b in ap_process_connection () #35 0x000000010a2ceeec in child_main () #36 0x000000010a2cd99e in make_child () #37 0x000000010a2cda50 in startup_children () #38 0x000000010a2ccb1f in ap_mpm_run () #39 0x000000010a297b12 in main () ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=63530&edit=1