From: barry dot verdon at complinet dot com
Operating system: Win XP SP2 & Debian 2.6.10
PHP version: 5.1.4
PHP Bug Type: PDO related
Bug description: Pesistent flag & assigning PDO instances to and array more
than once
Description:
------------
When assigning instances of PDO objects within the scope of a function to
an array with global scope or scope outside that function it causes a seg
fault when accessing a member of the PDO object on the second run of the
function.
It can also be within a class with the array being a member of the class
and the function being the method of the class.
It only happens when the persistent flag is set to true.
On the second run of the function when the PDO instance is assigned to the
array the symbol table seems to get corrupted, no seg fault occurs but
object id's start getting recycled with new instances. Only when the
member is accessed again after this corruption does a seg fault occur.
Tested it on :
5.1.4 - CLI and Apache 2.0.54 - Windows XP SP2
5.2.0dev200605221830 - CLI - Windows XP SP2
5.0.5 - CLI - Debian 2.6.10 (Unstable)
Reproduce code:
---------------
<?
global $instances; $instances = array();
function run()
{
global $instances;
$dsn = 'mysql:host=localhost;port=3306;dbname=test;'; // Version
4.1.14, same with pgsql 8.1
$username = 'test.user'; $password = 'test';
$driverOptions = array(PDO::ATTR_PERSISTENT=>true);
$instance = new PDO($dsn, $username, $password, $driverOptions);
$instance->test = 'test';
$instances['test'] = $instance; // This is the line that causes the
damage on the 2nd run
var_dump($instance);
$instance->test = 'test'; // This is the line that seg faults on 2nd
run
print_r('Test');
}
run(); run();
?>
Expected result:
----------------
To see the var_dump of $instance with the member test with a value of
'test' in it and the print of 'Test' TWICE.
Actual result:
--------------
On second function call, var_dump of $instance no longer has the test
member in it and 'Test' does not get printed out a second time.
Starting program: /usr/local/bin/php test.php
Test
Program received signal SIGSEGV, Segmentation fault.
0x082065cd in zend_hash_quick_find (ht=0x0, arKey=0x84d469c "test",
nKeyLength=5, h=275477765, pData=0xbfffcd74) at
/share/php-5.0.5/Zend/zend_hash.c:879
879 p = ht->arBuckets[nIndex];
(gdb) backtrace
#0 0x082065cd in zend_hash_quick_find (ht=0x0, arKey=0x84d469c "test",
nKeyLength=5, h=275477765, pData=0xbfffcd74) at
/share/php-5.0.5/Zend/zend_hash.c:879
#1 0x0821313d in zend_std_write_property (object=0x84d3e04,
member=0x84d3a04, value=0x84d3d2c) at
/share/php-5.0.5/Zend/zend_object_handlers.c:362
#2 0x0822b5eb in zend_assign_to_object (result=0x84d39d8,
object_ptr=0x84d4250, op2=<value optimized out>, value_op=0x84d3a38,
Ts=0xbfffce40, opcode=136)
at /share/php-5.0.5/Zend/zend_execute.c:437
#3 0x0822b9a9 in zend_assign_obj_handler (execute_data=0xbfffd154,
opline=0x84d39d4, op_array=0x84d3ba0) at
/share/php-5.0.5/Zend/zend_execute.c:2239
#4 0x0821dd22 in execute (op_array=0x84d3ba0) at
/share/php-5.0.5/Zend/zend_execute.c:1437
#5 0x0821fe45 in zend_do_fcall_common_helper (execute_data=0xbfffd304,
opline=0x84d1dac, op_array=0x84cd9cc) at
/share/php-5.0.5/Zend/zend_execute.c:2789
#6 0x0822e317 in zend_do_fcall_handler (execute_data=0xbfffd304,
opline=0x84d1dac, op_array=0x84cd9cc) at
/share/php-5.0.5/Zend/zend_execute.c:2894
#7 0x0821dd22 in execute (op_array=0x84cd9cc) at
/share/php-5.0.5/Zend/zend_execute.c:1437
#8 0x08200253 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at /share/php-5.0.5/Zend/zend.c:1064
#9 0x081cb1db in php_execute_script (primary_file=0xbffff6a0) at
/share/php-5.0.5/main/main.c:1643
#10 0x08235efa in main (argc=2, argv=0xbffff774) at
/share/php-5.0.5/sapi/cli/php_cli.c:946
#4 0x0821dd22 in execute (op_array=0x84d3ba0) at
/share/php-5.0.5/Zend/zend_execute.c:1437
1437 if (EX(opline)->handler(&execute_data, EX(opline),
op_array TSRMLS_CC)) {
--
Edit bug report at http://bugs.php.net/?id=37559&edit=1
--
Try a CVS snapshot (PHP 4.4):
http://bugs.php.net/fix.php?id=37559&r=trysnapshot44
Try a CVS snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=37559&r=trysnapshot52
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=37559&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=37559&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=37559&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=37559&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=37559&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=37559&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=37559&r=support
Expected behavior: http://bugs.php.net/fix.php?id=37559&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=37559&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=37559&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=37559&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=37559&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=37559&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=37559&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=37559&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=37559&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=37559&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=37559&r=mysqlcfg
