#41125 [NoF-Opn]: PDO mysql + quote() + prepare() can result in seg fault

2008-05-23 Thread ed at bronto dot com 
 ID:   41125
 User updated by:  ed at bronto dot com
 Reported By:  ed at bronto dot com
-Status:   No Feedback
+Status:   Open
 Bug Type: PDO related
 Operating System: Centos
 PHP Version:  5.2.1
 New Comment:

reopened due to backtrace


Previous Comments:


[2008-05-23 19:48:07] afranco at middlebury dot edu

I have the same issue as this bug and am posting here rather than
opening a new bug report. I found that the issue is not reliant on usage
of quote(), but rather the presence of escaped quotes in the SQL query
string.

Tested on PHP 5.2CVS-2008-05-23(Snap)

Reproduce code:
---
The following URL has several extended test scripts and source, as well
as the MySQL table definition/data to reproduce this bug:

http://slug.middlebury.edu/~afranco/PHP_PDO_segfault/


Expected result:

No errors should occur.


Actual result:
--
Here is the backtrace from running my segfault_test_short.php script:

Program received signal SIGSEGV, Segmentation fault.

#0  0x4020540c in memcpy () from /lib/tls/libc.so.6
#1  0x40cd543b in pdo_parse_params (stmt=0x8326320, 
inquery=0x83264ac SELECT * \nFROM \n\t`az2_explicit_az` \nWHERE
\n\t`fk_agent` IN ('Tim O\\'Brien - abcdefghijklmnopqrstuvwxyzabc')\n\t
AND `fk_qualifier`=?, inquery_len=129, outquery=0x832636c,
outquery_len=0x8326370)
at /usr/local/src/php5.2-200805231430/ext/pdo/pdo_sql_parser.c:502
#2  0x40ccee0c in zim_PDOStatement_execute (ht=0,
return_value=0x8326710, return_value_ptr=0x0, this_ptr=0x8325cb8,
return_value_used=0)
at /usr/local/src/php5.2-200805231430/ext/pdo/pdo_stmt.c:482
#3  0x40ea7c5b in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfffb730) at zend_vm_execute.h:200
#4  0x40ea81a7 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0xbfffb730) at zend_vm_execute.h:322
#5  0x40ea786e in execute (op_array=0x83242ec) at zend_vm_execute.h:92
#6  0x40e87c08 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /usr/local/src/php5.2-200805231430/Zend/zend.c:1134
#7  0x40e3fb0e in php_execute_script (primary_file=0xbfffda40) at
/usr/local/src/php5.2-200805231430/main/main.c:2005
#8  0x40eef991 in apache_php_module_main (r=0x8522648,
display_source_mode=0)
at /usr/local/src/php5.2-200805231430/sapi/apache/sapi_apache.c:53
#9  0x40ef06fc in send_php (r=0x8522648, display_source_mode=0,
filename=0x85243b0 )
at /usr/local/src/php5.2-200805231430/sapi/apache/mod_php5.c:664
#10 0x40ef0747 in send_parsed_php (r=0x8522648) at
/usr/local/src/php5.2-200805231430/sapi/apache/mod_php5.c:679
#11 0x08057b67 in ap_invoke_handler ()
#12 0x0806a501 in process_request_internal ()
#13 0x0806a700 in ap_process_request ()
#14 0x08060a3b in child_main ()
#15 0x08060dd6 in make_child ()
#16 0x08060f0a in startup_children ()
#17 0x0806257c in standalone_main ()
#18 0x080638b2 in main ()



[2007-04-25 01:00:00] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to Open.



[2007-04-17 20:36:46] [EMAIL PROTECTED]

Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to Open. Thank you for helping
us make PHP better.





[2007-04-17 20:34:45] ed at bronto dot com

Description:

Using PDO-quote on a portion of a query to be prepared will result in
a seg fault if:

- there is a bound parameter after the quoted value
- emulated prepares is on (1)
- mysql

If emulated prepares is off (0), the query fails.  This should also be
considered a bug.

Reproduce code:
---
//test.php

//the mysql table first: create table ed (id int not null, name
varchar(255) not null);

$db = new PDO('mysql:host=' . HOST . ';dbname=' . NAME, USERNAME,
PASSWORD);
$db-setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db-setAttribute(PDO::ATTR_EMULATE_PREPARES, 1);

$search = o'riley;

$values = array();
$sql = select id from ed where name like  . $db-quote('%' . $search
. '%');
$sth = $db-prepare($sql);
$sth-execute($values);
echo(here\n);

$values = array('id' = 1233434);
$sql = select id from ed where name like  . $db-quote('%' . $search
. '%') .  and id = :id;
$sth = $db-prepare($sql);
$sth-execute($values);
echo(there\n

#43225 [NEW]: fputcsv incorrectly handles cells ending in \ followed by

2007-11-09 Thread ed at bronto dot com 
From: ed at bronto dot com
Operating system: Centos
PHP version:  5.2.4
PHP Bug Type: Filesystem function related
Bug description:  fputcsv incorrectly handles cells ending in \ followed by  

Description:

Using fputcsv to output a cell that ends with a \ followed by double
quotes () causes it to not use any escape sequence.  Oddly, fgetscsv is
able to parse it correctly.  Unlike fgetscsv, I assume fputcsv follows RFC
4180 and uses  as the escape character.

Reproduce code:
---
$row = array();
$row[] = 'a\\';
$row[] = 'bbb';

$fp = fopen('test.csv', 'w+');
fputcsv($fp, $row);
fclose($fp);






Expected result:

expected output: a\,bbb

Actual result:
--
actual output: a\,bbb

-- 
Edit bug report at http://bugs.php.net/?id=43225edit=1
-- 
Try a CVS snapshot (PHP 4.4): 
http://bugs.php.net/fix.php?id=43225r=trysnapshot44
Try a CVS snapshot (PHP 5.2): 
http://bugs.php.net/fix.php?id=43225r=trysnapshot52
Try a CVS snapshot (PHP 5.3): 
http://bugs.php.net/fix.php?id=43225r=trysnapshot53
Try a CVS snapshot (PHP 6.0): 
http://bugs.php.net/fix.php?id=43225r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=43225r=fixedcvs
Fixed in release: 
http://bugs.php.net/fix.php?id=43225r=alreadyfixed
Need backtrace:   http://bugs.php.net/fix.php?id=43225r=needtrace
Need Reproduce Script:http://bugs.php.net/fix.php?id=43225r=needscript
Try newer version:http://bugs.php.net/fix.php?id=43225r=oldversion
Not developer issue:  http://bugs.php.net/fix.php?id=43225r=support
Expected behavior:http://bugs.php.net/fix.php?id=43225r=notwrong
Not enough info:  
http://bugs.php.net/fix.php?id=43225r=notenoughinfo
Submitted twice:  
http://bugs.php.net/fix.php?id=43225r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=43225r=globals
PHP 3 support discontinued:   http://bugs.php.net/fix.php?id=43225r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=43225r=dst
IIS Stability:http://bugs.php.net/fix.php?id=43225r=isapi
Install GNU Sed:  http://bugs.php.net/fix.php?id=43225r=gnused
Floating point limitations:   http://bugs.php.net/fix.php?id=43225r=float
No Zend Extensions:   http://bugs.php.net/fix.php?id=43225r=nozend
MySQL Configuration Error:http://bugs.php.net/fix.php?id=43225r=mysqlcfg

#41125 [NEW]: PDO mysql + quote() + prepare() can result in seg fault

2007-04-17 Thread ed at bronto dot com 
From: ed at bronto dot com
Operating system: Centos
PHP version:  5.2.1
PHP Bug Type: PDO related
Bug description:  PDO mysql + quote() + prepare() can result in seg fault

Description:

Using PDO-quote on a portion of a query to be prepared will result in a
seg fault if:

- there is a bound parameter after the quoted value
- emulated prepares is on (1)
- mysql

If emulated prepares is off (0), the query fails.  This should also be
considered a bug.

Reproduce code:
---
//test.php

//the mysql table first: create table ed (id int not null, name
varchar(255) not null);

$db = new PDO('mysql:host=' . HOST . ';dbname=' . NAME, USERNAME,
PASSWORD);
$db-setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db-setAttribute(PDO::ATTR_EMULATE_PREPARES, 1);

$search = o'riley;

$values = array();
$sql = select id from ed where name like  . $db-quote('%' . $search .
'%');
$sth = $db-prepare($sql);
$sth-execute($values);
echo(here\n);

$values = array('id' = 1233434);
$sql = select id from ed where name like  . $db-quote('%' . $search .
'%') .  and id = :id;
$sth = $db-prepare($sql);
$sth-execute($values);
echo(there\n);


Expected result:

No errors should occur.

Should print here\nthere\n.

Actual result:
--
[EMAIL PROTECTED] php test.php
here
Segmentation fault


-- 
Edit bug report at http://bugs.php.net/?id=41125edit=1
-- 
Try a CVS snapshot (PHP 4.4): 
http://bugs.php.net/fix.php?id=41125r=trysnapshot44
Try a CVS snapshot (PHP 5.2): 
http://bugs.php.net/fix.php?id=41125r=trysnapshot52
Try a CVS snapshot (PHP 6.0): 
http://bugs.php.net/fix.php?id=41125r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=41125r=fixedcvs
Fixed in release: 
http://bugs.php.net/fix.php?id=41125r=alreadyfixed
Need backtrace:   http://bugs.php.net/fix.php?id=41125r=needtrace
Need Reproduce Script:http://bugs.php.net/fix.php?id=41125r=needscript
Try newer version:http://bugs.php.net/fix.php?id=41125r=oldversion
Not developer issue:  http://bugs.php.net/fix.php?id=41125r=support
Expected behavior:http://bugs.php.net/fix.php?id=41125r=notwrong
Not enough info:  
http://bugs.php.net/fix.php?id=41125r=notenoughinfo
Submitted twice:  
http://bugs.php.net/fix.php?id=41125r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=41125r=globals
PHP 3 support discontinued:   http://bugs.php.net/fix.php?id=41125r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=41125r=dst
IIS Stability:http://bugs.php.net/fix.php?id=41125r=isapi
Install GNU Sed:  http://bugs.php.net/fix.php?id=41125r=gnused
Floating point limitations:   http://bugs.php.net/fix.php?id=41125r=float
No Zend Extensions:   http://bugs.php.net/fix.php?id=41125r=nozend
MySQL Configuration Error:http://bugs.php.net/fix.php?id=41125r=mysqlcfg