From: squasar at eternalviper dot net
Operating system: *
PHP version: 5.1.0RC1
PHP Bug Type: MySQLi related
Bug description: new mysqli_stmt() crashes if first parameter is not a valid
mysqli_link
Description:
------------
Calling __construct() on mysqli_stmt with an unset variable
as the mysqli_link crashes PHP in mysqli_stmt_construct.
Note that this is actually 5.1.0RC2 (CVS tag
php_5_1_0RC2_PRE). This may affect other MySQLi functions
(?). A possible fix, minus a more informative error message
is here, but my instinct says there may be more going on
behind this than the check in MYSQLI_FETCH_RESOURCE() since
passing a literal NULL or similar instead of an undefined
variable gives an error message instead of crashing.
Index: ext/mysqli/php_mysqli.h
============================================================
=======
RCS file: /repository/php-src/ext/mysqli/php_mysqli.h,v
retrieving revision 1.54
diff -u -r1.54 php_mysqli.h
--- ext/mysqli/php_mysqli.h 3 Aug 2005 14:07:31 -0000
1.54
+++ ext/mysqli/php_mysqli.h 10 Oct 2005 19:17:35 -0000
@@ -202,7 +202,12 @@
#define MYSQLI_FETCH_RESOURCE(__ptr, __type, __id, __name)
\
{ \
MYSQLI_RESOURCE *my_res; \
- mysqli_object *intern = (mysqli_object *)
zend_object_store_get_object(*(__id) TSRMLS_CC);\
+ mysqli_object *intern = NULL; \
+ if (Z_TYPE_PP(__id) != IS_OBJECT) {\
+ php_error(E_WARNING, "Object parameter
invalid"); \
+ RETURN_NULL(); \
+ } \
+ intern = (mysqli_object *)
zend_object_store_get_object(*(__id) TSRMLS_CC);\
if (!(my_res = (MYSQLI_RESOURCE *)intern->ptr)) {\
php_error(E_WARNING, "Couldn't fetch %s",
intern->zo.ce->name);\
RETURN_NULL();\
Reproduce code:
---------------
<?php $s = new mysqli_stmt( $undefined, "SELECT 1 FROM DUAL" ); ?>
Expected result:
----------------
Warning: Object parameter invalid in - on line 1
Actual result:
--------------
Bus error
Thread 0 Crashed:
0 php 0x000c1bb8 zif_mysqli_stmt_construct + 252
(mysqli.c:675)
1 php 0x0020ab88 zend_do_fcall_common_helper_SPEC + 1560
(zend_vm_execute.h:184)
2 php 0x0020a4c4 execute + 520 (zend_vm_execute.h:87)
3 php 0x001e0630 zend_execute_scripts + 444 (zend.c:
1079)
4 php 0x00195334 php_execute_script + 780 (main.c:1679)
5 php 0x002921ac main + 3684 (php_cli.c:1040)
6 php 0x00002b58 _start + 344 (crt.c:272)
7 php 0x000029fc start + 60
--
Edit bug report at http://bugs.php.net/?id=34818&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=34818&r=trysnapshot4
Try a CVS snapshot (php5.0):
http://bugs.php.net/fix.php?id=34818&r=trysnapshot50
Try a CVS snapshot (php5.1):
http://bugs.php.net/fix.php?id=34818&r=trysnapshot51
Fixed in CVS: http://bugs.php.net/fix.php?id=34818&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=34818&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=34818&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=34818&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=34818&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=34818&r=support
Expected behavior: http://bugs.php.net/fix.php?id=34818&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=34818&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=34818&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=34818&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=34818&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=34818&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=34818&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=34818&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=34818&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=34818&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=34818&r=mysqlcfg
