#35604 [Fbk->Opn]: PDO crash
ID: 35604 User updated by: smlerman at gmail dot com Reported By: smlerman at gmail dot com -Status: Feedback +Status: Open Bug Type: PDO related Operating System: Linux PHP Version: 5CVS-2005-12-09 (snap) Assigned To: wez New Comment: Still get a segmentation fault with the 2005-12-22-1330 snapshot. Previous Comments: [2005-12-22 14:50:40] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5.1-latest.tar.gz For Windows: http://snaps.php.net/win32/php5.1-win32-latest.zip [2005-12-12 14:40:52] smlerman at gmail dot com # awk --version GNU Awk 3.1.3 Copyright (C) 1989, 1991-2003 Free Software Foundation. [2005-12-12 14:26:47] [EMAIL PROTECTED] ==19435== Invalid write of size 4 ==19435==at 0x80B5654: pgsql_stmt_param_hook (pgsql_statement.c:278) ==19435==by 0x80AD15B: dispatch_param_event (pdo_stmt.c:149) ==19435==by 0x80AD9F7: zif_PDOStatement_execute (pdo_stmt.c:422) ==19435==by 0x81A5B6C: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:192) ==19435==by 0x81A6064: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:314) ==19435==by 0x81A5832: execute (zend_vm_execute.h:92) ==19435==by 0x818A69D: zend_execute_scripts (zend.c:1101) ==19435==by 0x8149B57: php_execute_script (main.c:1720) ==19435==by 0x81EA7A1: main (php_cli.c:1077) ==19435== Address 0x1BD907B8 is 0 bytes after a block of size 8 alloc'd ==19435==at 0x1B901B95: calloc (vg_replace_malloc.c:279) ==19435==by 0x80B52AD: pgsql_stmt_param_hook (pgsql_statement.c:222) ==19435==by 0x80AD15B: dispatch_param_event (pdo_stmt.c:149) ==19435==by 0x80AD9F7: zif_PDOStatement_execute (pdo_stmt.c:422) ==19435==by 0x81A5B6C: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:192) ==19435==by 0x81A6064: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:314) ==19435==by 0x81A5832: execute (zend_vm_execute.h:92) ==19435==by 0x818A69D: zend_execute_scripts (zend.c:1101) ==19435==by 0x8149B57: php_execute_script (main.c:1720) ==19435==by 0x81EA7A1: main (php_cli.c:1077) ==19435== ==19435== Invalid write of size 4 ==19435==at 0x80B5672: pgsql_stmt_param_hook (pgsql_statement.c:279) ==19435==by 0x80AD15B: dispatch_param_event (pdo_stmt.c:149) ==19435==by 0x80AD9F7: zif_PDOStatement_execute (pdo_stmt.c:422) ==19435==by 0x81A5B6C: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:192) ==19435==by 0x81A6064: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:314) ==19435==by 0x81A5832: execute (zend_vm_execute.h:92) ==19435==by 0x818A69D: zend_execute_scripts (zend.c:1101) ==19435==by 0x8149B57: php_execute_script (main.c:1720) ==19435==by 0x81EA7A1: main (php_cli.c:1077) ==19435== Address 0x1BD907F0 is 0 bytes after a block of size 8 alloc'd ==19435==at 0x1B901B95: calloc (vg_replace_malloc.c:279) ==19435==by 0x80B52CF: pgsql_stmt_param_hook (pgsql_statement.c:225) ==19435==by 0x80AD15B: dispatch_param_event (pdo_stmt.c:149) ==19435==by 0x80AD9F7: zif_PDOStatement_execute (pdo_stmt.c:422) ==19435==by 0x81A5B6C: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:192) ==19435==by 0x81A6064: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:314) ==19435==by 0x81A5832: execute (zend_vm_execute.h:92) ==19435==by 0x818A69D: zend_execute_scripts (zend.c:1101) ==19435==by 0x8149B57: php_execute_script (main.c:1720) ==19435==by 0x81EA7A1: main (php_cli.c:1077) ==19435== ==19435== Invalid write of size 4 ==19435==at 0x80B5687: pgsql_stmt_param_hook (pgsql_statement.c:280) ==19435==by 0x80AD15B: dispatch_param_event (pdo_stmt.c:149) ==19435==by 0x80AD9F7: zif_PDOStatement_execute (pdo_stmt.c:422) ==19435==by 0x81A5B6C: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:192) ==19435==by 0x81A6064: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:314) ==19435==by 0x81A5832: execute (zend_vm_execute.h:92) ==19435==by 0x818A69D: zend_execute_scripts (zend.c:1101) ==19435==by 0x8149B57: php_execute_script (main.c:1720) ==19435==by 0x81EA7A1: main (php_cli.c:1077) ==19435== Address 0x1BD90828 is 0 bytes after a block of size 8 alloc'd ==19435==at 0x1B901B95: calloc (vg_replace_malloc.c:279) ==19435==by 0x80B52F1: pgsql_stmt_param_hook (pgsql_statement.c:228) ==19435==by 0x80AD15B: dispatch_param_event (pdo_stmt.c:149) ==19435==by 0x80AD9F7: zif_PDOStatement_execute (pdo_stmt.c:422) ==19435==by 0x81A5B6C: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:192) ==19435==by 0x81A6064: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:314) ==19435==by 0x81A5832: execute (zend_vm_execute.h:92) ==19435==by 0x818A69D:
#35604 [Fbk->Opn]: PDO crash
ID: 35604 User updated by: smlerman at gmail dot com Reported By: smlerman at gmail dot com -Status: Feedback +Status: Open Bug Type: PDO related Operating System: Linux PHP Version: 5CVS-2005-12-09 (snap) New Comment: ./configure --prefix=/usr/local/php5 --with-pgsql=/usr/local/pgsql/ --with-mysql=/usr/local/mysql/ --with-pdo --with-pdo-pgsql --with-pdo-mysql --with-gd --with-jpeg-dir=/usr/local/lib --with-zlib-dir=/usr/local/zlib --with-png-dir=/usr/local/libpng --with-apxs2=/usr/local/apache/bin/apxs --enable-debug Previous Comments: [2005-12-12 10:30:15] [EMAIL PROTECTED] What was the configure line you used? [2005-12-09 22:56:35] smlerman at gmail dot com Here's the backtrace. (gdb) bt #0 0x00556716 in free () from /lib/tls/libc.so.6 #1 0x082184cd in shutdown_memory_manager (silent=0, full_shutdown=0) at /root/php/php5.1-200512091530/Zend/zend_alloc.c:512 #2 0x081f903f in php_request_shutdown (dummy=0x0) at /root/php/php5.1-200512091530/main/main.c:1303 #3 0x08280e1f in main (argc=2, argv=0xbfe192e4) at /root/php/php5.1-200512091530/sapi/cli/php_cli.c:1142 (gdb) [2005-12-09 18:03:45] [EMAIL PROTECTED] Thank you for this bug report. To properly diagnose the problem, we need a backtrace to see what is happening behind the scenes. To find out how to generate a backtrace, please read http://bugs.php.net/bugs-generating-backtrace.php for *NIX and http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32 Once you have generated a backtrace, please submit it to this bug report and change the status back to "Open". Thank you for helping us make PHP better. [2005-12-09 17:53:52] smlerman at gmail dot com Tried the same code on my Linux box at home (Fedora Core 2, first test server I believe is Fedora 4), and it just gives a segmentation fault instead. Tried the php5.1-200512091530 snapshot, and I get the same results. [2005-12-08 19:16:57] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5.1-latest.tar.gz For Windows: http://snaps.php.net/win32/php5.1-win32-latest.zip The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/35604 -- Edit this bug report at http://bugs.php.net/?id=35604&edit=1
#35604 [Fbk->Opn]: PDO crash
ID: 35604 User updated by: smlerman at gmail dot com Reported By: smlerman at gmail dot com -Status: Feedback +Status: Open Bug Type: PDO related Operating System: Linux PHP Version: 5.1.1 New Comment: Here's the backtrace. (gdb) bt #0 0x00556716 in free () from /lib/tls/libc.so.6 #1 0x082184cd in shutdown_memory_manager (silent=0, full_shutdown=0) at /root/php/php5.1-200512091530/Zend/zend_alloc.c:512 #2 0x081f903f in php_request_shutdown (dummy=0x0) at /root/php/php5.1-200512091530/main/main.c:1303 #3 0x08280e1f in main (argc=2, argv=0xbfe192e4) at /root/php/php5.1-200512091530/sapi/cli/php_cli.c:1142 (gdb) Previous Comments: [2005-12-09 18:03:45] [EMAIL PROTECTED] Thank you for this bug report. To properly diagnose the problem, we need a backtrace to see what is happening behind the scenes. To find out how to generate a backtrace, please read http://bugs.php.net/bugs-generating-backtrace.php for *NIX and http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32 Once you have generated a backtrace, please submit it to this bug report and change the status back to "Open". Thank you for helping us make PHP better. [2005-12-09 17:53:52] smlerman at gmail dot com Tried the same code on my Linux box at home (Fedora Core 2, first test server I believe is Fedora 4), and it just gives a segmentation fault instead. Tried the php5.1-200512091530 snapshot, and I get the same results. [2005-12-08 19:16:57] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5.1-latest.tar.gz For Windows: http://snaps.php.net/win32/php5.1-win32-latest.zip [2005-12-08 19:08:57] smlerman at gmail dot com Description: PHP crashes on the following code. Changing the second named marker from :foo1 to :foo2 fixes the crash, which made me think it had to do with duplicate names. However, removing the where clause (leaving both name markers :foo1) also eliminates the crash, though the statement gets an error code of "HY093" (no full message). Reproduce code: --- prepare("UPDATE test SET foo1 = :foo1, foo2 = :foo1 WHERE foo1 = :id"); $stmt->bindParam(':foo1', $foo1); $stmt->bindParam(':foo2', $foo2); $stmt->bindParam(':id', $id); $foo1 = "foo"; $foo2 = "foo"; $id = "foo"; var_dump($stmt->errorInfo()); $stmt->execute(); ?> Expected result: An error message of some kind if duplicate names aren't allowed, but certainly not a memory dump. Actual result: -- *** glibc detected *** php: free(): invalid next size (fast): 0x09980018 *** Followed by a backtrace and memory dump -- Edit this bug report at http://bugs.php.net/?id=35604&edit=1
#35604 [Fbk->Opn]: PDO crash
ID: 35604 User updated by: smlerman at gmail dot com Reported By: smlerman at gmail dot com -Status: Feedback +Status: Open Bug Type: PDO related Operating System: Linux PHP Version: 5.1.1 New Comment: Tried the same code on my Linux box at home (Fedora Core 2, first test server I believe is Fedora 4), and it just gives a segmentation fault instead. Tried the php5.1-200512091530 snapshot, and I get the same results. Previous Comments: [2005-12-08 19:16:57] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5.1-latest.tar.gz For Windows: http://snaps.php.net/win32/php5.1-win32-latest.zip [2005-12-08 19:08:57] smlerman at gmail dot com Description: PHP crashes on the following code. Changing the second named marker from :foo1 to :foo2 fixes the crash, which made me think it had to do with duplicate names. However, removing the where clause (leaving both name markers :foo1) also eliminates the crash, though the statement gets an error code of "HY093" (no full message). Reproduce code: --- prepare("UPDATE test SET foo1 = :foo1, foo2 = :foo1 WHERE foo1 = :id"); $stmt->bindParam(':foo1', $foo1); $stmt->bindParam(':foo2', $foo2); $stmt->bindParam(':id', $id); $foo1 = "foo"; $foo2 = "foo"; $id = "foo"; var_dump($stmt->errorInfo()); $stmt->execute(); ?> Expected result: An error message of some kind if duplicate names aren't allowed, but certainly not a memory dump. Actual result: -- *** glibc detected *** php: free(): invalid next size (fast): 0x09980018 *** Followed by a backtrace and memory dump -- Edit this bug report at http://bugs.php.net/?id=35604&edit=1