ID: 44202 Updated by: [EMAIL PROTECTED] Reported By: uwendel at mysql dot com -Status: Open +Status: Closed Bug Type: PDO related Operating System: Linux PHP Version: 5.3CVS-2008-02-21 (CVS) New Comment:
This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2008-02-21 11:07:39] uwendel at mysql dot com Description: ------------ I was trying to force PDO_PGSQL into emulated PS mode to show that not only PDO_MYSQL but also PDO_PGSQL might suffer from an emulated PS parser flaw and found this crash: $pdo = new PDO(...); $stmt = $pdo->prepare('SELECT "?"', array(PDO::ATTR_EMULATE_PREPARES => 1)); $stmt->execute(array("questionmark")); PDO_PGSQL seems to be the only driver but PDO_MYSQL which you can force to use emulated PS. However, PDO_MYSQL and PDO_PGSQL use different approaches for enforcing emulation. PDO_MYSQL uses $pdo->setAttribute(PDO::ATTR_EMULATE_PREPARES, ...) and PDO_PGSQL requires you to use $pdo->prepare(..., array(PDO::ATTR_EMULATE_PREPARES => ...)). So, one uses setAttribute() and the other uses prepare(). As PDO is aimed to be a database access layer abstraction, I wonder if this could be unified. Reproduce code: --------------- [EMAIL PROTECTED]:~/php53> valgrind sapi/cli/php -r '$pdo = new PDO("pgsql:host=localhost port=5432 dbname=phptest user=postgres password="); $stmt = $pdo->prepare("SELECT \"?\"", array(PDO::ATTR_EMULATE_PREPARES => 1)); $stmt->execute(array("questionmark"));' ==10277== Memcheck, a memory error detector. ==10277== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al. ==10277== Using LibVEX rev 1732, a library for dynamic binary translation. ==10277== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP. ==10277== Using valgrind-3.2.3, a dynamic binary instrumentation framework. ==10277== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al. ==10277== For more details, rerun with: -v ==10277== ==10277== Conditional jump or move depends on uninitialised value(s) ==10277== at 0x715D43F: slpmloclfv (in /usr/lib/oracle/10.2.0.3/client64/lib/libclntsh.so.10.1) ==10277== by 0x715D17E: slpmloc (in /usr/lib/oracle/10.2.0.3/client64/lib/libclntsh.so.10.1) ==10277== by 0x715A6A4: lpmloadpkg (in /usr/lib/oracle/10.2.0.3/client64/lib/libclntsh.so.10.1) ==10277== by 0x71404EE: lfvLoadPkg (in /usr/lib/oracle/10.2.0.3/client64/lib/libclntsh.so.10.1) ==10277== by 0x7140179: lfvSetShlMode (in /usr/lib/oracle/10.2.0.3/client64/lib/libclntsh.so.10.1) ==10277== by 0x713FF78: lfvini1 (in /usr/lib/oracle/10.2.0.3/client64/lib/libclntsh.so.10.1) ==10277== by 0x713FC94: lfvinit (in /usr/lib/oracle/10.2.0.3/client64/lib/libclntsh.so.10.1) ==10277== by 0x6D62C29: kpummpin (in /usr/lib/oracle/10.2.0.3/client64/lib/libclntsh.so.10.1) ==10277== by 0x66CC064: kpuenvcr (in /usr/lib/oracle/10.2.0.3/client64/lib/libclntsh.so.10.1) ==10277== by 0x676CE5D: OCIEnvCreate (in /usr/lib/oracle/10.2.0.3/client64/lib/libclntsh.so.10.1) ==10277== by 0x49D857: zm_startup_pdo_oci (pdo_oci.c:96) ==10277== by 0x603A86: zend_startup_module_ex (zend_API.c:1607) ==10277== ==10277== Invalid read of size 4 ==10277== at 0x608EA0: zend_hash_num_elements (zend_hash.c:1014) ==10277== by 0x4A2BF2: pgsql_stmt_param_hook (pgsql_statement.c:254) ==10277== by 0x495C13: dispatch_param_event (pdo_stmt.c:173) ==10277== by 0x49785A: zim_PDOStatement_execute (pdo_stmt.c:494) ==10277== by 0x62C1B3: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:190) ==10277== by 0x61E4DA: execute (zend_vm_execute.h:91) ==10277== by 0x5F1A42: zend_eval_string (zend_execute_API.c:1278) ==10277== by 0x5F1BB7: zend_eval_string_ex (zend_execute_API.c:1311) ==10277== by 0x68A81C: main (php_cli.c:1175) ==10277== Address 0x8 is not stack'd, malloc'd or (recently) free'd ==10277== ==10277== Process terminating with default action of signal 11 (SIGSEGV) ==10277== Access not within mapped region at address 0x8 ==10277== at 0x608EA0: zend_hash_num_elements (zend_hash.c:1014) ==10277== by 0x4A2BF2: pgsql_stmt_param_hook (pgsql_statement.c:254) ==10277== by 0x495C13: dispatch_param_event (pdo_stmt.c:173) ==10277== by 0x49785A: zim_PDOStatement_execute (pdo_stmt.c:494) ==10277== by 0x62C1B3: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:190) ==10277== by 0x61E4DA: execute (zend_vm_execute.h:91) ==10277== by 0x5F1A42: zend_eval_string (zend_execute_API.c:1278) ==10277== by 0x5F1BB7: zend_eval_string_ex (zend_execute_API.c:1311) ==10277== by 0x68A81C: main (php_cli.c:1175) ==10277== ==10277== Invalid free() / delete / delete[] ==10277== at 0x4C2191B: free (in /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so) ==10277== by 0x7D7EB6A: (within /lib64/libc-2.6.1.so) ==10277== by 0x7D7E738: __libc_freeres (in /lib64/libc-2.6.1.so) ==10277== by 0x4A1D354: _vgnU_freeres (in /usr/lib64/valgrind/amd64-linux/vgpreload_core.so) ==10277== by 0x4A2BF2: pgsql_stmt_param_hook (pgsql_statement.c:254) ==10277== by 0x495C13: dispatch_param_event (pdo_stmt.c:173) ==10277== by 0x49785A: zim_PDOStatement_execute (pdo_stmt.c:494) ==10277== by 0x62C1B3: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:190) ==10277== by 0x61E4DA: execute (zend_vm_execute.h:91) ==10277== by 0x5F1A42: zend_eval_string (zend_execute_API.c:1278) ==10277== by 0x5F1BB7: zend_eval_string_ex (zend_execute_API.c:1311) ==10277== by 0x68A81C: main (php_cli.c:1175) ==10277== Address 0x4049978 is not stack'd, malloc'd or (recently) free'd ==10277== ==10277== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 20 from 2) ==10277== malloc/free: in use at exit: 3,103,433 bytes in 10,493 blocks. ==10277== malloc/free: 11,015 allocs, 523 frees, 3,424,549 bytes allocated. ==10277== For counts of detected errors, rerun with: -v ==10277== searching for pointers to 10,493 not-freed blocks. ==10277== checked 4,530,496 bytes. ==10277== ==10277== LEAK SUMMARY: ==10277== definitely lost: 0 bytes in 0 blocks. ==10277== possibly lost: 0 bytes in 0 blocks. ==10277== still reachable: 3,103,433 bytes in 10,493 blocks. ==10277== suppressed: 0 bytes in 0 blocks. ==10277== Rerun with --leak-check=full to see details of leaked memory. Speicherzugriffsfehler Expected result: ---------------- Fix the crash ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=44202&edit=1