Edit report at https://bugs.php.net/bug.php?id=53280&edit=1
ID: 53280
Updated by: mar...@php.net
Reported by: popescu_dumitru at yahoo dot com
Summary: PDO_Firebird segfaults query column count less than
param count
-Status: Assigned
+Status: Closed
Type: Bug
Package: PDO related
Operating System: Fedora 13
PHP Version: 5.3.3
Assigned To: mariuz
Block user comment: N
Private report: N
Previous Comments:
------------------------------------------------------------------------
[2011-12-28 19:58:13] mar...@php.net
Automatic comment from SVN on behalf of mariuz
Revision: http://svn.php.net/viewvc/?view=revision&revision=321487
Log: Fixed PDO_Firebird: bug 53280 segfaults if query column count is less
than param count
------------------------------------------------------------------------
[2011-12-28 18:52:14] mar...@php.net
Automatic comment from SVN on behalf of mariuz
Revision: http://svn.php.net/viewvc/?view=revision&revision=321484
Log: Added test case for PDO_Firebird: bug 53280 segfaults if query column
count is less than param count
------------------------------------------------------------------------
[2010-11-09 17:03:33] popescu_dumitru at yahoo dot com
Description:
------------
PDO_Firebird segfaults if query column count is less than param count
Test script:
---------------
<?php
/*
CREATE TABLE test(A VARCHAR(30), B VARCHAR(30), C VARCHAR(30));
INSERT INTO test VALUES ('A', 'B', 'C');
*/
$dbh = new PDO("firebird:dbname=localhost:/tmp/test.gdb", "SYSDBA",
"masterkey");
$stmt1 = "SELECT B FROM test WHERE A = ? AND B = ?";
$stmt2 = "SELECT B, C FROM test WHERE A = ? AND B = ?";
$stmth2 = $dbh->prepare($stmt2);
$stmth2->execute(array('A', 'B'));
$rows = $stmth2->fetchAll(); // <------ OK
var_dump($rows);
$stmth1 = $dbh->prepare($stmt1);
$stmth1->execute(array('A', 'B'));
$rows = $stmth1->fetchAll(); // <------- segfault
var_dump($rows);
?>
Expected result:
----------------
array(1) {
[0]=>
array(4) {
["B"]=>
string(1) "B"
[0]=>
string(1) "B"
["C"]=>
string(1) "C"
[1]=>
string(1) "C"
}
}
array(1) {
[0]=>
array(2) {
["B"]=>
string(1) "B"
[0]=>
string(1) "B"
}
}
Actual result:
--------------
(gdb) bt
#0 0x008b8b76 in firebird_stmt_get_col (stmt=0x88e7b48, colno=1,
ptr=0xbfffcee8, len=0xbfffcee4,
caller_frees=0xbfffcee0) at
/root/src/php-5.3.3/ext/pdo_firebird/firebird_statement.c:273
#1 0x008b9c64 in firebird_stmt_param_hook (stmt=0x88e7b48, param=0x88e872c,
event_type=PDO_PARAM_EVT_FETCH_POST)
at /root/src/php-5.3.3/ext/pdo_firebird/firebird_statement.c:556
#2 0x081d39d5 in dispatch_param_event (stmt=0x88e7b48,
event_type=PDO_PARAM_EVT_FETCH_POST)
at /root/src/php-5.3.3/ext/pdo/pdo_stmt.c:184
#3 0x081d554a in do_fetch_common (stmt=0x88e7b48, ori=PDO_FETCH_ORI_NEXT,
offset=0, do_bind=1)
at /root/src/php-5.3.3/ext/pdo/pdo_stmt.c:703
#4 0x081d5b5e in do_fetch (stmt=0x88e7b48, do_bind=1, return_value=0x88e8304,
how=PDO_FETCH_BOTH,
ori=PDO_FETCH_ORI_NEXT, offset=0, return_all=0x0) at
/root/src/php-5.3.3/ext/pdo/pdo_stmt.c:861
#5 0x081d7972 in zim_PDOStatement_fetchAll (ht=0, return_value=0x88e83c4,
return_value_ptr=0x0,
this_ptr=0x88e798c, return_value_used=1) at
/root/src/php-5.3.3/ext/pdo/pdo_stmt.c:1543
#6 0x08421390 in zend_do_fcall_common_helper_SPEC (execute_data=0x89161b0)
at /root/src/php-5.3.3/Zend/zend_vm_execute.h:316
#7 0x0842194a in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x89161b0)
at /root/src/php-5.3.3/Zend/zend_vm_execute.h:421
#8 0x08420a2d in execute (op_array=0x88e4d7c) at
/root/src/php-5.3.3/Zend/zend_vm_execute.h:107
#9 0x083f4260 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at /root/src/php-5.3.3/Zend/zend.c:1194
#10 0x0838c746 in php_execute_script (primary_file=0xbffff4dc) at
/root/src/php-5.3.3/main/main.c:2260
#11 0x084b6eef in main (argc=2, argv=0xbffff654) at
/root/src/php-5.3.3/sapi/cli/php_cli.c:1192
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=53280&edit=1
