ID: 34818 Updated by: [EMAIL PROTECTED] Reported By: squasar at eternalviper dot net -Status: Assigned +Status: Closed Bug Type: MySQLi related Operating System: * PHP Version: 5.1.0RC1 Assigned To: tony2001 New Comment:
This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2005-10-10 21:24:40] squasar at eternalviper dot net Description: ------------ Calling __construct() on mysqli_stmt with an unset variable as the mysqli_link crashes PHP in mysqli_stmt_construct. Note that this is actually 5.1.0RC2 (CVS tag php_5_1_0RC2_PRE). This may affect other MySQLi functions (?). A possible fix, minus a more informative error message is here, but my instinct says there may be more going on behind this than the check in MYSQLI_FETCH_RESOURCE() since passing a literal NULL or similar instead of an undefined variable gives an error message instead of crashing. Index: ext/mysqli/php_mysqli.h ============================================================ ======= RCS file: /repository/php-src/ext/mysqli/php_mysqli.h,v retrieving revision 1.54 diff -u -r1.54 php_mysqli.h --- ext/mysqli/php_mysqli.h 3 Aug 2005 14:07:31 -0000 1.54 +++ ext/mysqli/php_mysqli.h 10 Oct 2005 19:17:35 -0000 @@ -202,7 +202,12 @@ #define MYSQLI_FETCH_RESOURCE(__ptr, __type, __id, __name) \ { \ MYSQLI_RESOURCE *my_res; \ - mysqli_object *intern = (mysqli_object *) zend_object_store_get_object(*(__id) TSRMLS_CC);\ + mysqli_object *intern = NULL; \ + if (Z_TYPE_PP(__id) != IS_OBJECT) {\ + php_error(E_WARNING, "Object parameter invalid"); \ + RETURN_NULL(); \ + } \ + intern = (mysqli_object *) zend_object_store_get_object(*(__id) TSRMLS_CC);\ if (!(my_res = (MYSQLI_RESOURCE *)intern->ptr)) {\ php_error(E_WARNING, "Couldn't fetch %s", intern->zo.ce->name);\ RETURN_NULL();\ Reproduce code: --------------- <?php $s = new mysqli_stmt( $undefined, "SELECT 1 FROM DUAL" ); ?> Expected result: ---------------- Warning: Object parameter invalid in - on line 1 Actual result: -------------- Bus error Thread 0 Crashed: 0 php 0x000c1bb8 zif_mysqli_stmt_construct + 252 (mysqli.c:675) 1 php 0x0020ab88 zend_do_fcall_common_helper_SPEC + 1560 (zend_vm_execute.h:184) 2 php 0x0020a4c4 execute + 520 (zend_vm_execute.h:87) 3 php 0x001e0630 zend_execute_scripts + 444 (zend.c: 1079) 4 php 0x00195334 php_execute_script + 780 (main.c:1679) 5 php 0x002921ac main + 3684 (php_cli.c:1040) 6 php 0x00002b58 _start + 344 (crt.c:272) 7 php 0x000029fc start + 60 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=34818&edit=1
