|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2021-02-05 12:56 UTC] php at attrib dot org
Description:
------------
Disabling ATTR_EMULATE_PREPARES produces a segmentation fault when using MySQL 8.0.
See test script.
Test setup:
Running a docker container for mysql (
docker run --rm -it -e MYSQL_ROOT_PASSWORD="test" -e MYSQL_DATABASE="systemA" mysql:8)
With a empty test table (at least id, updated field)
Running the script in a second container using php:7.4.15-cli or php:8.0.2-cli docker image for PHP and running "docker-php-ext-install mysqli pdo_mysql".
Then call the script and the SegFault happens.
gbd output:
(gdb) run mysql.php
Starting program: /usr/local/bin/php mysql.php
warning: Error disabling address space randomization: Operation not permitted
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
0x0000555a8da07eb8 in ?? ()
(gdb) bt
#0 0x0000555a8da07eb8 in ?? ()
#1 0x0000555a8da04429 in ?? ()
#2 0x0000555a8da0e4ff in ?? ()
#3 0x00007f0d5b3f91cc in mysql_handle_preparer ()
from /usr/local/lib/php/extensions/no-debug-non-zts-20190902/pdo_mysql.so
#4 0x0000555a8d8f38b5 in ?? ()
#5 0x00007f0d5b6514a5 in xdebug_execute_internal (current_execute_data=0x7f0d5b413160,
return_value=0x7f0d5b4130d0) at /tmp/pear/temp/xdebug/src/base/base.c:921
#6 0x0000555a8daf853c in execute_ex ()
#7 0x00007f0d5b650ae1 in xdebug_execute_ex (execute_data=0x7f0d5b413020)
at /tmp/pear/temp/xdebug/src/base/base.c:803
#8 0x0000555a8daf9073 in zend_execute ()
#9 0x0000555a8da731a3 in zend_execute_scripts ()
#10 0x0000555a8da12dd0 in php_execute_script ()
#11 0x0000555a8dafb156 in ?? ()
#12 0x0000555a8d7acb4b in ?? ()
#13 0x00007f0d5e4b909b in __libc_start_main (main=0x555a8d7ac700, argc=2, argv=0x7ffeedecde78,
init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffeedecde68)
at ../csu/libc-start.c:308
#14 0x0000555a8d7ad28a in _start ()
(gdb)
Test script:
---------------
<?php
$pdo = new PDO(sprintf('mysql:dbname=%s;host=%s;charset=utf8', 'systemA', '172.17.0.4:3306'), 'root', 'test', [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_TIMEOUT => 30,
PDO::ATTR_EMULATE_PREPARES => false,
]);
$resultAssoc = $pdo->prepare("SELECT * FROM test WHERE :field >= :date ORDER BY :orderBy DESC LIMIT :offset, :limit");
$resultAssoc->execute([
'field' => 'updated',
'date' => (new DateTime('2020-02-01'))->format('Y-m-d H:i:s'),
'orderBy' => 'id',
'limit' => 1000,
'offset' => 0,
]);
var_dump($resultAssoc->fetchAll(PDO::FETCH_ASSOC));
Expected result:
----------------
Empty array if nothing is in the DB.
Actual result:
--------------
Segmentation fault (core dumped)
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu Nov 21 10:01:29 2024 UTC |
A bit reduced: $pdo = new PDO($dsn, 'root', '', [ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_EMULATE_PREPARES => false, ]); //$pdo->exec('CREATE TABLE test(updated DATE)'); $stmt = $pdo->prepare("SELECT * FROM test ORDER BY :orderBy DESC"); $stmt->execute(['orderBy' => 'updated']); var_dump($stmt->fetchAll(PDO::FETCH_ASSOC)); So, obviously the query is invalid (you're trying to prepare an identifier, not a value) and should fail. This looks like a bug on the MySQL server side, because the server responds with COM_STMT_PREPARE_OK with num_columns=1 and num_params=1, but then directly follows with an EOF in the parameter definition block. The following column definition block is correct.