PHP :: Bug #36318 :: Core Dump when using bindParam with PDO

Bug #36318

Core Dump when using bindParam with PDO_OCI

Submitted:

2006-02-07 13:18 UTC

Modified:

2016-03-08 01:35 UTC

Votes:	12
Avg. Score:	5.0 ± 0.0
Reproduced:	5 of 5 (100.0%)
Same Version:	5 (100.0%)
Same OS:	3 (60.0%)

From:

bernhard dot hari at multisports dot ch

Assigned:

wez (profile)

Status:

Closed

Package:

PDO OCI

PHP Version:

5.1.2

OS:

RedHat Linux Enterprise 4 Upd 2

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	bernhard dot hari at multisports dot ch
New email:
PHP Version:		OS:

New Comment:

[2006-02-07 13:18 UTC] bernhard dot hari at multisports dot ch

Description:
------------
When using a named parameters array, PDO_OCI crashes.
--> using bindParam() = crash
--> using bindValue() = works (also with 5.1.2)

The following code works fine in 5.1.0. But fails with 5.1.1, 5.1.2 and the snapshot php5.1-200602070530.

This Bug is similar to #35671.

System:
RedHat Enterprise Linux 4 Update 2.
Oracle 10gr2 (10.2.0.1) with Patch 4516865
(Patch solves wrong permissions after installation.)
Same compile options, configuration and environment for all tested PHP Versions.

Reproduce code:
---------------
$database = new PDO('oci:','scott','tiger');
$database->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);

$query = "select machine from v\$session where osuser = :username";
$statement = $database->prepare($query);
$username = 'harb';

//$statement->bindValue(':username', $username);
$statement->bindParam(':username', $username);
//$statement->bindParam(':username', $username, PDO::PARAM_STR|PDO::PARAM_INPUT_OUTPUT);

$result = $statement->execute();
if($result == true) {
   $rows = $statement->fetchAll(PDO::FETCH_NUM);
   print_r($rows);
} else {
   print_r($statement->errorInfo());
}

Expected result:
----------------
The (local) machine hostname.

e.g.
Array
(
    [0] => Array
        (
            [0] => mdsl03
        )

)

Actual result:
--------------
[harb@mdsl03 dataAccessComponent]$ /opt/php5.1.0/bin/php Test.php
Array
(
    [0] => Array
        (
            [0] => mdsl03
        )
)
[harb@mdsl03 dataAccessComponent]$ php Test.php
Segmentation fault (core dumped)
[harb@mdsl03 dataAccessComponent]$ php --version
PHP 5.1.2 (cli) (built: Jan 26 2006 08:55:32)
Copyright (c) 1997-2006 The PHP Group
Zend Engine v2.1.0, Copyright (c) 1998-2006 Zend Technologies

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-02-07 13:26 UTC] tony2001@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5.1-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.1-win32-latest.zip

[2006-02-07 13:55 UTC] bernhard dot hari at multisports dot ch

Version: php5.1-200602071130
[harb@mdsl03 dataAccessComponent]$ /opt/php5.1-latest/bin/php Test.class.php
Segmentation fault (core dumped)
[harb@mdsl03 dataAccessComponent]$ /opt/php5.1-latest/bin/php --version
PHP 5.1.3-dev (cli) (built: Feb  7 2006 12:40:50)
Copyright (c) 1997-2006 The PHP Group
Zend Engine v2.1.0, Copyright (c) 1998-2006 Zend Technologies

[2006-02-07 14:49 UTC] tony2001@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

[2006-02-07 16:37 UTC] bernhard dot hari at multisports dot ch

GNU DDD 3.3.9 (i386-redhat-linux-gnu), by Dorothea L?tkehaus and Andreas Zeller.
Copyright ? 1995-1999 Technische Universit?t Braunschweig, Germany.
Copyright ? 1999-2001 Universit?t Passau, Germany.
Copyright ? 2001 Universit?t des Saarlandes, Germany.
Copyright ? 2001-2004 Free Software Foundation, Inc.
(gdb) file /opt/php5.1-latest/bin/php
Using host libthread_db library "/lib/tls/libthread_db.so.1".
(gdb) run Test.php
[Thread debugging using libthread_db enabled]
[New Thread -1208076608 (LWP 17847)]
Detaching after fork from child process 17850.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1208076608 (LWP 17847)]
oci_bind_input_cb (ctx=0xbfffc9c0, bindp=0x865d474, iter=0, index=0, bufpp=0x865d4f4, alenp=0x865d56c, piecep=0xbfff7a28 "\a", indpp=0xbfff7a28) at /home/harb/download/php/php5.1-200602071130/ext/pdo_oci/oci_statement.c:177
/data/download/php/php5.1-200602071130/ext/pdo_oci/oci_statement.c:177:5163:beg:0x814a441

static sb4 oci_bind_input_cb(dvoid *ctx, OCIBind *bindp, ub4 iter, ub4 index, dvoid **bufpp, ub4 *alenp, ub1 *piecep, dvoid **indpp) /* {{{ */
{
        struct pdo_bound_param_data *param = (struct pdo_bound_param_data*)ctx;
        pdo_oci_bound_param *P = (pdo_oci_bound_param*)param->driver_data;
        TSRMLS_FETCH();
    
        if (!param || !param->parameter) {
                php_error_docref(NULL TSRMLS_CC, E_WARNING, "param is NULL in oci_bind_input_cb; this should not happen");
                return OCI_ERROR;
        }
        
        *indpp = &P->indicator;
    
==>fail if (P->thing) {
                *bufpp = P->thing;
                *alenp = sizeof(void*);
        } else if (ZVAL_IS_NULL(param->parameter)) {
                /* insert a NULL value into the column */
                P->indicator = -1; /* NULL */
                *bufpp = 0;
                *alenp = -1;
        } else if (!P->thing) {
                /* regular string bind */
                convert_to_string(param->parameter);
                *bufpp = Z_STRVAL_P(param->parameter);
                *alenp = Z_STRLEN_P(param->parameter);
        }
    
        *piecep = OCI_ONE_PIECE;
        return OCI_CONTINUE;
} /* }}} */

backtrace:
#0  oci_bind_input_cb (ctx=0xbfffc9c0, bindp=0x865d474, iter=0, index=0, bufpp=0x865d4f4, alenp=0x865d56c, piecep=0xbfff7a28 "\a", indpp=0xbfff7a28) at /home/harb/download/php/php5.1-200602071130/ext/pdo_oci/oci_statement.c:177
#1  0x012fa126 in ttcGetSendInfo () from /opt/oracle/10gr2/lib/libclntsh.so.10.1
#2  0x012faf44 in ttcacs () from /opt/oracle/10gr2/lib/libclntsh.so.10.1
#3  0x01288d4a in ttcdrv () from /opt/oracle/10gr2/lib/libclntsh.so.10.1
#4  0x0117eec1 in nioqwa () from /opt/oracle/10gr2/lib/libclntsh.so.10.1
#5  0x00fe32d7 in upirtrc () from /opt/oracle/10gr2/lib/libclntsh.so.10.1
#6  0x00f58f76 in kpurcsc () from /opt/oracle/10gr2/lib/libclntsh.so.10.1
#7  0x00f0e5bb in kpuexecv8 () from /opt/oracle/10gr2/lib/libclntsh.so.10.1
#8  0x00f1094a in kpuexec () from /opt/oracle/10gr2/lib/libclntsh.so.10.1
#9  0x00fe7e42 in OCIStmtExecute () from /opt/oracle/10gr2/lib/libclntsh.so.10.1
#10 0x0814a268 in oci_stmt_execute (stmt=0x1) at /home/harb/download/php/php5.1-200602071130/ext/pdo_oci/oci_statement.c:140
#11 0x08142895 in zif_PDOStatement_execute (ht=0, return_value=0x8674e14, return_value_ptr=0x0, this_ptr=0x8655a84, return_value_used=1) at /home/harb/download/php/php5.1-200602071130/ext/pdo/pdo_stmt.c:424
#12 0x082a5f49 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfffcd70) at /home/harb/download/php/php5.1-200602071130/Zend/zend_vm_execute.h:192
#13 0x082a5901 in execute (op_array=0x86509fc) at /home/harb/download/php/php5.1-200602071130/Zend/zend_vm_execute.h:92
#14 0x0828be02 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/harb/download/php/php5.1-200602071130/Zend/zend.c:1101
#15 0x082532b0 in php_execute_script (primary_file=0xbffff270) at /home/harb/download/php/php5.1-200602071130/main/main.c:1719
#16 0x082f6982 in main (argc=2, argv=0xbffff344) at /home/harb/download/php/php5.1-200602071130/sapi/cli/php_cli.c:1090

[2006-02-17 10:50 UTC] developit at mail dot ru

Multiple bindValue()'s also crash.. Recently bound value seems to get propogated to all variables of the statement.

$query = 
 'INSERT INTO SMTH("FIELDA", "FIELDB", "FIELDC")
         VALUES (?, ?, ?)';
$stmt = $DBH->prepare($query);
$stmt->bindValue(1, 'a');
$stmt->bindValue(2, 'b');
$stmt->bindValue(3, 'c');
$stmt->execute();
$stmt = null;

Here ['c','c','c'] row is inserted instead of ['a','b','c'].. The same happens when I use named placeholders. And the same again when I pass values as execute() array parameter.

Very similar to bug #35671.

PHP version: 5.1.2
Oracle version: 10.1
OS: Linux

[2006-04-09 07:49 UTC] wez@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5.1-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.1-win32-latest.zip

[2006-04-11 09:17 UTC] bernhard dot hari at multisports dot ch

Bug solved. 
Thanks a lot.

[2016-03-08 01:35 UTC] sixd@php.net

-Package: PDO related +Package: PDO OCI

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Oct 25 14:00:01 2025 UTC