php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #37709 valgrind reports invalid reads in PDO::errorCode()
Submitted: 2006-06-06 09:07 UTC Modified: 2006-08-01 15:13 UTC
From: tony2001 at phpclub dot net Assigned: iliaa (profile)
Status: Closed Package: PDO related
PHP Version: 5CVS-2006-06-06 (CVS) OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: tony2001 at phpclub dot net
New email:
PHP Version: OS:

 

 [2006-06-06 09:07 UTC] tony2001 at phpclub dot net 
Description:
------------
==22003== Invalid read of size 1
==22003==    at 0x4906752: strlen (mac_replace_strmem.c:243)
==22003==    by 0x4F776E: zim_PDO_errorCode (pdo_dbh.c:955)
==22003==    by 0x69B845: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:200)
==22003==    by 0x69B072: execute (zend_vm_execute.h:92)
==22003==    by 0x67A634: zend_execute_scripts (zend.c:1100)
==22003==    by 0x632AC0: php_execute_script (main.c:1747)
==22003==    by 0x70130D: main (php_cli.c:1089)
==22003==  Address 0x730A474 is 148 bytes inside a block of size 344 free'd
==22003==    at 0x49055DD: free (vg_replace_malloc.c:235)
==22003==    by 0x697867: zend_objects_store_del_ref_by_handle (zend_objects_API.c:196)
==22003==    by 0x69787D: zend_objects_store_del_ref (zend_objects_API.c:158)
==22003==    by 0x4F7B4F: zim_PDO_query (zend_variables.h:35)
==22003==    by 0x69B845: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:200)
==22003==    by 0x69B072: execute (zend_vm_execute.h:92)
==22003==    by 0x67A634: zend_execute_scripts (zend.c:1100)
==22003==    by 0x632AC0: php_execute_script (main.c:1747)
==22003==    by 0x70130D: main (php_cli.c:1089)

==22003== Invalid read of size 1
==22003==    at 0x4906AF7: memcpy (mac_replace_strmem.c:394)
==22003==    by 0x65D557: zend_strndup (zend_alloc.c:439)
==22003==    by 0x4F7710: zim_PDO_errorCode (pdo_dbh.c:958)
==22003==    by 0x69B845: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:200)
==22003==    by 0x69B072: execute (zend_vm_execute.h:92)
==22003==    by 0x67A634: zend_execute_scripts (zend.c:1100)
==22003==    by 0x632AC0: php_execute_script (main.c:1747)
==22003==    by 0x70130D: main (php_cli.c:1089)
==22003==  Address 0x730A478 is 152 bytes inside a block of size 344 free'd
==22003==    at 0x49055DD: free (vg_replace_malloc.c:235)
==22003==    by 0x697867: zend_objects_store_del_ref_by_handle (zend_objects_API.c:196)
==22003==    by 0x69787D: zend_objects_store_del_ref (zend_objects_API.c:158)
==22003==    by 0x4F7B4F: zim_PDO_query (zend_variables.h:35)
==22003==    by 0x69B845: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:200)
==22003==    by 0x69B072: execute (zend_vm_execute.h:92)
==22003==    by 0x67A634: zend_execute_scripts (zend.c:1100)
==22003==    by 0x632AC0: php_execute_script (main.c:1747)
==22003==    by 0x70130D: main (php_cli.c:1089)

Note that PDO::query() *destroys* statement object as well as statement handle when query fails. So PDO::errorCode() operates on already destroyed statement handle.


Reproduce code:
---------------
See ext/pdo/tests/bug_34687.phpt.
I've reproduced it with sqlite2::memory, but that shouldn't matter.

Expected result:
----------------
No invalid reads?

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-06-07 03:33 UTC] iliaa@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 [2006-06-26 18:49 UTC] tony2001@php.net 
Ilia, unfortunately your patch didn't help and I can still see the same invalid reads. Apparently it's reproducible only using --disable-zend-memory-manager.
 [2006-08-01 15:13 UTC] iliaa@php.net 
I cannot reproduce this problem and the disable-zend-memory-
manager option is no longer available :/
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 15:01:30 2024 UTC