php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #38168 PDO Exception Causes PHP Crash
Submitted: 2006-07-20 21:35 UTC Modified: 2006-08-01 16:37 UTC
Votes:4
Avg. Score:4.8 ± 0.4
Reproduced:4 of 4 (100.0%)
Same Version:4 (100.0%)
Same OS:3 (75.0%)
From: php at unfit dot org Assigned:
Status: Closed Package: PDO related
PHP Version: 5.1.4 OS: Gentoo Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: php at unfit dot org
New email:
PHP Version: OS:

 

 [2006-07-20 21:35 UTC] php at unfit dot org 
Description:
------------
Core dump on PDO error.

PDO error code if checked before execute is 'HY093'.

Reproduce code:
---------------
<?php
  //use actual database, user and password where applicable
  $dbh = new PDO('pgsql:host=127.0.0.1;dbname=foo', 'foo', 'foo');

  $query = $dbh->prepare('INSERT INTO table (varA, varB, varC) VALUES ( :varA, :varB, :varC );');

  $query->bindValue(':foo', 'foo');
  $query->bindValue(':varC', 'foo');
  
  $err = $query->errorCode();
  echo "$err\n";

  echo "you will see this.\n"; flush();
  $query->execute();
  
  /*
    CRASH POINT

    You will see only output that has been flushed.

    If running on the command line you will also see something like this:

    *** glibc detected *** malloc(): memory corruption: 0x16987018 ***
    Aborted (core dumped)

  */

  echo "you won't see this.\n"; flush();
?>

Expected result:
----------------
HY093
you will see this.
you won't see this.

Actual result:
--------------
HY093
you will see this.
*** glibc detected *** malloc(): memory corruption: 0x16987018 ***
Aborted (core dumped)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-07-23 07:11 UTC] tony2001@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip
 [2006-07-23 17:42 UTC] php at unfit dot org 
I tried the php version from cvs and it seems to fix the test gave I provided.  However, if I remove '$err = $query->errorCode();' from the test case, it will core dump again, though the execution still appears to complete.
 [2006-07-23 17:43 UTC] php at unfit dot org 
I tried the php version from cvs and it seems to fix the test I provided.  However, if I remove '$err = $query->errorCode();' from the test case, it will core dump again, though the execution still appears to complete.
 [2006-07-24 16:10 UTC] tony2001@php.net 
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.
 [2006-07-24 16:20 UTC] php at unfit dot org 
Wish I could help more, but I just recompiled php with debug enabled and PHP crashes on '$dbh = new PDO(...)'.  I don't see any symbols in the backtrace.  If I have more time later I will play with it some more.
 [2006-07-24 16:40 UTC] tony2001@php.net 
==21175== Invalid write of size 4
==21175==    at 0x80C50D3: pgsql_stmt_param_hook (pgsql_statement.c:305)
==21175==    by 0x80BBD07: dispatch_param_event (pdo_stmt.c:149)
==21175==    by 0x80BC690: zim_PDOStatement_execute (pdo_stmt.c:447)
==21175==    by 0x81B79C1: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:200)
==21175==    by 0x81B7F0D: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:322)
==21175==    by 0x81B75D4: execute (zend_vm_execute.h:92)
==21175==    by 0x819A09A: zend_execute_scripts (zend.c:1095)
==21175==    by 0x8153984: php_execute_script (main.c:1759)
==21175==    by 0x81FEA23: main (php_cli.c:1097)
==21175==  Address 0x4D96418 is 4 bytes after a block of size 4 alloc'd
==21175==    at 0x401C451: malloc (vg_replace_malloc.c:149)
==21175==    by 0x81807AD: _emalloc (zend_alloc.c:1577)
==21175==    by 0x8180A93: _ecalloc (zend_alloc.c:1675)
==21175==    by 0x80C4CE2: pgsql_stmt_param_hook (pgsql_statement.c:249)
==21175==    by 0x80BBD07: dispatch_param_event (pdo_stmt.c:149)
==21175==    by 0x80BC690: zim_PDOStatement_execute (pdo_stmt.c:447)
==21175==    by 0x81B79C1: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:200)
==21175==    by 0x81B7F0D: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:322)
==21175==    by 0x81B75D4: execute (zend_vm_execute.h:92)
==21175==    by 0x819A09A: zend_execute_scripts (zend.c:1095)
==21175==    by 0x8153984: php_execute_script (main.c:1759)
==21175==    by 0x81FEA23: main (php_cli.c:1097)
==21175==
==21175== Invalid write of size 4
==21175==    at 0x80C50F1: pgsql_stmt_param_hook (pgsql_statement.c:306)
==21175==    by 0x80BBD07: dispatch_param_event (pdo_stmt.c:149)
==21175==    by 0x80BC690: zim_PDOStatement_execute (pdo_stmt.c:447)
==21175==    by 0x81B79C1: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:200)
==21175==    by 0x81B7F0D: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:322)
==21175==    by 0x81B75D4: execute (zend_vm_execute.h:92)
==21175==    by 0x819A09A: zend_execute_scripts (zend.c:1095)
==21175==    by 0x8153984: php_execute_script (main.c:1759)
==21175==    by 0x81FEA23: main (php_cli.c:1097)
==21175==  Address 0x4D96450 is 4 bytes after a block of size 4 alloc'd
==21175==    at 0x401C451: malloc (vg_replace_malloc.c:149)
==21175==    by 0x81807AD: _emalloc (zend_alloc.c:1577)
==21175==    by 0x8180A93: _ecalloc (zend_alloc.c:1675)
==21175==    by 0x80C4D12: pgsql_stmt_param_hook (pgsql_statement.c:252)
==21175==    by 0x80BBD07: dispatch_param_event (pdo_stmt.c:149)
==21175==    by 0x80BC690: zim_PDOStatement_execute (pdo_stmt.c:447)
==21175==    by 0x81B79C1: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:200)
==21175==    by 0x81B7F0D: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:322)
==21175==    by 0x81B75D4: execute (zend_vm_execute.h:92)
==21175==    by 0x819A09A: zend_execute_scripts (zend.c:1095)
==21175==    by 0x8153984: php_execute_script (main.c:1759)
==21175==    by 0x81FEA23: main (php_cli.c:1097)
==21175==
==21175== Invalid write of size 4
==21175==    at 0x80C5106: pgsql_stmt_param_hook (pgsql_statement.c:307)
==21175==    by 0x80BBD07: dispatch_param_event (pdo_stmt.c:149)
==21175==    by 0x80BC690: zim_PDOStatement_execute (pdo_stmt.c:447)
==21175==    by 0x81B79C1: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:200)
==21175==    by 0x81B7F0D: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:322)
==21175==    by 0x81B75D4: execute (zend_vm_execute.h:92)
==21175==    by 0x819A09A: zend_execute_scripts (zend.c:1095)
==21175==    by 0x8153984: php_execute_script (main.c:1759)
==21175==    by 0x81FEA23: main (php_cli.c:1097)
==21175==  Address 0x4D96488 is 4 bytes after a block of size 4 alloc'd
==21175==    at 0x401C451: malloc (vg_replace_malloc.c:149)
==21175==    by 0x81807AD: _emalloc (zend_alloc.c:1577)
==21175==    by 0x8180A93: _ecalloc (zend_alloc.c:1675)
==21175==    by 0x80C4D42: pgsql_stmt_param_hook (pgsql_statement.c:255)
==21175==    by 0x80BBD07: dispatch_param_event (pdo_stmt.c:149)
==21175==    by 0x80BC690: zim_PDOStatement_execute (pdo_stmt.c:447)
==21175==    by 0x81B79C1: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:200)
==21175==    by 0x81B7F0D: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:322)
==21175==    by 0x81B75D4: execute (zend_vm_execute.h:92)
==21175==    by 0x819A09A: zend_execute_scripts (zend.c:1095)
==21175==    by 0x8153984: php_execute_script (main.c:1759)
==21175==    by 0x81FEA23: main (php_cli.c:1097)
==21175==
==21175== Invalid write of size 4
==21175==    at 0x80C515F: pgsql_stmt_param_hook (pgsql_statement.c:314)
==21175==    by 0x80BBD07: dispatch_param_event (pdo_stmt.c:149)
==21175==    by 0x80BC690: zim_PDOStatement_execute (pdo_stmt.c:447)
==21175==    by 0x81B79C1: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:200)
==21175==    by 0x81B7F0D: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:322)
==21175==    by 0x81B75D4: execute (zend_vm_execute.h:92)
==21175==    by 0x819A09A: zend_execute_scripts (zend.c:1095)
==21175==    by 0x8153984: php_execute_script (main.c:1759)
==21175==    by 0x81FEA23: main (php_cli.c:1097)
==21175==  Address 0x4D964C0 is 4 bytes after a block of size 4 alloc'd
==21175==    at 0x401C451: malloc (vg_replace_malloc.c:149)
==21175==    by 0x81807AD: _emalloc (zend_alloc.c:1577)
==21175==    by 0x8180A93: _ecalloc (zend_alloc.c:1675)
==21175==    by 0x80C4D72: pgsql_stmt_param_hook (pgsql_statement.c:258)
==21175==    by 0x80BBD07: dispatch_param_event (pdo_stmt.c:149)
==21175==    by 0x80BC690: zim_PDOStatement_execute (pdo_stmt.c:447)
==21175==    by 0x81B79C1: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:200)
==21175==    by 0x81B7F0D: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:322)
==21175==    by 0x81B75D4: execute (zend_vm_execute.h:92)
==21175==    by 0x819A09A: zend_execute_scripts (zend.c:1095)
==21175==    by 0x8153984: php_execute_script (main.c:1759)
==21175==    by 0x81FEA23: main (php_cli.c:1097)
you won't see this.
==21175==
==21175== Invalid free() / delete / delete[]
==21175==    at 0x401CF78: free (vg_replace_malloc.c:235)
==21175==    by 0x4ADF51B: free_mem (in /lib/tls/libc.so.6)
==21175==    by 0x4ADEFA1: __libc_freeres (in /lib/tls/libc.so.6)
==21175==    by 0x401835E: _vgw_freeres (vg_preloaded.c:62)
==21175==    by 0x4A72C43: _Exit (in /lib/tls/libc.so.6)
==21175==    by 0x81FF0FF: main (php_cli.c:1263)
==21175==  Address 0x4C26620 is not stack'd, malloc'd or (recently) free'd
==21175==
==21175== ERROR SUMMARY: 5 errors from 5 contexts (suppressed: 43 from 1)
==21175== malloc/free: in use at exit: 20 bytes in 2 blocks.
==21175== malloc/free: 5,850 allocs, 5,849 frees, 481,868 bytes allocated.
==21175== For counts of detected errors, rerun with: -v
==21175== searching for pointers to 2 not-freed blocks.
==21175== checked 868,748 bytes.
==21175==
==21175==
==21175== 4 bytes in 1 blocks are indirectly lost in loss record 1 of 2
==21175==    at 0x401C451: malloc (vg_replace_malloc.c:149)
==21175==    by 0x81807AD: _emalloc (zend_alloc.c:1577)
==21175==    by 0x8180B47: _estrndup (zend_alloc.c:1701)
==21175==    by 0x81983A7: _zval_copy_ctor_func (zend_variables.c:120)
==21175==    by 0x81FB0E0: _zval_copy_ctor (zend_variables.h:45)
==21175==    by 0x81BAC38: ZEND_SEND_VAL_SPEC_CONST_HANDLER (zend_vm_execute.h:1771)
==21175==    by 0x81B75D4: execute (zend_vm_execute.h:92)
==21175==    by 0x819A09A: zend_execute_scripts (zend.c:1095)
==21175==    by 0x8153984: php_execute_script (main.c:1759)
==21175==    by 0x81FEA23: main (php_cli.c:1097)
==21175==
==21175==
==21175== 20 (16 direct, 4 indirect) bytes in 1 blocks are definitely lost in loss record 2 of 2
==21175==    at 0x401C451: malloc (vg_replace_malloc.c:149)
==21175==    by 0x81807AD: _emalloc (zend_alloc.c:1577)
==21175==    by 0x81BABF0: ZEND_SEND_VAL_SPEC_CONST_HANDLER (zend_vm_execute.h:1768)
==21175==    by 0x81B75D4: execute (zend_vm_execute.h:92)
==21175==    by 0x819A09A: zend_execute_scripts (zend.c:1095)
==21175==    by 0x8153984: php_execute_script (main.c:1759)
==21175==    by 0x81FEA23: main (php_cli.c:1097)
==21175==
==21175== LEAK SUMMARY:
==21175==    definitely lost: 16 bytes in 1 blocks.
==21175==    indirectly lost: 4 bytes in 1 blocks.
==21175==      possibly lost: 0 bytes in 0 blocks.
==21175==    still reachable: 0 bytes in 0 blocks.
==21175==         suppressed: 0 bytes in 0 blocks.
 [2006-08-01 16:37 UTC] iliaa@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 12:01:29 2024 UTC