php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #44159 Crash: $pdo->setAttribute(PDO::STATEMENT_ATTR_CLASS, NULL)
Submitted: 2008-02-18 19:33 UTC Modified: 2008-02-19 12:18 UTC
From: uwendel at mysql dot com Assigned:
Status: Closed Package: PDO related
PHP Version: 5.3CVS-2008-02-18 (snap) OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: uwendel at mysql dot com
New email:
PHP Version: OS:

 

 [2008-02-18 19:33 UTC] uwendel at mysql dot com 
Description:
------------
You can make PDO crash by running $pdo->setAttribute(PDO::ATTR_STATEMENT_CLASS, NULL) . 



Reproduce code:
---------------
nixnutz@ulflinux:~/php53> valgrind sapi/cli/php -r '$pdo=new PDO("sqlite:/tmp/foo.db"); var_dump($pdo->setAttribute(PDO::ATTR_STATEMENT_CLASS, NULL));'
==28915== Memcheck, a memory error detector.
==28915== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==28915== Using LibVEX rev 1732, a library for dynamic binary translation.
==28915== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==28915== Using valgrind-3.2.3, a dynamic binary instrumentation framework.
==28915== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==28915== For more details, rerun with: -v
==28915==
==28915== Invalid read of size 1
==28915==    at 0x4924BE: pdo_dbh_attribute_set (pdo_dbh.c:743)
==28915==    by 0x492760: zim_PDO_setAttribute (pdo_dbh.c:826)
==28915==    by 0x628683: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:190)
==28915==    by 0x61A99A: execute (zend_vm_execute.h:91)
==28915==    by 0x5EDFA2: zend_eval_string (zend_execute_API.c:1278)
==28915==    by 0x5EE117: zend_eval_string_ex (zend_execute_API.c:1311)
==28915==    by 0x686CEC: main (php_cli.c:1175)
==28915==  Address 0x14 is not stack'd, malloc'd or (recently) free'd
==28915==
==28915== Process terminating with default action of signal 11 (SIGSEGV)
==28915==  Access not within mapped region at address 0x14
==28915==    at 0x4924BE: pdo_dbh_attribute_set (pdo_dbh.c:743)
==28915==    by 0x492760: zim_PDO_setAttribute (pdo_dbh.c:826)
==28915==    by 0x628683: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:190)
==28915==    by 0x61A99A: execute (zend_vm_execute.h:91)
==28915==    by 0x5EDFA2: zend_eval_string (zend_execute_API.c:1278)
==28915==    by 0x5EE117: zend_eval_string_ex (zend_execute_API.c:1311)
==28915==    by 0x686CEC: main (php_cli.c:1175)
==28915==
==28915== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 2 from 1)
==28915== malloc/free: in use at exit: 2,571,202 bytes in 10,439 blocks.
==28915== malloc/free: 10,879 allocs, 440 frees, 2,888,407 bytes allocated.
==28915== For counts of detected errors, rerun with: -v
==28915== searching for pointers to 10,439 not-freed blocks.
==28915== checked 2,561,864 bytes.
==28915==
==28915== LEAK SUMMARY:
==28915==    definitely lost: 0 bytes in 0 blocks.
==28915==      possibly lost: 0 bytes in 0 blocks.
==28915==    still reachable: 2,571,202 bytes in 10,439 blocks.
==28915==         suppressed: 0 bytes in 0 blocks.
==28915== Rerun with --leak-check=full to see details of leaked memory.
Speicherzugriffsfehler

Expected result:
----------------
No crash. Return false, print warning on wrong argument type

Actual result:
--------------
Crash

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-02-19 12:18 UTC] felipe@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sat Oct 25 06:00:01 2025 UTC