php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #56642 invalid bindParam causes segfault
Submitted: 2005-11-12 15:27 UTC Modified: 2005-11-16 01:32 UTC
From: curt@php.net Assigned: wez (profile)
Status: Closed Package: PDO (PECL)
PHP Version: 5_1 CVS-2005-11-12 (dev) OS: *
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: curt@php.net
New email:
PHP Version: OS:

 

 [2005-11-12 15:27 UTC] curt@php.net
Description:
------------
When binding a parameter that doesn't exist, pdo_stmt still keeps the param in the hash table of params, even though the driver said it was invalid.

Reproduce code:
---------------
example (same as below):
http://zirzow.dyndns.org/patches/pdo_stmt.c.bindParam.phps

patch:
http://zirzow.dyndns.org/patches/pdo_stmt.c.bindParam.patch

<?php

try {
    $dbh = new PDO('mysql:host=localhost;dbname=test', '', '');
    $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

    $dbh->exec('create table foo ( bar char(3) NULL )');

    $sql = "select bar from foo where bar = ':p'";
    $stmt = $dbh->prepare($sql);

    $p = 'foo';
    $stmt->bindParam(':p', $p) or print_r($stmt->errorInfo());
    $stmt->execute();
    $stmt = null;
}
catch (PDOException $e) {
    echo $e, "\n";
}

if($dbh) $dbh->exec('drop table IF EXISTS foo');


Expected result:
----------------
Array
(
    [0] => HY093
)
no segfault

Actual result:
--------------
Starting program: /usr/home/curt/cvs/php/php51/sapi/cli/php match.php
Array
(
    [0] => HY093
)

Program received signal SIGSEGV, Segmentation fault.
pdo_mysql_stmt_param_hook (stmt=0x855bc0c, param=0x855d34c, event_type=PDO_PARAM_EVT_ALLOC)
    at /usr/home/curt/cvs/php/php51/ext/pdo_mysql/mysql_statement.c:314
314                                     *b->is_null = 0;

(gdb) bt
#0  pdo_mysql_stmt_param_hook (stmt=0x855bc0c, param=0x855d34c, event_type=PDO_PARAM_EVT_ALLOC)
    at /usr/home/curt/cvs/php/php51/ext/pdo_mysql/mysql_statement.c:314
#1  0x080dc76c in dispatch_param_event (stmt=0x855bc0c, event_type=PDO_PARAM_EVT_EXEC_PRE)
    at /usr/home/curt/cvs/php/php51/ext/pdo/pdo_stmt.c:149
#2  0x080dce9c in zif_PDOStatement_execute (ht=0, return_value=0x856afac, return_value_ptr=0x0, 
    this_ptr=0x856ae4c, return_value_used=0) at /usr/home/curt/cvs/php/php51/ext/pdo/pdo_stmt.c:410
#3  0x0821c565 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfbfcf70)
    at zend_vm_execute.h:188
#4  0x0821bf95 in execute (op_array=0x855b90c) at zend_vm_execute.h:88
#5  0x081fbb76 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /usr/home/curt/cvs/php/php51/Zend/zend.c:1087
#6  0x081c87ec in php_execute_script (primary_file=0xbfbfe754)
    at /usr/home/curt/cvs/php/php51/main/main.c:1677
#7  0x0827d9f4 in main (argc=2, argv=0xbfbfe7e4)
    at /usr/home/curt/cvs/php/php51/sapi/cli/php_cli.c:1041

(gdb) print b
$1 = (MYSQL_BIND *) 0x0

(gdb) print param
$2 = (struct pdo_bound_param_data *) 0x855d34c

(gdb) print *param
$3 = {paramno = -1, name = 0x856af2c ":k", namelen = 2, max_value_len = 0, parameter = 0x856aeac, 
  param_type = PDO_PARAM_STR, driver_params = 0x0, driver_data = 0x0, stmt = 0x855bc0c, 
  is_param = 1}



Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-11-16 01:32 UTC] wez@php.net
This bug has been fixed in CVS.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on pecl.php.net.

In case this was a pecl.php.net website problem, the change will show
up on the website in short time.
 
Thank you for the report, and for helping us make PECL better.

Fixed with a slightly modified version of your patch; thanks :)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Dec 22 01:01:30 2024 UTC