PHP :: Bug #36318 :: Core Dump when using bindParam with PDO

Bug #36318

Core Dump when using bindParam with PDO_OCI

Submitted:

2006-02-07 13:18 UTC

Modified:

2016-03-08 01:35 UTC

Votes:	12
Avg. Score:	5.0 ± 0.0
Reproduced:	5 of 5 (100.0%)
Same Version:	5 (100.0%)
Same OS:	3 (60.0%)

From:

bernhard dot hari at multisports dot ch

Assigned:

wez (profile)

Status:

Closed

Package:

PDO OCI

PHP Version:

5.1.2

OS:

RedHat Linux Enterprise 4 Upd 2

Private report:

CVE-ID:

None

View Developer Edit

[2006-02-07 13:18 UTC] bernhard dot hari at multisports dot ch

Description:
------------
When using a named parameters array, PDO_OCI crashes.
--> using bindParam() = crash
--> using bindValue() = works (also with 5.1.2)

The following code works fine in 5.1.0. But fails with 5.1.1, 5.1.2 and the snapshot php5.1-200602070530.

This Bug is similar to #35671.

System:
RedHat Enterprise Linux 4 Update 2.
Oracle 10gr2 (10.2.0.1) with Patch 4516865
(Patch solves wrong permissions after installation.)
Same compile options, configuration and environment for all tested PHP Versions.

Reproduce code:
---------------
$database = new PDO('oci:','scott','tiger');
$database->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);

$query = "select machine from v\$session where osuser = :username";
$statement = $database->prepare($query);
$username = 'harb';

//$statement->bindValue(':username', $username);
$statement->bindParam(':username', $username);
//$statement->bindParam(':username', $username, PDO::PARAM_STR|PDO::PARAM_INPUT_OUTPUT);

$result = $statement->execute();
if($result == true) {
   $rows = $statement->fetchAll(PDO::FETCH_NUM);
   print_r($rows);
} else {
   print_r($statement->errorInfo());
}

Expected result:
----------------
The (local) machine hostname.

e.g.
Array
(
    [0] => Array
        (
            [0] => mdsl03
        )

)

Actual result:
--------------
[harb@mdsl03 dataAccessComponent]$ /opt/php5.1.0/bin/php Test.php
Array
(
    [0] => Array
        (
            [0] => mdsl03
        )
)
[harb@mdsl03 dataAccessComponent]$ php Test.php
Segmentation fault (core dumped)
[harb@mdsl03 dataAccessComponent]$ php --version
PHP 5.1.2 (cli) (built: Jan 26 2006 08:55:32)
Copyright (c) 1997-2006 The PHP Group
Zend Engine v2.1.0, Copyright (c) 1998-2006 Zend Technologies

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-02-07 13:26 UTC] tony2001@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5.1-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.1-win32-latest.zip

[2006-02-07 13:55 UTC] bernhard dot hari at multisports dot ch

Version: php5.1-200602071130
[harb@mdsl03 dataAccessComponent]$ /opt/php5.1-latest/bin/php Test.class.php
Segmentation fault (core dumped)
[harb@mdsl03 dataAccessComponent]$ /opt/php5.1-latest/bin/php --version
PHP 5.1.3-dev (cli) (built: Feb  7 2006 12:40:50)
Copyright (c) 1997-2006 The PHP Group
Zend Engine v2.1.0, Copyright (c) 1998-2006 Zend Technologies

[2006-02-07 14:49 UTC] tony2001@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

[2006-02-07 16:37 UTC] bernhard dot hari at multisports dot ch

GNU DDD 3.3.9 (i386-redhat-linux-gnu), by Dorothea L?tkehaus and Andreas Zeller.
Copyright ? 1995-1999 Technische Universit?t Braunschweig, Germany.
Copyright ? 1999-2001 Universit?t Passau, Germany.
Copyright ? 2001 Universit?t des Saarlandes, Germany.
Copyright ? 2001-2004 Free Software Foundation, Inc.
(gdb) file /opt/php5.1-latest/bin/php
Using host libthread_db library "/lib/tls/libthread_db.so.1".
(gdb) run Test.php
[Thread debugging using libthread_db enabled]
[New Thread -1208076608 (LWP 17847)]
Detaching after fork from child process 17850.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1208076608 (LWP 17847)]
oci_bind_input_cb (ctx=0xbfffc9c0, bindp=0x865d474, iter=0, index=0, bufpp=0x865d4f4, alenp=0x865d56c, piecep=0xbfff7a28 "\a", indpp=0xbfff7a28) at /home/harb/download/php/php5.1-200602071130/ext/pdo_oci/oci_statement.c:177
/data/download/php/php5.1-200602071130/ext/pdo_oci/oci_statement.c:177:5163:beg:0x814a441

static sb4 oci_bind_input_cb(dvoid *ctx, OCIBind *bindp, ub4 iter, ub4 index, dvoid **bufpp, ub4 *alenp, ub1 *piecep, dvoid **indpp) /* {{{ */
{
        struct pdo_bound_param_data *param = (struct pdo_bound_param_data*)ctx;
        pdo_oci_bound_param *P = (pdo_oci_bound_param*)param->driver_data;
        TSRMLS_FETCH();
    
        if (!param || !param->parameter) {
                php_error_docref(NULL TSRMLS_CC, E_WARNING, "param is NULL in oci_bind_input_cb; this should not happen");
                return OCI_ERROR;
        }
        
        *indpp = &P->indicator;
    
==>fail if (P->thing) {
                *bufpp = P->thing;
                *alenp = sizeof(void*);
        } else if (ZVAL_IS_NULL(param->parameter)) {
                /* insert a NULL value into the column */
                P->indicator = -1; /* NULL */
                *bufpp = 0;
                *alenp = -1;
        } else if (!P->thing) {
                /* regular string bind */
                convert_to_string(param->parameter);
                *bufpp = Z_STRVAL_P(param->parameter);
                *alenp = Z_STRLEN_P(param->parameter);
        }
    
        *piecep = OCI_ONE_PIECE;
        return OCI_CONTINUE;
} /* }}} */

backtrace:
#0  oci_bind_input_cb (ctx=0xbfffc9c0, bindp=0x865d474, iter=0, index=0, bufpp=0x865d4f4, alenp=0x865d56c, piecep=0xbfff7a28 "\a", indpp=0xbfff7a28) at /home/harb/download/php/php5.1-200602071130/ext/pdo_oci/oci_statement.c:177
#1  0x012fa126 in ttcGetSendInfo () from /opt/oracle/10gr2/lib/libclntsh.so.10.1
#2  0x012faf44 in ttcacs () from /opt/oracle/10gr2/lib/libclntsh.so.10.1
#3  0x01288d4a in ttcdrv () from /opt/oracle/10gr2/lib/libclntsh.so.10.1
#4  0x0117eec1 in nioqwa () from /opt/oracle/10gr2/lib/libclntsh.so.10.1
#5  0x00fe32d7 in upirtrc () from /opt/oracle/10gr2/lib/libclntsh.so.10.1
#6  0x00f58f76 in kpurcsc () from /opt/oracle/10gr2/lib/libclntsh.so.10.1
#7  0x00f0e5bb in kpuexecv8 () from /opt/oracle/10gr2/lib/libclntsh.so.10.1
#8  0x00f1094a in kpuexec () from /opt/oracle/10gr2/lib/libclntsh.so.10.1
#9  0x00fe7e42 in OCIStmtExecute () from /opt/oracle/10gr2/lib/libclntsh.so.10.1
#10 0x0814a268 in oci_stmt_execute (stmt=0x1) at /home/harb/download/php/php5.1-200602071130/ext/pdo_oci/oci_statement.c:140
#11 0x08142895 in zif_PDOStatement_execute (ht=0, return_value=0x8674e14, return_value_ptr=0x0, this_ptr=0x8655a84, return_value_used=1) at /home/harb/download/php/php5.1-200602071130/ext/pdo/pdo_stmt.c:424
#12 0x082a5f49 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfffcd70) at /home/harb/download/php/php5.1-200602071130/Zend/zend_vm_execute.h:192
#13 0x082a5901 in execute (op_array=0x86509fc) at /home/harb/download/php/php5.1-200602071130/Zend/zend_vm_execute.h:92
#14 0x0828be02 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/harb/download/php/php5.1-200602071130/Zend/zend.c:1101
#15 0x082532b0 in php_execute_script (primary_file=0xbffff270) at /home/harb/download/php/php5.1-200602071130/main/main.c:1719
#16 0x082f6982 in main (argc=2, argv=0xbffff344) at /home/harb/download/php/php5.1-200602071130/sapi/cli/php_cli.c:1090

[2006-02-17 10:50 UTC] developit at mail dot ru

Multiple bindValue()'s also crash.. Recently bound value seems to get propogated to all variables of the statement.

$query = 
 'INSERT INTO SMTH("FIELDA", "FIELDB", "FIELDC")
         VALUES (?, ?, ?)';
$stmt = $DBH->prepare($query);
$stmt->bindValue(1, 'a');
$stmt->bindValue(2, 'b');
$stmt->bindValue(3, 'c');
$stmt->execute();
$stmt = null;

Here ['c','c','c'] row is inserted instead of ['a','b','c'].. The same happens when I use named placeholders. And the same again when I pass values as execute() array parameter.

Very similar to bug #35671.

PHP version: 5.1.2
Oracle version: 10.1
OS: Linux

[2006-04-09 07:49 UTC] wez@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5.1-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.1-win32-latest.zip

[2006-04-11 09:17 UTC] bernhard dot hari at multisports dot ch

Bug solved. 
Thanks a lot.

[2016-03-08 01:35 UTC] sixd@php.net

-Package: PDO related +Package: PDO OCI

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 16:01:28 2024 UTC