php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #37559 Pesistent flag & assigning PDO instances to and array more than once
Submitted: 2006-05-23 10:32 UTC Modified: 2007-07-23 16:57 UTC
From: barry dot verdon at complinet dot com Assigned: wez (profile)
Status: Closed Package: PDO related
PHP Version: 5.1.4 OS: Win XP SP2 & Debian 2.6.10
Private report: No CVE-ID: None
 [2006-05-23 10:32 UTC] barry dot verdon at complinet dot com
Description:
------------
When assigning instances of PDO objects within the scope of a function to an array with global scope or scope outside that function it causes a seg fault when accessing a member of the PDO object on the second run of the function.

It can also be within a class with the array being a member of the class and the function being the method of the class.

It only happens when the persistent flag is set to true.

On the second run of the function when the PDO instance is assigned to the array the symbol table seems to get corrupted, no seg fault occurs but object id's start getting recycled with new instances. Only when the member is accessed again after this corruption does a seg fault occur.

Tested it on :
5.1.4 - CLI and Apache 2.0.54 - Windows XP SP2
5.2.0dev200605221830 - CLI - Windows XP SP2
5.0.5 - CLI - Debian 2.6.10 (Unstable)

Reproduce code:
---------------
<?
global $instances; $instances = array();

function run()
{
    global $instances;
    $dsn = 'mysql:host=localhost;port=3306;dbname=test;'; // Version 4.1.14, same with pgsql 8.1
    $username = 'test.user'; $password = 'test';
    $driverOptions = array(PDO::ATTR_PERSISTENT=>true);
    $instance = new PDO($dsn, $username, $password, $driverOptions);
    $instance->test = 'test';
    $instances['test'] = $instance; // This is the line that causes the damage on the 2nd run
    var_dump($instance);
    $instance->test = 'test'; // This is the line that seg faults on 2nd run
    print_r('Test');
}
run(); run();
?>

Expected result:
----------------
To see the var_dump of $instance with the member test with a value of 'test' in it and the print of 'Test' TWICE.

Actual result:
--------------
On second function call, var_dump of $instance no longer has the test member in it and 'Test' does not get printed out a second time.

Starting program: /usr/local/bin/php test.php
Test

Program received signal SIGSEGV, Segmentation fault.
0x082065cd in zend_hash_quick_find (ht=0x0, arKey=0x84d469c "test", nKeyLength=5, h=275477765, pData=0xbfffcd74) at /share/php-5.0.5/Zend/zend_hash.c:879
879             p = ht->arBuckets[nIndex];

(gdb) backtrace
#0  0x082065cd in zend_hash_quick_find (ht=0x0, arKey=0x84d469c "test", nKeyLength=5, h=275477765, pData=0xbfffcd74) at /share/php-5.0.5/Zend/zend_hash.c:879
#1  0x0821313d in zend_std_write_property (object=0x84d3e04, member=0x84d3a04, value=0x84d3d2c) at /share/php-5.0.5/Zend/zend_object_handlers.c:362
#2  0x0822b5eb in zend_assign_to_object (result=0x84d39d8, object_ptr=0x84d4250, op2=<value optimized out>, value_op=0x84d3a38, Ts=0xbfffce40, opcode=136)
    at /share/php-5.0.5/Zend/zend_execute.c:437
#3  0x0822b9a9 in zend_assign_obj_handler (execute_data=0xbfffd154, opline=0x84d39d4, op_array=0x84d3ba0) at /share/php-5.0.5/Zend/zend_execute.c:2239
#4  0x0821dd22 in execute (op_array=0x84d3ba0) at /share/php-5.0.5/Zend/zend_execute.c:1437
#5  0x0821fe45 in zend_do_fcall_common_helper (execute_data=0xbfffd304, opline=0x84d1dac, op_array=0x84cd9cc) at /share/php-5.0.5/Zend/zend_execute.c:2789
#6  0x0822e317 in zend_do_fcall_handler (execute_data=0xbfffd304, opline=0x84d1dac, op_array=0x84cd9cc) at /share/php-5.0.5/Zend/zend_execute.c:2894
#7  0x0821dd22 in execute (op_array=0x84cd9cc) at /share/php-5.0.5/Zend/zend_execute.c:1437
#8  0x08200253 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /share/php-5.0.5/Zend/zend.c:1064
#9  0x081cb1db in php_execute_script (primary_file=0xbffff6a0) at /share/php-5.0.5/main/main.c:1643
#10 0x08235efa in main (argc=2, argv=0xbffff774) at /share/php-5.0.5/sapi/cli/php_cli.c:946

#4  0x0821dd22 in execute (op_array=0x84d3ba0) at /share/php-5.0.5/Zend/zend_execute.c:1437
1437                    if (EX(opline)->handler(&execute_data, EX(opline), op_array TSRMLS_CC)) {

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-07-23 16:57 UTC] barry dot verdon at complinet dot com
I have checked this with the Windows snapshot and it works as expected. I have not tested on a linux snapshot but am assuming this will work too. Well done, thanks very much.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Wed Dec 01 00:03:34 2021 UTC