php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #44159 Crash: $pdo->setAttribute(PDO::STATEMENT_ATTR_CLASS, NULL)
Submitted: 2008-02-18 19:33 UTC Modified: 2008-02-19 12:18 UTC
From: uwendel at mysql dot com Assigned:
Status: Closed Package: PDO related
PHP Version: 5.3CVS-2008-02-18 (snap) OS: Linux
Private report: No CVE-ID:
 [2008-02-18 19:33 UTC] uwendel at mysql dot com
Description:
------------
You can make PDO crash by running $pdo->setAttribute(PDO::ATTR_STATEMENT_CLASS, NULL) . 



Reproduce code:
---------------
nixnutz@ulflinux:~/php53> valgrind sapi/cli/php -r '$pdo=new PDO("sqlite:/tmp/foo.db"); var_dump($pdo->setAttribute(PDO::ATTR_STATEMENT_CLASS, NULL));'
==28915== Memcheck, a memory error detector.
==28915== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==28915== Using LibVEX rev 1732, a library for dynamic binary translation.
==28915== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==28915== Using valgrind-3.2.3, a dynamic binary instrumentation framework.
==28915== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==28915== For more details, rerun with: -v
==28915==
==28915== Invalid read of size 1
==28915==    at 0x4924BE: pdo_dbh_attribute_set (pdo_dbh.c:743)
==28915==    by 0x492760: zim_PDO_setAttribute (pdo_dbh.c:826)
==28915==    by 0x628683: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:190)
==28915==    by 0x61A99A: execute (zend_vm_execute.h:91)
==28915==    by 0x5EDFA2: zend_eval_string (zend_execute_API.c:1278)
==28915==    by 0x5EE117: zend_eval_string_ex (zend_execute_API.c:1311)
==28915==    by 0x686CEC: main (php_cli.c:1175)
==28915==  Address 0x14 is not stack'd, malloc'd or (recently) free'd
==28915==
==28915== Process terminating with default action of signal 11 (SIGSEGV)
==28915==  Access not within mapped region at address 0x14
==28915==    at 0x4924BE: pdo_dbh_attribute_set (pdo_dbh.c:743)
==28915==    by 0x492760: zim_PDO_setAttribute (pdo_dbh.c:826)
==28915==    by 0x628683: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:190)
==28915==    by 0x61A99A: execute (zend_vm_execute.h:91)
==28915==    by 0x5EDFA2: zend_eval_string (zend_execute_API.c:1278)
==28915==    by 0x5EE117: zend_eval_string_ex (zend_execute_API.c:1311)
==28915==    by 0x686CEC: main (php_cli.c:1175)
==28915==
==28915== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 2 from 1)
==28915== malloc/free: in use at exit: 2,571,202 bytes in 10,439 blocks.
==28915== malloc/free: 10,879 allocs, 440 frees, 2,888,407 bytes allocated.
==28915== For counts of detected errors, rerun with: -v
==28915== searching for pointers to 10,439 not-freed blocks.
==28915== checked 2,561,864 bytes.
==28915==
==28915== LEAK SUMMARY:
==28915==    definitely lost: 0 bytes in 0 blocks.
==28915==      possibly lost: 0 bytes in 0 blocks.
==28915==    still reachable: 2,571,202 bytes in 10,439 blocks.
==28915==         suppressed: 0 bytes in 0 blocks.
==28915== Rerun with --leak-check=full to see details of leaked memory.
Speicherzugriffsfehler

Expected result:
----------------
No crash. Return false, print warning on wrong argument type

Actual result:
--------------
Crash

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-02-19 12:18 UTC] felipe@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Fri Apr 18 08:02:55 2014 UTC