php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #46274 pdo_pgsql - Segfault when using PDO::ATTR_STRINGIFY_FETCHES and blob
Submitted: 2008-10-11 00:52 UTC Modified: 2009-04-23 13:26 UTC
From: felipe@php.net Assigned: mbeccati
Status: Closed Package: PDO related
PHP Version: 5.3CVS-2008-10-11 (CVS) OS: Linux
Private report: No CVE-ID:
 [2008-10-11 00:52 UTC] felipe@php.net
Description:
------------
See below.

Reproduce code:
---------------
<?php

$db = new PDO('pgsql:host=localhost dbname=teste', 'foo', 'bar', array(PDO::ATTR_STRINGIFY_FETCHES => TRUE));

$res = $db->prepare("SELECT blob1 from test_one_blob");
$res->execute();
var_dump($res->fetch(PDO::FETCH_NUM));

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb77e26d0 (LWP 18255)]
0x0839a800 in _php_stream_stat (stream=0x88b4500, ssb=0xbfac2124, tsrm_ls=0x8767070) at /home/felipe/dev/php5/main/streams/streams.c:693
693		if (stream->wrapper && stream->wrapper->wops->stream_stat != NULL) {
(gdb) bt
#0  0x0839a800 in _php_stream_stat (stream=0x88b4500, ssb=0xbfac2124, tsrm_ls=0x8767070) at /home/felipe/dev/php5/main/streams/streams.c:693
#1  0x0839b9f0 in _php_stream_copy_to_mem (src=0x88b4500, buf=0xbfac21f0, maxlen=0, persistent=0, __php_stream_call_depth=0, 
    __zend_filename=0x86bbd58 "/home/felipe/dev/php5/ext/pdo/pdo_stmt.c", __zend_lineno=608, __zend_orig_filename=0x0, __zend_orig_lineno=0, tsrm_ls=0x8767070)
    at /home/felipe/dev/php5/main/streams/streams.c:1254
#2  0x08130c5d in fetch_value (stmt=0x88b3bcc, dest=0x88b394c, colno=0, type_override=0x0, tsrm_ls=0x8767070) at /home/felipe/dev/php5/ext/pdo/pdo_stmt.c:608
#3  0x08132732 in do_fetch (stmt=0x88b3bcc, do_bind=1, return_value=0x88b39e4, how=PDO_FETCH_NUM, ori=PDO_FETCH_ORI_NEXT, offset=0, return_all=0x0, 
    tsrm_ls=0x8767070) at /home/felipe/dev/php5/ext/pdo/pdo_stmt.c:1123
#4  0x081338c6 in zim_PDOStatement_fetch (ht=1, return_value=0x88b39e4, return_value_ptr=0x0, this_ptr=0x88b2318, return_value_used=1, tsrm_ls=0x8767070)
    at /home/felipe/dev/php5/ext/pdo/pdo_stmt.c:1401
#5  0x0843efbd in zend_do_fcall_common_helper_SPEC (execute_data=0x88e1674, tsrm_ls=0x8767070) at /home/felipe/dev/php5/Zend/zend_vm_execute.h:315
#6  0x0844017b in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x88e1674, tsrm_ls=0x8767070) at /home/felipe/dev/php5/Zend/zend_vm_execute.h:428
#7  0x0843dd6c in execute (op_array=0x88b2ad0, tsrm_ls=0x8767070) at /home/felipe/dev/php5/Zend/zend_vm_execute.h:104
#8  0x0840e59b in zend_execute_scripts (type=8, tsrm_ls=0x8767070, retval=0x0, file_count=3) at /home/felipe/dev/php5/Zend/zend.c:1197
#9  0x0837ecbe in php_execute_script (primary_file=0xbfac48b8, tsrm_ls=0x8767070) at /home/felipe/dev/php5/main/main.c:2080
#10 0x084add03 in main (argc=2, argv=0xbfac4a14) at /home/felipe/dev/php5/sapi/cli/php_cli.c:1130


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-10-11 19:05 UTC] felipe@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 [2008-10-12 01:23 UTC] felipe@php.net
Oh, that isn't fixed yet.
 [2008-10-12 13:04 UTC] felipe@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 [2009-04-23 11:41 UTC] mbeccati@php.net
The fix is not properly working under some circumstances: the get_col function might be returning a (php_stream *) which is treated like a string by the empty string check, leading to inconsistent result (empty LOB) and a memory leak.

I have a fix almost ready, reopening the bug to keep trace of it.
 [2009-04-23 13:26 UTC] mbeccati@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sat Apr 19 19:02:15 2014 UTC