|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #50445 PDO-ODBC stored procedure call from Solaris 64-bit causes seg fault
Submitted: 2009-12-11 00:32 UTC Modified: 2009-12-11 22:32 UTC
From: davbrown4 at yahoo dot com Assigned: felipe
Status: Closed Package: PDO related
PHP Version: 5.2, 5.3, 6 OS: Solaris
Private report: No CVE-ID:
 [2009-12-11 00:32 UTC] davbrown4 at yahoo dot com
While testing the 64-bit version of our ODBC driver (StarQuest StarSQL on Solaris SPARC, with unixODBC 2.2.14 (the current stable version),  we encountered a seg fault when when using PDO-ODBC to call a stored procedure.  The patch below (5.3.1) fixed our problem.

The existing php code is making the assumption that an "enum" has the same size as a "long". That is not the case on many 64-bit systems. We fixed this one by using an local intermediate "long" variable. It could likely also be fixed by modifying the format string. 
There may be several other faulty assumptions about the size of "enum" that we didn't encounter.

Here are our patches to 5.3.11:

diff -ur pdo-orig/pdo_stmt.c pdo/pdo_stmt.c
--- pdo-orig/pdo_stmt.c 2009-10-19 14:43:34.000000000 -0700
+++ pdo/pdo_stmt.c      2009-12-03 16:31:18.000000000 -0800
@@ -1657,12 +1657,13 @@
 static int register_bound_param(INTERNAL_FUNCTION_PARAMETERS, pdo_stmt_t *stmt, int is_param) /* {{{ */
        struct pdo_bound_param_data param = {0};
+       long param_type;

        param.paramno = -1;
        param.param_type = PDO_PARAM_STR;

        if (FAILURE == zend_parse_parameters_ex(ZEND_PARSE_PARAMS_QUIET, ZEND_NUM_ARGS() TSRMLS_CC,
-                       "lz|llz!", &param.paramno, &param.parameter, &param.param_type, &param.max_value_len,
+                       "lz|llz!", &param.paramno, &param.parameter, &param_type, &param.max_value_len,
                        &param.driver_params)) {
                if (FAILURE == zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sz|llz!", &,
                                &param.namelen, &param.parameter, &param.param_type, &param.max_value_len,
@@ -1671,6 +1672,7 @@

+       param.param_type = (int)param_type;
        if (param.paramno > 0) {
                --param.paramno; /* make it zero-based internally */
        } else if (! {

Reproduce code:

// Connect to the database
$dbh = new PDO("odbc:MAX64", 'USER', 'PWD');
}catch (PDOException $e) {
    print "Error!: " . $e->getMessage();

// Set parameter values
$inval = 'ANNIE';
$inoutval = 'HALL';
$outval = NULL;

// Prepare stored procedure call with three parameters
$sth = $dbh->prepare('CALL USER.SPROC(?, ?, ?)');

// Bind parameter 1 as IN parameter
// Be sure *not* to set a length to indicate it's an IN parameter
$sth->bindParam(1, $inval, PDO::PARAM_STR);

// Bind parameter 2 as INOUT parameter
$sth->bindParam(2, $inoutval, PDO::PARAM_STR|PDO::PARAM_INPUT_OUTPUT, 20);

// Bind parameter 3 as OUT parameter
// Be sure to explicitly set a length to indicate it's an OUTPUT parameter
$sth->bindParam(3, $outval, PDO::PARAM_INT, 20);

// Call the stored procedure
print "Executing stored procedure...\n";
$res = $sth->execute();


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2009-12-11 22:30 UTC]
Automatic comment from SVN on behalf of felipe
Log: - Fixed bug #50445 (PDO-ODBC stored procedure call from Solaris 64-bit causes seg fault).
  (Original patch by davbrown4 at yahoo dot com)
 [2009-12-11 22:32 UTC]
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

I've committed a bit modified patch.
Thanks for the patch!
PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Sun Oct 04 23:01:29 2015 UTC