php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #66033 Segmentation Fault when constructor of PDO statement throws an exception
Submitted: 2013-11-04 21:50 UTC Modified: 2013-11-05 03:13 UTC
From: cbrichford+phpbugs at appdynamics dot com Assigned: laruence
Status: Closed Package: PDO related
PHP Version: Irrelevant OS: CentOS 5.5
Private report: No CVE-ID:
 [2013-11-04 21:50 UTC] cbrichford+phpbugs at appdynamics dot com
Description:
------------
On PHP 5.5.4 and PHP 5.3.27, the test script in this bug segfaults.

Test script:
---------------
<pre>
<?php
class DBStatement extends PDOStatement {
    public $dbh;
    protected function __construct($dbh) {
        $this->dbh = $dbh;
        throw new Exception("Blah");
    }
}

$pdo = new PDO('sqlite::memory:', null, null);
$pdo->setAttribute(PDO::ATTR_STATEMENT_CLASS, array('DBStatement', array($pdo)));
$pdo->exec("CREATE TABLE IF NOT EXISTS messages (
                    id INTEGER PRIMARY KEY,
                    title TEXT,
                    message TEXT,
                    time INTEGER)");

$pdoStatement = $pdo->query("select * from messages");
var_dump($pdoStatement);
?>

Expected result:
----------------
Print out of the pdoStatement variable.

Actual result:
--------------
<pre>

Program received signal SIGSEGV, Segmentation fault.
_zval_ptr_dtor (zval_ptr=0x7fffffffad40) at /home/cbrichford/git/github/php-src/Zend/zend_execute_API.c:426
426		i_zval_ptr_dtor(*zval_ptr ZEND_FILE_LINE_RELAY_CC);
(gdb) where
#0  _zval_ptr_dtor (zval_ptr=0x7fffffffad40) at /home/cbrichford/git/github/php-src/Zend/zend_execute_API.c:426
#1  0x000000000053e97f in pdo_stmt_construct (stmt=<value optimized out>, object=0x2aaaaaafabe0, dbstmt_ce=0x2aaaaaafaf68, ctor_args=<value optimized out>)
    at /home/cbrichford/git/github/php-src/ext/pdo/pdo_dbh.c:499
#2  0x00000000005405d8 in zim_PDO_query (ht=1, return_value=0x2aaaaaafabe0, return_value_ptr=0x0, this_ptr=0x2aaaaaaf9010, return_value_used=1)
    at /home/cbrichford/git/github/php-src/ext/pdo/pdo_dbh.c:1143
#3  0x0000000000713b73 in zend_do_fcall_common_helper_SPEC (execute_data=<value optimized out>) at /home/cbrichford/git/github/php-src/Zend/zend_vm_execute.h:550
#4  0x0000000000705080 in execute_ex (execute_data=0x2aaaaaac6280) at /home/cbrichford/git/github/php-src/Zend/zend_vm_execute.h:363
#5  0x0000000000691589 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/cbrichford/git/github/php-src/Zend/zend.c:1318
#6  0x00000000006332a9 in php_execute_script (primary_file=0x7fffffffe450) at /home/cbrichford/git/github/php-src/main/main.c:2489
#7  0x0000000000741a9c in do_cli (argc=2, argv=0xd9e900) at /home/cbrichford/git/github/php-src/sapi/cli/php_cli.c:994
#8  0x0000000000742238 in main (argc=2, argv=0xd9e900) at /home/cbrichford/git/github/php-src/sapi/cli/php_cli.c:1378

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-11-05 03:13 UTC] laruence@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: laruence
 [2013-11-05 03:13 UTC] laruence@php.net
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

fixed in https://github.com/php/php-src/commit/e3d9e18e7b24ba2d5c9e420510e804330c94f955
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 16 13:02:46 2014 UTC