|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #66033 Segmentation Fault when constructor of PDO statement throws an exception
Submitted: 2013-11-04 21:50 UTC Modified: 2013-11-05 03:13 UTC
From: cbrichford+phpbugs at appdynamics dot com Assigned: laruence (profile)
Status: Closed Package: PDO related
PHP Version: Irrelevant OS: CentOS 5.5
Private report: No CVE-ID: None
 [2013-11-04 21:50 UTC] cbrichford+phpbugs at appdynamics dot com
On PHP 5.5.4 and PHP 5.3.27, the test script in this bug segfaults.

Test script:
class DBStatement extends PDOStatement {
    public $dbh;
    protected function __construct($dbh) {
        $this->dbh = $dbh;
        throw new Exception("Blah");

$pdo = new PDO('sqlite::memory:', null, null);
$pdo->setAttribute(PDO::ATTR_STATEMENT_CLASS, array('DBStatement', array($pdo)));
$pdo->exec("CREATE TABLE IF NOT EXISTS messages (
                    id INTEGER PRIMARY KEY,
                    title TEXT,
                    message TEXT,
                    time INTEGER)");

$pdoStatement = $pdo->query("select * from messages");

Expected result:
Print out of the pdoStatement variable.

Actual result:

Program received signal SIGSEGV, Segmentation fault.
_zval_ptr_dtor (zval_ptr=0x7fffffffad40) at /home/cbrichford/git/github/php-src/Zend/zend_execute_API.c:426
426		i_zval_ptr_dtor(*zval_ptr ZEND_FILE_LINE_RELAY_CC);
(gdb) where
#0  _zval_ptr_dtor (zval_ptr=0x7fffffffad40) at /home/cbrichford/git/github/php-src/Zend/zend_execute_API.c:426
#1  0x000000000053e97f in pdo_stmt_construct (stmt=<value optimized out>, object=0x2aaaaaafabe0, dbstmt_ce=0x2aaaaaafaf68, ctor_args=<value optimized out>)
    at /home/cbrichford/git/github/php-src/ext/pdo/pdo_dbh.c:499
#2  0x00000000005405d8 in zim_PDO_query (ht=1, return_value=0x2aaaaaafabe0, return_value_ptr=0x0, this_ptr=0x2aaaaaaf9010, return_value_used=1)
    at /home/cbrichford/git/github/php-src/ext/pdo/pdo_dbh.c:1143
#3  0x0000000000713b73 in zend_do_fcall_common_helper_SPEC (execute_data=<value optimized out>) at /home/cbrichford/git/github/php-src/Zend/zend_vm_execute.h:550
#4  0x0000000000705080 in execute_ex (execute_data=0x2aaaaaac6280) at /home/cbrichford/git/github/php-src/Zend/zend_vm_execute.h:363
#5  0x0000000000691589 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/cbrichford/git/github/php-src/Zend/zend.c:1318
#6  0x00000000006332a9 in php_execute_script (primary_file=0x7fffffffe450) at /home/cbrichford/git/github/php-src/main/main.c:2489
#7  0x0000000000741a9c in do_cli (argc=2, argv=0xd9e900) at /home/cbrichford/git/github/php-src/sapi/cli/php_cli.c:994
#8  0x0000000000742238 in main (argc=2, argv=0xd9e900) at /home/cbrichford/git/github/php-src/sapi/cli/php_cli.c:1378


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2013-11-05 03:13 UTC]
-Status: Open +Status: Closed -Assigned To: +Assigned To: laruence
 [2013-11-05 03:13 UTC]
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at

 For Windows:
Thank you for the report, and for helping us make PHP better.

fixed in
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue May 21 08:01:31 2024 UTC