php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #66633 Segmentation fault with pdo_odbc / freetds and bind params
Submitted: 2014-02-03 12:40 UTC Modified: 2014-02-03 16:19 UTC
Votes:5
Avg. Score:4.6 ± 0.8
Reproduced:5 of 5 (100.0%)
Same Version:2 (40.0%)
Same OS:0 (0.0%)
From: jeanseb@php.net Assigned:
Status: Open Package: PDO ODBC
PHP Version: 5.4.24 OS: CentOS 6.5
Private report: No CVE-ID:
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: jeanseb@php.net
New email:
PHP Version: OS:

 

 [2014-02-03 12:40 UTC] jeanseb@php.net
Description:
------------
I need to connect to a Microsoft SQL Server 2005 with PHP 5.4 on CentOS.

A simple query with bind params does seg fault.

I have try with unixOdbc 2.2.14 (unixODBC-2.2.14-12.el6_3.x86_64) et 2.3.0.

$ php --version
PHP 5.4.24 (cli) (built: Jan  9 2014 07:32:12)
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2013 Zend Technologies
    with Zend OPcache v7.0.3, Copyright (c) 1999-2014, by Zend Technologies
    with Xdebug v2.2.3, Copyright (c) 2002-2013, by Derick Rethans

FreeTDS 0.91.

$ $ cat /etc/odbcinst.ini
[FreeTDS]
Description = ODBC for MSSQL
Driver = /usr/lib64/libtdsodbc.so.0
Setup = /usr/lib64/libtdsS.so.2

Test script:
---------------
<?php
$cnx = new PDO("odbc:DRIVER=FreeTDS;SERVER=*****,49503;DATABASE=****;MARS_Connection=yes;StripParmNames=yes;CallEscape=no", '***', '***');
$stmt = $cnx->prepare("select ID from AUDIT WHERE ID = ?");
$id = 1;
$stmt->bindParam(1, $id, PDO::PARAM_INT);
var_dump($stmt->execute());
var_dump($stmt->fetchAll(PDO::FETCH_NUM));

Expected result:
----------------
bool(true)
Array
(
    [0] => Array
    (
        [ID] => 1
    )
)


Actual result:
--------------
bool(true)

Program received signal SIGSEGV, Segmentation fault.
0x00007fffd6c7ac8e in fetch_row (cl_statement=0xdac520, row_number=0, offset=0) at SQLExtendedFetch.c:103
103     SQLRETURN fetch_row( CLHSTMT cl_statement, int row_number, int offset )
Missing separate debuginfos, use: debuginfo-install libaio-0.3.107-10.el6.x86_64 libedit-2.11-4.20080712cvs.1.el6.x86_64 libicu-last-50.1.2-10.el6.remi.x86_64 libidn-1.18-2.el6.x86_64 libtool-ltdl-2.2.6-15.5.el6.x86_64 ncurses-libs-5.7-3.20090208.el6.x86_64 sqlite-3.7.9-1.el6.art.x86_64
(gdb) bt
#0  0x00007fffd6c7ac8e in fetch_row (cl_statement=0xdac520, row_number=0, offset=0) at SQLExtendedFetch.c:103
#1  0x00007fffd6c7b0bc in fetch_rowset (cl_statement=0xdac520, rows_in_set=1, row_offset=0, fetched_rows=0x7fffffffa69c, row_status_array=0x0, rows_fetched_ptr=0x0) at SQLExtendedFetch.c:473
#2  0x00007fffd6c7b4d7 in do_fetch_scroll (cl_statement=0xdac520, fetch_orientation=1, fetch_offset=<value optimized out>, row_status_ptr=0x0, rows_fetched_ptr=<value optimized out>,
    ext_fetch=<value optimized out>) at SQLExtendedFetch.c:604
#3  0x00007fffe303eb85 in SQLFetchScroll (statement_handle=0xdacc20, fetch_orientation=1, fetch_offset=0) at SQLFetchScroll.c:273
#4  0x00007fffe27fd080 in odbc_stmt_fetch (stmt=0x7ffff7fd9e48, ori=<value optimized out>, offset=<value optimized out>) at /usr/src/debug/php-5.4.24/ext/pdo_odbc/odbc_stmt.c:528
#5  0x00007fffe2c13e24 in do_fetch_common (stmt=0x7ffff7fd9e48, ori=PDO_FETCH_ORI_NEXT, offset=<value optimized out>, do_bind=1) at /usr/src/debug/php-5.4.24/ext/pdo/pdo_stmt.c:700
#6  0x00007fffe2c13f4b in do_fetch (stmt=0x7ffff7fd9e48, return_value=0x7ffff7fda0d0, how=PDO_FETCH_NUM, ori=<value optimized out>, offset=<value optimized out>, return_all=0x0, do_bind=1)
    at /usr/src/debug/php-5.4.24/ext/pdo/pdo_stmt.c:867
#7  0x00007fffe2c15600 in zim_PDOStatement_fetchAll (ht=<value optimized out>, return_value=0x7ffff7fda0a0, return_value_ptr=<value optimized out>, this_ptr=<value optimized out>,
    return_value_used=<value optimized out>) at /usr/src/debug/php-5.4.24/ext/pdo/pdo_stmt.c:1540
#8  0x00007fffedaa758f in xdebug_execute_internal (current_execute_data=0x7ffff7fa4060, return_value_used=1) at /usr/src/debug/php-pecl-xdebug-2.2.3/xdebug-2.2.3/xdebug.c:1547
#9  0x000000000065e3d5 in zend_do_fcall_common_helper_SPEC (execute_data=<value optimized out>) at /usr/src/debug/php-5.4.24/Zend/zend_vm_execute.h:645
#10 0x000000000064bf58 in execute (op_array=0x7ffff7fd7a40) at /usr/src/debug/php-5.4.24/Zend/zend_vm_execute.h:410
#11 0x00007fffedaa79e9 in xdebug_execute (op_array=0x7ffff7fd7a40) at /usr/src/debug/php-pecl-xdebug-2.2.3/xdebug-2.2.3/xdebug.c:1435
#12 0x00000000005e1de0 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/debug/php-5.4.24/Zend/zend.c:1315
#13 0x0000000000584b18 in php_execute_script (primary_file=0x7fffffffd2f0) at /usr/src/debug/php-5.4.24/main/main.c:2502
#14 0x000000000068d8d3 in do_cli (argc=2, argv=0x7fffffffe648) at /usr/src/debug/php-5.4.24/sapi/cli/php_cli.c:989
#15 0x000000000068e098 in main (argc=2, argv=0x7fffffffe648) at /usr/src/debug/php-5.4.24/sapi/cli/php_cli.c:1365


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-02-03 16:19 UTC] jeanseb@php.net
-Summary: Segmentation fault with odbc and bind params +Summary: Segmentation fault with pdo_odbc / freetds and bind params
 [2014-02-03 16:23 UTC] jeanseb@php.net
Some step by step debugging : 

Breakpoint 2, fetch_row (cl_statement=0xdac520, row_number=0, offset=0) at SQLExtendedFetch.c:104
104     {
(gdb) n
111         if ( row_number < cl_statement -> rowset_count )
(gdb) n
240             if ( cl_statement -> rowset_complete )
(gdb) n
245             ret = SQLFETCH( cl_statement -> cl_connection,
(gdb) n
248             if ( ret == SQL_NO_DATA )
(gdb) n
245             ret = SQLFETCH( cl_statement -> cl_connection,
(gdb) n
248             if ( ret == SQL_NO_DATA )
(gdb) n
103     SQLRETURN fetch_row( CLHSTMT cl_statement, int row_number, int offset )
(gdb) p cl_statement -> rowset_complete
$1 = 0
(gdb) n
Program received signal SIGSEGV, Segmentation fault.
0x00007fffd6c7ac8e in fetch_row (cl_statement=0xdac520, row_number=0, offset=0) at SQLExtendedFetch.c:103
103     SQLRETURN fetch_row( CLHSTMT cl_statement, int row_number, int offset 



The code : 

245         ret = SQLFETCH( cl_statement -> cl_connection,
246                         cl_statement -> driver_stmt );
247
248         if ( ret == SQL_NO_DATA )
249         {
250             /*
251              * at the end
252              */
253             cl_statement -> rowset_complete = 1;
254             cl_statement -> rowset_position = CL_AFTER_END;
255         }
256         else
257         {
....
392         return ret;
393     }
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Fri Jul 28 18:01:37 2017 UTC