php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #67919 zend_mm_heap corrupted when a bound out parameter preset to a constant
Submitted: 2014-08-27 18:15 UTC Modified: -
Votes:2
Avg. Score:3.5 ± 0.5
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:2 (100.0%)
From: pm at datasphere dot ch Assigned:
Status: Open Package: PDO ODBC
PHP Version: 5.5.16 OS: Linux
Private report: No CVE-ID:
Have you experienced this issue?
Rate the importance of this bug to you:

 [2014-08-27 18:15 UTC] pm at datasphere dot ch
Description:
------------
When a out/inout bound parameter is set to a string constant before executing a prepared executed statement, a call to erealloc() on it fails.

Test script:
---------------
<?php
	try {
		$conn = new PDO("odbc:<yourdatabaseDSN>");
	}
	catch (PDOException $e) {
		print "Error!: " . $e->getMessage() . "\n";
		die();
	}

	/* Adjust the SQL statement below to your test environment. */
	$stmt = $conn->prepare("CALL LIBRARY.GETDB(? , ?)");

	$intvalue = 10;
	$strvalue = "abc";
	$stmt->bindParam(1, $intvalue, PDO::PARAM_INT|PDO::PARAM_INPUT_OUTPUT, 4);
	$stmt->bindParam(2, $strvalue, PDO::PARAM_STR|PDO::PARAM_INPUT_OUTPUT, 100);
	print "before execute\n";
	$res = $stmt->execute();
	print "after execute\n";

	var_dump($intvalue);
	var_dump($strvalue);
?>

Expected result:
----------------
Proper execution and normal program exit

Actual result:
--------------
zend_mm_heap corrupted

Patches

pdorealloc (last revision 2014-08-27 18:18 UTC) by pm at datasphere dot ch)

Add a Patch

Pull Requests

Add a Pull Request

 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sat Feb 25 00:01:41 2017 UTC