|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77849 Unexpected segfault attempting to use cloned PDO object
Submitted: 2019-04-05 01:19 UTC Modified: 2019-04-05 21:59 UTC
Avg. Score:3.8 ± 1.5
Reproduced:3 of 4 (75.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: jordan dot ledoux at gmail dot com Assigned:
Status: Closed Package: PDO Core
PHP Version: 7.X OS: Ubuntu (AWS AMI)
Private report: No CVE-ID: None
 [2019-04-05 01:19 UTC] jordan dot ledoux at gmail dot com
I encountered a segfault after attempting to use the query() method on the PDO class after it had been unexpectedly cloned. This was actually done on 7.2.16, but I don't have the ability to test it on other version at the moment.

Test script:

$dsn = 'mysql:dbname=testdb;host=';
$user = 'testuser';
$pass = 'testpass';

$db1 = new PDO($dsn, $user, $pass);

$result1 = $db1->query("SELECT COUNT(*) FROM `testtable`"); // Will return PDOStatement object

$db2 = clone $db1;

$result2 = $db2->query("SELECT COUNT(*) FROM `testtable`"); // Will segfault

Expected result:
Since there is no case I can think of where cloning a PDO object is necessary, I think that maybe throwing an exception of clone is used on a PDO object would be an acceptable solution, however as I'm not an active participant in internals I defer to the judgement of those implementing.

This patch can be accomplished in user space as well (though obviously not the perfect solution) by extending the PDO object and implementing a __clone() method that always throws an exception.

Actual result:
Segmentation Fault


Add a Patch

Pull Requests

Pull requests:

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2019-04-05 06:54 UTC] jordan dot ledoux at gmail dot com
This bug has been reproduced in all versions of 7.X:
 [2019-04-05 18:16 UTC] jordan dot ledoux at gmail dot com
-Package: PDO MySQL +Package: PDO Core -PHP Version: 7.2.17 +PHP Version: 7.X
 [2019-04-05 18:16 UTC] jordan dot ledoux at gmail dot com
Updated version and package information to reflect reproduced conditions:

7.2.17 -> 7.X

 [2019-04-05 18:52 UTC]
The following pull request has been associated:

Patch Name: [PDO] Disable cloning of PDO handle/connection objects to avoid segfault
On GitHub:
 [2019-04-05 19:53 UTC] camporter1 at gmail dot com
Explicitly set clone_obj on PDO dbh objects to NULL to prevent cloning in the attached pull request. However, I'm not sure if there are existing use cases where cloning PDO objects does not segfault?
 [2019-04-05 21:59 UTC]
Since there is no internal API to clone or refcount the dbh a clone can not work without driver API change (and even then it is questionable since we can't really clone the network state)

Patch seems fine, except that the test mises a cleanup
 [2019-04-05 22:57 UTC]
Automatic comment on behalf of
Log: Fix bug #77849 Disable cloning of PDO handle/connection objects to avoid segfault
 [2019-04-05 22:57 UTC]
-Status: Open +Status: Closed
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Thu Dec 07 11:01:27 2023 UTC