php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77849 Unexpected segfault attempting to use cloned PDO object
Submitted: 2019-04-05 01:19 UTC Modified: 2019-04-05 21:59 UTC
Votes:5
Avg. Score:3.8 ± 1.5
Reproduced:3 of 4 (75.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: jordan dot ledoux at gmail dot com Assigned:
Status: Closed Package: PDO Core
PHP Version: 7.X OS: Ubuntu (AWS AMI)
Private report: No CVE-ID: None
 [2019-04-05 01:19 UTC] jordan dot ledoux at gmail dot com
Description:
------------
I encountered a segfault after attempting to use the query() method on the PDO class after it had been unexpectedly cloned. This was actually done on 7.2.16, but I don't have the ability to test it on other version at the moment.

Test script:
---------------
<?php

$dsn = 'mysql:dbname=testdb;host=127.0.0.1';
$user = 'testuser';
$pass = 'testpass';

$db1 = new PDO($dsn, $user, $pass);

$result1 = $db1->query("SELECT COUNT(*) FROM `testtable`"); // Will return PDOStatement object

$db2 = clone $db1;

$result2 = $db2->query("SELECT COUNT(*) FROM `testtable`"); // Will segfault

Expected result:
----------------
Since there is no case I can think of where cloning a PDO object is necessary, I think that maybe throwing an exception of clone is used on a PDO object would be an acceptable solution, however as I'm not an active participant in internals I defer to the judgement of those implementing.

This patch can be accomplished in user space as well (though obviously not the perfect solution) by extending the PDO object and implementing a __clone() method that always throws an exception.

Actual result:
--------------
Segmentation Fault

Patches

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-04-05 06:54 UTC] jordan dot ledoux at gmail dot com
This bug has been reproduced in all versions of 7.X:

https://3v4l.org/MRCHQ
 [2019-04-05 18:16 UTC] jordan dot ledoux at gmail dot com
-Package: PDO MySQL +Package: PDO Core -PHP Version: 7.2.17 +PHP Version: 7.X
 [2019-04-05 18:16 UTC] jordan dot ledoux at gmail dot com
Updated version and package information to reflect reproduced conditions:

7.2.17 -> 7.X

PDO MySQL -> PDO Core
 [2019-04-05 18:52 UTC]
The following pull request has been associated:

Patch Name: [PDO] Disable cloning of PDO handle/connection objects to avoid segfault
On GitHub:  https://github.com/php/php-src/pull/4011
Patch:      https://github.com/php/php-src/pull/4011.patch
 [2019-04-05 19:53 UTC] camporter1 at gmail dot com
Explicitly set clone_obj on PDO dbh objects to NULL to prevent cloning in the attached pull request. However, I'm not sure if there are existing use cases where cloning PDO objects does not segfault?
 [2019-04-05 21:59 UTC] johannes@php.net
Since there is no internal API to clone or refcount the dbh a clone can not work without driver API change (and even then it is questionable since we can't really clone the network state)

Patch seems fine, except that the test mises a cleanup
 [2019-04-05 22:57 UTC] krakjoe@php.net
Automatic comment on behalf of porterca@us.ibm.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=9ec1525eb5840f8a38470df65f3a36b43eaf28f0
Log: Fix bug #77849 Disable cloning of PDO handle/connection objects to avoid segfault
 [2019-04-05 22:57 UTC] krakjoe@php.net
-Status: Open +Status: Closed
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Thu Sep 19 02:01:27 2019 UTC