Professional Web Applications Themes

#40639 [NEW]: DBLIB driver segfaults on repeated prepared select statements - PHP Bugs

From: [email]spheroidphp.net[/email] Operating system: Mac OS X 10.4.8 PHP version: 5CVS-2007-02-26 (CVS) PHP Bug Type: PDO related Bug description: DBLIB driver segfaults on repeated prepared select statements Description: ------------ The DBLIB PDO driver seems to crash when first execution of repeated prepared statement wont actually return any rows. If the first execution does return rows, it works fine. Reproduce code: --------------- $pdo = new PDO('dblib:host=hostname;dbname=dbname', 'user', 'pass'); $query = "SELECT 'foo' WHERE '1' = :value"; $stmt = $pdo->prepare($query); $values = array('0', '1'); foreach ($values as $value) { $stmt->bindValue(':value', $value); $stmt->execute(); while ($stmt->fetch() !== false); $stmt->closeCursor(); } Expected result: ---------------- Nothing. ...

  1. #1

    Default #40639 [NEW]: DBLIB driver segfaults on repeated prepared select statements

    From: [email]spheroidphp.net[/email]
    Operating system: Mac OS X 10.4.8
    PHP version: 5CVS-2007-02-26 (CVS)
    PHP Bug Type: PDO related
    Bug description: DBLIB driver segfaults on repeated prepared select statements

    Description:
    ------------
    The DBLIB PDO driver seems to crash when first execution of
    repeated prepared statement wont actually return any rows. If
    the first execution does return rows, it works fine.

    Reproduce code:
    ---------------
    $pdo = new PDO('dblib:host=hostname;dbname=dbname', 'user', 'pass');
    $query = "SELECT 'foo' WHERE '1' = :value";
    $stmt = $pdo->prepare($query);

    $values = array('0', '1');

    foreach ($values as $value) {
    $stmt->bindValue(':value', $value);
    $stmt->execute();
    while ($stmt->fetch() !== false);
    $stmt->closeCursor();
    }

    Expected result:
    ----------------
    Nothing.

    Actual result:
    --------------
    (gdb) run dblib2.php
    Starting program: /usr/local/bin/php dblib2.php
    Reading symbols for shared libraries .+++..+++++..++++.. done

    Program received signal EXC_BAD_ACCESS, Could not access
    memory.
    Reason: KERN_PROTECTION_FAILURE at address: 0x00000000
    0x000faf43 in do_fetch (stmt=0x172a624, do_bind=0,
    return_value=0x172a944, how=PDO_FETCH_USE_DEFAULT,
    ori=PDO_FETCH_ORI_NEXT, offset=0, return_all=0x0) at /usr/
    local/src/PHP_5_2/ext/pdo/pdo_stmt.c:1026
    1026 add_assoc_zval
    (return_value, stmt->columns[i].name, val);


    --
    Edit bug report at [url]http://bugs.php.net/?id=40639&edit=1[/url]
    --
    Try a CVS snapshot (PHP 4.4): [url]http://bugs.php.net/fix.php?id=40639&r=trysnapshot44[/url]
    Try a CVS snapshot (PHP 5.2): [url]http://bugs.php.net/fix.php?id=40639&r=trysnapshot52[/url]
    Try a CVS snapshot (PHP 6.0): [url]http://bugs.php.net/fix.php?id=40639&r=trysnapshot60[/url]
    Fixed in CVS: [url]http://bugs.php.net/fix.php?id=40639&r=fixedcvs[/url]
    Fixed in release: [url]http://bugs.php.net/fix.php?id=40639&r=alreadyfixed[/url]
    Need backtrace: [url]http://bugs.php.net/fix.php?id=40639&r=needtrace[/url]
    Need Reproduce Script: [url]http://bugs.php.net/fix.php?id=40639&r=needscript[/url]
    Try newer version: [url]http://bugs.php.net/fix.php?id=40639&r=oldversion[/url]
    Not developer issue: [url]http://bugs.php.net/fix.php?id=40639&r=support[/url]
    Expected behavior: [url]http://bugs.php.net/fix.php?id=40639&r=notwrong[/url]
    Not enough info: [url]http://bugs.php.net/fix.php?id=40639&r=notenoughinfo[/url]
    Submitted twice: [url]http://bugs.php.net/fix.php?id=40639&r=submittedtwice[/url]
    register_globals: [url]http://bugs.php.net/fix.php?id=40639&r=globals[/url]
    PHP 3 support discontinued: [url]http://bugs.php.net/fix.php?id=40639&r=php3[/url]
    Daylight Savings: [url]http://bugs.php.net/fix.php?id=40639&r=dst[/url]
    IIS Stability: [url]http://bugs.php.net/fix.php?id=40639&r=isapi[/url]
    Install GNU Sed: [url]http://bugs.php.net/fix.php?id=40639&r=gnused[/url]
    Floating point limitations: [url]http://bugs.php.net/fix.php?id=40639&r=float[/url]
    No Zend Extensions: [url]http://bugs.php.net/fix.php?id=40639&r=nozend[/url]
    MySQL Configuration Error: [url]http://bugs.php.net/fix.php?id=40639&r=mysqlcfg[/url]
    spheroid@php.net Guest

  2. #2

    Default #40639 [Opn->Fbk]: DBLIB driver segfaults on repeated prepared select statements

    ID: 40639
    Updated by: [email]tony2001php.net[/email]
    Reported By: [email]spheroidphp.net[/email]
    -Status: Open
    +Status: Feedback
    Bug Type: PDO related
    Operating System: Mac OS X 10.4.8
    PHP Version: 5CVS-2007-02-26 (CVS)
    New Comment:

    Type in gdb after the segfault:
    p stmt
    p *stmt
    p i
    p stmt->columns[i]

    and post the results here.


    Previous Comments:
    ------------------------------------------------------------------------

    [2007-02-26 12:52:12] [email]spheroidphp.net[/email]

    Description:
    ------------
    The DBLIB PDO driver seems to crash when first execution of
    repeated prepared statement wont actually return any rows. If
    the first execution does return rows, it works fine.

    Reproduce code:
    ---------------
    $pdo = new PDO('dblib:host=hostname;dbname=dbname', 'user', 'pass');
    $query = "SELECT 'foo' WHERE '1' = :value";
    $stmt = $pdo->prepare($query);

    $values = array('0', '1');

    foreach ($values as $value) {
    $stmt->bindValue(':value', $value);
    $stmt->execute();
    while ($stmt->fetch() !== false);
    $stmt->closeCursor();
    }

    Expected result:
    ----------------
    Nothing.

    Actual result:
    --------------
    (gdb) run dblib2.php
    Starting program: /usr/local/bin/php dblib2.php
    Reading symbols for shared libraries .+++..+++++..++++.. done

    Program received signal EXC_BAD_ACCESS, Could not access
    memory.
    Reason: KERN_PROTECTION_FAILURE at address: 0x00000000
    0x000faf43 in do_fetch (stmt=0x172a624, do_bind=0,
    return_value=0x172a944, how=PDO_FETCH_USE_DEFAULT,
    ori=PDO_FETCH_ORI_NEXT, offset=0, return_all=0x0) at /usr/
    local/src/PHP_5_2/ext/pdo/pdo_stmt.c:1026
    1026 add_assoc_zval
    (return_value, stmt->columns[i].name, val);



    ------------------------------------------------------------------------


    --
    Edit this bug report at [url]http://bugs.php.net/?id=40639&edit=1[/url]
    tony2001@php.net Guest

  3. #3

    Default #40639 [Fbk->Opn]: DBLIB driver segfaults on repeated prepared select statements

    ID: 40639
    User updated by: [email]spheroidphp.net[/email]
    Reported By: [email]spheroidphp.net[/email]
    -Status: Feedback
    +Status: Open
    Bug Type: PDO related
    Operating System: Mac OS X 10.4.8
    PHP Version: 5CVS-2007-02-26 (CVS)
    New Comment:

    (gdb) p stmt
    $1 = (pdo_stmt_t *) 0x172a624
    (gdb) p *stmt
    $2 = {
    ce = 0x24a0180,
    properties = 0x172a6e8,
    in_get = 0,
    in_set = 0,
    methods = 0x557bc0,
    driver_data = 0x172a768,
    executed = 1,
    supports_placeholders = 0,
    _reserved = 0,
    column_count = 1,
    columns = 0x172a95c,
    database_object_handle = {
    value = {
    lval = 1,
    dval = 5.5997329951816251e-307,
    str = {
    val = 0x1 <Address 0x1 out of bounds>,
    len = 5843616
    },
    ht = 0x1,
    obj = {
    handle = 1,
    handlers = 0x592aa0
    }
    },
    refcount = 2,
    type = 5 '\005',
    is_ref = 0 '\0'
    },
    dbh = 0x172a3a0,
    bound_params = 0x172ad34,
    bound_param_map = 0x0,
    bound_columns = 0x0,
    row_count = -1,
    query_string = 0x172a740 "SELECT 'foo' WHERE '1'
    = :value",
    query_stringlen = 31,
    active_query_string = 0x0,
    active_query_stringlen = 28,
    error_code = "00000",
    lazy_object_ref = {
    value = {
    lval = 0,
    dval = 0,
    str = {
    val = 0x0,
    len = 0
    },
    ht = 0x0,
    obj = {
    handle = 0,
    handlers = 0x0
    }
    },
    refcount = 0,
    type = 0 '\0',
    is_ref = 0 '\0'
    },
    refcount = 1,
    default_fetch_type = PDO_FETCH_BOTH,
    fetch = {
    column = 0,
    cls = {
    ce = 0x0,
    ctor_args = 0x0,
    retval_ptr = 0x0,
    fci = {
    size = 0,
    function_table = 0x0,
    function_name = 0x0,
    symbol_table = 0x0,
    retval_ptr_ptr = 0x0,
    param_count = 0,
    params = 0x0,
    object_pp = 0x0,
    no_separation = 0 '\0'
    },
    fcc = {
    initialized = 0 '\0',
    function_handler = 0x0,
    calling_scope = 0x0,
    object_pp = 0x0
    }
    },
    func = {
    function = 0x0,
    fetch_args = 0x0,
    object = 0x0,
    fci = {
    size = 0,
    function_table = 0x0,
    function_name = 0x0,
    symbol_table = 0x0,
    retval_ptr_ptr = 0x0,
    param_count = 0,
    params = 0x0,
    object_pp = 0x0,
    no_separation = 0 '\0'
    },
    fcc = {
    initialized = 0 '\0',
    function_handler = 0x0,
    calling_scope = 0x0,
    object_pp = 0x0
    },
    values = 0x0
    },
    into = 0x0
    },
    named_rewrite_template = 0x0
    }
    (gdb) p i
    $3 = 0
    (gdb) p stmt->columns[i]
    $4 = {
    name = 0x0,
    namelen = 6648949,
    maxlen = 25,
    param_type = 17,
    precision = 47,
    dbdo_data = 0x172adf4
    }


    Previous Comments:
    ------------------------------------------------------------------------

    [2007-02-26 13:00:19] [email]tony2001php.net[/email]

    Type in gdb after the segfault:
    p stmt
    p *stmt
    p i
    p stmt->columns[i]

    and post the results here.

    ------------------------------------------------------------------------

    [2007-02-26 12:52:12] [email]spheroidphp.net[/email]

    Description:
    ------------
    The DBLIB PDO driver seems to crash when first execution of
    repeated prepared statement wont actually return any rows. If
    the first execution does return rows, it works fine.

    Reproduce code:
    ---------------
    $pdo = new PDO('dblib:host=hostname;dbname=dbname', 'user', 'pass');
    $query = "SELECT 'foo' WHERE '1' = :value";
    $stmt = $pdo->prepare($query);

    $values = array('0', '1');

    foreach ($values as $value) {
    $stmt->bindValue(':value', $value);
    $stmt->execute();
    while ($stmt->fetch() !== false);
    $stmt->closeCursor();
    }

    Expected result:
    ----------------
    Nothing.

    Actual result:
    --------------
    (gdb) run dblib2.php
    Starting program: /usr/local/bin/php dblib2.php
    Reading symbols for shared libraries .+++..+++++..++++.. done

    Program received signal EXC_BAD_ACCESS, Could not access
    memory.
    Reason: KERN_PROTECTION_FAILURE at address: 0x00000000
    0x000faf43 in do_fetch (stmt=0x172a624, do_bind=0,
    return_value=0x172a944, how=PDO_FETCH_USE_DEFAULT,
    ori=PDO_FETCH_ORI_NEXT, offset=0, return_all=0x0) at /usr/
    local/src/PHP_5_2/ext/pdo/pdo_stmt.c:1026
    1026 add_assoc_zval
    (return_value, stmt->columns[i].name, val);



    ------------------------------------------------------------------------


    --
    Edit this bug report at [url]http://bugs.php.net/?id=40639&edit=1[/url]
    spheroid@php.net Guest

  4. #4

    Default #40639 [Opn]: DBLIB driver segfaults on repeated prepared select statements

    ID: 40639
    User updated by: [email]spheroidphp.net[/email]
    Reported By: [email]spheroidphp.net[/email]
    Status: Open
    Bug Type: PDO related
    Operating System: Mac OS X 10.4.8
    PHP Version: 5CVS-2007-02-26 (CVS)
    New Comment:

    Also, check out this one, I'm not sure whether this is the
    expected behaviour, but the colno seems to change value:

    Breakpoint 1, fetch_value (stmt=0x172a624, dest=0x172a984,
    colno=0, type_override=0x0) at /usr/local/src/PHP_5_2/ext/
    pdo/pdo_stmt.c:500
    500 char *value = NULL;
    (gdb) step
    501 unsigned long value_len = 0;
    (gdb) step
    502 int caller_frees = 0;
    (gdb) step
    506 type = PDO_PARAM_TYPE(col->param_type);
    (gdb) step
    507 new_type = type_override ? PDO_PARAM_TYPE
    (*type_override) : type;
    (gdb) step
    509 value = NULL;
    (gdb) step
    510 value_len = 0;
    (gdb) step
    512 stmt->methods->get_col(stmt, colno, &value,
    &value_len, &caller_frees TSRMLS_CC);
    (gdb) print colno
    $5 = 0
    (gdb) step
    pdo_dblib_stmt_get_col (stmt=0x172a624, colno=0,
    ptr=0xbffff05c, len=0xbffff058, caller_frees=0xbffff054) at
    /usr/local/src/PHP_5_2/ext/pdo_dblib/dblib_stmt.c:255
    255 pdo_dblib_stmt *S = (pdo_dblib_stmt*)stmt-
    >driver_data;
    (gdb) finish
    Run till exit from #0 pdo_dblib_stmt_get_col
    (stmt=0x172a624, colno=0, ptr=0xbffff05c, len=0xbffff058,
    caller_frees=0xbffff054) at /usr/local/src/PHP_5_2/ext/
    pdo_dblib/dblib_stmt.c:255
    fetch_value (stmt=0x172a624, dest=0x172a984, colno=24291756,
    type_override=0x0) at /usr/local/src/PHP_5_2/ext/pdo/
    pdo_stmt.c:514
    514 switch (type) {
    Value returned is $6 = 1
    (gdb) print colno
    $7 = 24291756


    Previous Comments:
    ------------------------------------------------------------------------

    [2007-02-26 13:51:09] [email]spheroidphp.net[/email]

    (gdb) p stmt
    $1 = (pdo_stmt_t *) 0x172a624
    (gdb) p *stmt
    $2 = {
    ce = 0x24a0180,
    properties = 0x172a6e8,
    in_get = 0,
    in_set = 0,
    methods = 0x557bc0,
    driver_data = 0x172a768,
    executed = 1,
    supports_placeholders = 0,
    _reserved = 0,
    column_count = 1,
    columns = 0x172a95c,
    database_object_handle = {
    value = {
    lval = 1,
    dval = 5.5997329951816251e-307,
    str = {
    val = 0x1 <Address 0x1 out of bounds>,
    len = 5843616
    },
    ht = 0x1,
    obj = {
    handle = 1,
    handlers = 0x592aa0
    }
    },
    refcount = 2,
    type = 5 '\005',
    is_ref = 0 '\0'
    },
    dbh = 0x172a3a0,
    bound_params = 0x172ad34,
    bound_param_map = 0x0,
    bound_columns = 0x0,
    row_count = -1,
    query_string = 0x172a740 "SELECT 'foo' WHERE '1'
    = :value",
    query_stringlen = 31,
    active_query_string = 0x0,
    active_query_stringlen = 28,
    error_code = "00000",
    lazy_object_ref = {
    value = {
    lval = 0,
    dval = 0,
    str = {
    val = 0x0,
    len = 0
    },
    ht = 0x0,
    obj = {
    handle = 0,
    handlers = 0x0
    }
    },
    refcount = 0,
    type = 0 '\0',
    is_ref = 0 '\0'
    },
    refcount = 1,
    default_fetch_type = PDO_FETCH_BOTH,
    fetch = {
    column = 0,
    cls = {
    ce = 0x0,
    ctor_args = 0x0,
    retval_ptr = 0x0,
    fci = {
    size = 0,
    function_table = 0x0,
    function_name = 0x0,
    symbol_table = 0x0,
    retval_ptr_ptr = 0x0,
    param_count = 0,
    params = 0x0,
    object_pp = 0x0,
    no_separation = 0 '\0'
    },
    fcc = {
    initialized = 0 '\0',
    function_handler = 0x0,
    calling_scope = 0x0,
    object_pp = 0x0
    }
    },
    func = {
    function = 0x0,
    fetch_args = 0x0,
    object = 0x0,
    fci = {
    size = 0,
    function_table = 0x0,
    function_name = 0x0,
    symbol_table = 0x0,
    retval_ptr_ptr = 0x0,
    param_count = 0,
    params = 0x0,
    object_pp = 0x0,
    no_separation = 0 '\0'
    },
    fcc = {
    initialized = 0 '\0',
    function_handler = 0x0,
    calling_scope = 0x0,
    object_pp = 0x0
    },
    values = 0x0
    },
    into = 0x0
    },
    named_rewrite_template = 0x0
    }
    (gdb) p i
    $3 = 0
    (gdb) p stmt->columns[i]
    $4 = {
    name = 0x0,
    namelen = 6648949,
    maxlen = 25,
    param_type = 17,
    precision = 47,
    dbdo_data = 0x172adf4
    }

    ------------------------------------------------------------------------

    [2007-02-26 13:00:19] [email]tony2001php.net[/email]

    Type in gdb after the segfault:
    p stmt
    p *stmt
    p i
    p stmt->columns[i]

    and post the results here.

    ------------------------------------------------------------------------

    [2007-02-26 12:52:12] [email]spheroidphp.net[/email]

    Description:
    ------------
    The DBLIB PDO driver seems to crash when first execution of
    repeated prepared statement wont actually return any rows. If
    the first execution does return rows, it works fine.

    Reproduce code:
    ---------------
    $pdo = new PDO('dblib:host=hostname;dbname=dbname', 'user', 'pass');
    $query = "SELECT 'foo' WHERE '1' = :value";
    $stmt = $pdo->prepare($query);

    $values = array('0', '1');

    foreach ($values as $value) {
    $stmt->bindValue(':value', $value);
    $stmt->execute();
    while ($stmt->fetch() !== false);
    $stmt->closeCursor();
    }

    Expected result:
    ----------------
    Nothing.

    Actual result:
    --------------
    (gdb) run dblib2.php
    Starting program: /usr/local/bin/php dblib2.php
    Reading symbols for shared libraries .+++..+++++..++++.. done

    Program received signal EXC_BAD_ACCESS, Could not access
    memory.
    Reason: KERN_PROTECTION_FAILURE at address: 0x00000000
    0x000faf43 in do_fetch (stmt=0x172a624, do_bind=0,
    return_value=0x172a944, how=PDO_FETCH_USE_DEFAULT,
    ori=PDO_FETCH_ORI_NEXT, offset=0, return_all=0x0) at /usr/
    local/src/PHP_5_2/ext/pdo/pdo_stmt.c:1026
    1026 add_assoc_zval
    (return_value, stmt->columns[i].name, val);



    ------------------------------------------------------------------------


    --
    Edit this bug report at [url]http://bugs.php.net/?id=40639&edit=1[/url]
    spheroid@php.net Guest

  5. #5

    Default #40639 [Opn->Asn]: DBLIB driver segfaults on repeated prepared select statements

    ID: 40639
    Updated by: [email]tony2001php.net[/email]
    Reported By: [email]spheroidphp.net[/email]
    -Status: Open
    +Status: Assigned
    Bug Type: PDO related
    Operating System: Mac OS X 10.4.8
    PHP Version: 5CVS-2007-02-26 (CVS)
    -Assigned To:
    +Assigned To: fmk
    New Comment:

    Frank, could you take a look at it?


    Previous Comments:
    ------------------------------------------------------------------------

    [2007-02-26 14:01:01] [email]spheroidphp.net[/email]

    Also, check out this one, I'm not sure whether this is the
    expected behaviour, but the colno seems to change value:

    Breakpoint 1, fetch_value (stmt=0x172a624, dest=0x172a984,
    colno=0, type_override=0x0) at /usr/local/src/PHP_5_2/ext/
    pdo/pdo_stmt.c:500
    500 char *value = NULL;
    (gdb) step
    501 unsigned long value_len = 0;
    (gdb) step
    502 int caller_frees = 0;
    (gdb) step
    506 type = PDO_PARAM_TYPE(col->param_type);
    (gdb) step
    507 new_type = type_override ? PDO_PARAM_TYPE
    (*type_override) : type;
    (gdb) step
    509 value = NULL;
    (gdb) step
    510 value_len = 0;
    (gdb) step
    512 stmt->methods->get_col(stmt, colno, &value,
    &value_len, &caller_frees TSRMLS_CC);
    (gdb) print colno
    $5 = 0
    (gdb) step
    pdo_dblib_stmt_get_col (stmt=0x172a624, colno=0,
    ptr=0xbffff05c, len=0xbffff058, caller_frees=0xbffff054) at
    /usr/local/src/PHP_5_2/ext/pdo_dblib/dblib_stmt.c:255
    255 pdo_dblib_stmt *S = (pdo_dblib_stmt*)stmt-
    >driver_data;
    (gdb) finish
    Run till exit from #0 pdo_dblib_stmt_get_col
    (stmt=0x172a624, colno=0, ptr=0xbffff05c, len=0xbffff058,
    caller_frees=0xbffff054) at /usr/local/src/PHP_5_2/ext/
    pdo_dblib/dblib_stmt.c:255
    fetch_value (stmt=0x172a624, dest=0x172a984, colno=24291756,
    type_override=0x0) at /usr/local/src/PHP_5_2/ext/pdo/
    pdo_stmt.c:514
    514 switch (type) {
    Value returned is $6 = 1
    (gdb) print colno
    $7 = 24291756

    ------------------------------------------------------------------------

    [2007-02-26 13:51:09] [email]spheroidphp.net[/email]

    (gdb) p stmt
    $1 = (pdo_stmt_t *) 0x172a624
    (gdb) p *stmt
    $2 = {
    ce = 0x24a0180,
    properties = 0x172a6e8,
    in_get = 0,
    in_set = 0,
    methods = 0x557bc0,
    driver_data = 0x172a768,
    executed = 1,
    supports_placeholders = 0,
    _reserved = 0,
    column_count = 1,
    columns = 0x172a95c,
    database_object_handle = {
    value = {
    lval = 1,
    dval = 5.5997329951816251e-307,
    str = {
    val = 0x1 <Address 0x1 out of bounds>,
    len = 5843616
    },
    ht = 0x1,
    obj = {
    handle = 1,
    handlers = 0x592aa0
    }
    },
    refcount = 2,
    type = 5 '\005',
    is_ref = 0 '\0'
    },
    dbh = 0x172a3a0,
    bound_params = 0x172ad34,
    bound_param_map = 0x0,
    bound_columns = 0x0,
    row_count = -1,
    query_string = 0x172a740 "SELECT 'foo' WHERE '1'
    = :value",
    query_stringlen = 31,
    active_query_string = 0x0,
    active_query_stringlen = 28,
    error_code = "00000",
    lazy_object_ref = {
    value = {
    lval = 0,
    dval = 0,
    str = {
    val = 0x0,
    len = 0
    },
    ht = 0x0,
    obj = {
    handle = 0,
    handlers = 0x0
    }
    },
    refcount = 0,
    type = 0 '\0',
    is_ref = 0 '\0'
    },
    refcount = 1,
    default_fetch_type = PDO_FETCH_BOTH,
    fetch = {
    column = 0,
    cls = {
    ce = 0x0,
    ctor_args = 0x0,
    retval_ptr = 0x0,
    fci = {
    size = 0,
    function_table = 0x0,
    function_name = 0x0,
    symbol_table = 0x0,
    retval_ptr_ptr = 0x0,
    param_count = 0,
    params = 0x0,
    object_pp = 0x0,
    no_separation = 0 '\0'
    },
    fcc = {
    initialized = 0 '\0',
    function_handler = 0x0,
    calling_scope = 0x0,
    object_pp = 0x0
    }
    },
    func = {
    function = 0x0,
    fetch_args = 0x0,
    object = 0x0,
    fci = {
    size = 0,
    function_table = 0x0,
    function_name = 0x0,
    symbol_table = 0x0,
    retval_ptr_ptr = 0x0,
    param_count = 0,
    params = 0x0,
    object_pp = 0x0,
    no_separation = 0 '\0'
    },
    fcc = {
    initialized = 0 '\0',
    function_handler = 0x0,
    calling_scope = 0x0,
    object_pp = 0x0
    },
    values = 0x0
    },
    into = 0x0
    },
    named_rewrite_template = 0x0
    }
    (gdb) p i
    $3 = 0
    (gdb) p stmt->columns[i]
    $4 = {
    name = 0x0,
    namelen = 6648949,
    maxlen = 25,
    param_type = 17,
    precision = 47,
    dbdo_data = 0x172adf4
    }

    ------------------------------------------------------------------------

    [2007-02-26 13:00:19] [email]tony2001php.net[/email]

    Type in gdb after the segfault:
    p stmt
    p *stmt
    p i
    p stmt->columns[i]

    and post the results here.

    ------------------------------------------------------------------------

    [2007-02-26 12:52:12] [email]spheroidphp.net[/email]

    Description:
    ------------
    The DBLIB PDO driver seems to crash when first execution of
    repeated prepared statement wont actually return any rows. If
    the first execution does return rows, it works fine.

    Reproduce code:
    ---------------
    $pdo = new PDO('dblib:host=hostname;dbname=dbname', 'user', 'pass');
    $query = "SELECT 'foo' WHERE '1' = :value";
    $stmt = $pdo->prepare($query);

    $values = array('0', '1');

    foreach ($values as $value) {
    $stmt->bindValue(':value', $value);
    $stmt->execute();
    while ($stmt->fetch() !== false);
    $stmt->closeCursor();
    }

    Expected result:
    ----------------
    Nothing.

    Actual result:
    --------------
    (gdb) run dblib2.php
    Starting program: /usr/local/bin/php dblib2.php
    Reading symbols for shared libraries .+++..+++++..++++.. done

    Program received signal EXC_BAD_ACCESS, Could not access
    memory.
    Reason: KERN_PROTECTION_FAILURE at address: 0x00000000
    0x000faf43 in do_fetch (stmt=0x172a624, do_bind=0,
    return_value=0x172a944, how=PDO_FETCH_USE_DEFAULT,
    ori=PDO_FETCH_ORI_NEXT, offset=0, return_all=0x0) at /usr/
    local/src/PHP_5_2/ext/pdo/pdo_stmt.c:1026
    1026 add_assoc_zval
    (return_value, stmt->columns[i].name, val);



    ------------------------------------------------------------------------


    --
    Edit this bug report at [url]http://bugs.php.net/?id=40639&edit=1[/url]
    tony2001@php.net Guest

Similar Threads

  1. Prepared Statements within stored procedures
    By martinacevedo@gmail.com in forum MySQL
    Replies: 3
    Last Post: October 19th, 01:33 PM
  2. #40121 [Asn]: DBLIB driver wont free statements
    By spheroid@php.net in forum PHP Bugs
    Replies: 0
    Last Post: January 15th, 12:11 PM
  3. #38955 [NEW]: PDO DBLIB driver does not support transactions
    By remery at seminolesheriff dot org in forum PHP Bugs
    Replies: 1
    Last Post: September 26th, 08:46 AM
  4. Prepared statements in ASP
    By No one in forum ASP Components
    Replies: 8
    Last Post: June 6th, 11:48 AM
  5. Replies: 0
    Last Post: August 10th, 04:41 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139