Edit report at http://bugs.php.net/bug.php?id=52546&edit=1
ID: 52546
Comment by: rgagnon24 at gmail dot com
Reported by: rgagnon24 at gmail dot com
Summary: pdo_dblib segmentation fault when iterating MONEY
values
Status: Closed
Type: Bug
Package: PDO related
Operating System: CentOS 5.5
PHP Version: 5.2.14
Assigned To: felipe
Block user comment: N
New Comment:
As an FYI. I've been able to confirm the r302196 commit does resolve
the issue in 5.3.
I know 5.2 is closed for fixes, but to leave a note for anyone that
wishes to manually patch their copy, this does fix it for the released
5.2.14 as well.
The only change I would suggest is maybe using sizeof(DBFLT8) in place
of the hard-coded "8" integer in the call to dbconvert()
Previous Comments:
------------------------------------------------------------------------
[2010-08-14 00:16:37] [email protected]
Just to inform, the fix for this bug was committed just for 5.3 branch.
The trunk branch has a bit different code, due some others bugs fixes
trunk-only. And 5.2 branch is just accepting security bug fixes.
------------------------------------------------------------------------
[2010-08-14 00:14:05] [email protected]
This bug has been fixed in SVN.
Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
Thank you for the report, and for helping us make PHP better.
rgagnon24 and preben: the spprintf() function already allocates the
memory, this is not the problem... The problem is that the function
expect char** and I was passing char*. It must be fixed now.
Thanks for the testing.
------------------------------------------------------------------------
[2010-08-14 00:12:39] [email protected]
Automatic comment from SVN on behalf of felipe
Revision: http://svn.php.net/viewvc/?view=revision&revision=302196
Log: - Fixed the fix for bug #52546
------------------------------------------------------------------------
[2010-08-13 18:25:28] [email protected]
Reopening, given it's apparently still segfaulting. Felipe, can you cast
an eye over the new patch, please?
------------------------------------------------------------------------
[2010-08-10 15:29:45] preben at ghost dot dk
Here's a fix.
Test code
---------
<?php
$dbh = new PDO('dblib:dbname=DB;host=HOST', 'USER', 'PASS');
$sth = $dbh->query ('create table #tmp(col money)');
$sth = $dbh->query ('insert into #tmp(col) values(123.25)');
$sth = $dbh->query ('insert into #tmp(col) values(-123.25)');
$sth = $dbh->prepare('SELECT col FROM #tmp');
$sth->execute();
$r = $sth->fetchAll(2);
print_r($r);
---------
Output
---------
Array
(
[0] => Array
(
[col] => 123.2500
)
[1] => Array
(
[col] => -123.2500
)
)
---------
Diff
---------
--- php-5.3.3/ext/pdo_dblib/dblib_stmt.c 2010-03-08
13:39:44.000000000 +0100
+++ ../php-5.3.3/ext/pdo_dblib/dblib_stmt.c 2010-08-10
15:18:48.000000000 +0200
@@ -170,8 +170,10 @@
case SQLMONEY4:
case SQLMONEYN: {
DBFLT8 money_value;
+ val->len = (2 *
dbdatlen(H->link, i + 1)) + 32;
+ val->data =
emalloc(val->len);
dbconvert(NULL,
S->cols[i].coltype, dbdata(H->link, i+1), dbdatlen(H->link, i+1),
SQLFLT8, (LPBYTE)&money_value, val->len);
- val->len =
spprintf(val->data, 0, "%.4f", money_value);
+ val->len =
sprintf(val->data, "%.4f", money_value);
}
break;
default:
---------
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/bug.php?id=52546
--
Edit this bug report at http://bugs.php.net/bug.php?id=52546&edit=1
