Edit report at http://bugs.php.net/bug.php?id=53551&edit=1
ID: 53551 Updated by: [email protected] Reported by: eddawley at gmail dot com Summary: PDOStatement execute segfaults for pdo_mysql driver Status: Assigned Type: Bug Package: PDO related Operating System: Centos 5 PHP Version: 5.3.4 Assigned To: mysql Block user comment: N Private report: N New Comment: I cannot reproduce with php-trunk using pdo_mysql linked to mysqlnd on Windows: C:\php>php test.php 1 array(3) { [0]=> string(5) "00000" [1]=> NULL [2]=> NULL } 2 array(3) { [0]=> string(5) "00000" [1]=> NULL [2]=> NULL } done C:\php>php -v PHP 5.3.99-dev (cli) (built: Dec 11 2010 12:14:13) Copyright (c) 1997-2010 The PHP Group Zend Engine v2.4.0, Copyright (c) 1998-2010 Zend Technologies Previous Comments: ------------------------------------------------------------------------ [2010-12-15 22:31:18] eddawley at gmail dot com Description: ------------ A segfault will occur when a PDOStatement is reused after failing due to a NOT NULL integrity constraint. This occurred when using the pdo_mysql driver as opposed to the mysqlnd driver. Also to avoid confusion, I was only able to test this on PHP 5.3.2. I could find nothing in the changelogs that would imply this bug has been fixed. I unfortunately did not have the time to free up hardware or vms for an upgrade. Test script: --------------- $dbh = new PDO('mysql:host=127.0.0.1;dbname=foo', 'user', 'pass'); $dbh->setAttribute(PDO::ATTR_EMULATE_PREPARES, 0); $createSql = "CREATE TABLE `foo` ( `count` bigint(20) unsigned NOT NULL DEFAULT '0' )"; $dbh->exec('drop table if exists foo'); $dbh->exec($createSql); $dbh->exec("insert into foo set `count` = 1 "); $sql = 'UPDATE foo SET `count` = :count'; $stmt = $dbh->prepare($sql); $values = array ( 'count' => NULL, ); echo "1\n"; $stmt->execute($values); var_dump($stmt->errorInfo()); echo "2\n"; $stmt->execute($values); var_dump($stmt->errorInfo()); echo "\ndone\n"; Expected result: ---------------- [...@foo ~]$ php ed.php 1 array(3) { [0]=> string(5) "23000" [1]=> int(1048) [2]=> string(29) "Column 'count' cannot be null" } 2 array(3) { [0]=> string(5) "23000" [1]=> int(1048) [2]=> string(29) "Column 'count' cannot be null" } done Actual result: -------------- [...@foo ~]$ php ed.php 1 array(3) { [0]=> string(5) "23000" [1]=> int(1048) [2]=> string(29) "Column 'count' cannot be null" } 2 Segmentation fault (core dumped) Core was generated by `php ed.php'. Program terminated with signal 11, Segmentation fault. [New process 16072] #0 0x00000000005aa8be in pdo_mysql_stmt_param_hook (stmt=0xe5c12e8, param=0xe5c1a78, event_type=<value optimized out>) at /tmp/php- 5.3.2/ext/pdo_mysql/mysql_statement.c:490 490 b->is_null = &S->in_null[param- >paramno]; (gdb) bt #0 0x00000000005aa8be in pdo_mysql_stmt_param_hook (stmt=0xe5c12e8, param=0xe5c1a78, event_type=<value optimized out>) at /tmp/php- 5.3.2/ext/pdo_mysql/mysql_statement.c:490 #1 0x00000000005a34d9 in really_register_bound_param (param=0x7ffff7cb9990, stmt=0xe5c12e8, is_param=1) at /tmp/php-5.3.2/ext/pdo/pdo_stmt.c:408 #2 0x00000000005a4940 in zim_PDOStatement_execute (ht=<value optimized out>, return_value=0xe5c18d0, return_value_ptr=<value optimized out>, this_ptr=<value optimized out>, return_value_used=<value optimized out>) at /tmp/php- 5.3.2/ext/pdo/pdo_stmt.c:474 #3 0x0000000000789059 in zend_do_fcall_common_helper_SPEC (execute_data=0x2ae09210b050) at /tmp/php-5.3.2/Zend/zend_vm_execute.h:313 #4 0x000000000075f98e in execute (op_array=0xe5be920) at /tmp/php- 5.3.2/Zend/zend_vm_execute.h:104 #5 0x000000000073c439 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /tmp/php-5.3.2/Zend/zend.c:1194 #6 0x00000000006ea968 in php_execute_script (primary_file=0x7ffff7cbc190) at /tmp/php-5.3.2/main/main.c:2260 #7 0x00000000007c617e in main (argc=2, argv=0x7ffff7cbc408) at /tmp/php- 5.3.2/sapi/cli/php_cli.c:1192 (gdb) print *param $1 = {paramno = 0, name = 0xe5c0750 ":count", namelen = 6, max_value_len = 0, parameter = 0xe5c1900, param_type = PDO_PARAM_STR, driver_params = 0x0, driver_data = 0x0, stmt = 0xe5c12e8, is_param = 1} (gdb) print param $2 = (struct pdo_bound_param_data *) 0xe5c1a78 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=53551&edit=1
