Bug #61411 [Opn]: PDO Segfaults with PERSISTENT == TRUE && EMULATE_PREPARES == FALSE

[uw]

Edit report at https://bugs.php.net/bug.php?id=61411&edit=1

 ID:                 61411
 Updated by:         u...@php.net
 Reported by:        julien at palard dot fr
 Summary:            PDO Segfaults with PERSISTENT == TRUE &&
                     EMULATE_PREPARES == FALSE
 Status:             Open
 Type:               Bug
 Package:            PDO related
 Operating System:   Linux 2.6.32-5-amd64
 PHP Version:        5.4.0
 Block user comment: N
 Private report:     N

 New Comment:

Andrey,

do you think we should mnd_p*alloc(.., .., stmt->persistent) here?



http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/ext/mysqlnd/mysqlnd_ps.c?annotate=321634

1624                    if (!stmt->result_bind) {
1625    andrey  289028  stmt->result_bind = mnd_ecalloc(stmt->field_count, 
sizeof(MYSQLND_RESULT_BIND));
1626    andrey  258383  } else {
1627    andrey  289028  stmt->result_bind = mnd_erealloc(stmt->result_bind, 
stmt->field_count * sizeof(MYSQLND_RESULT_BIND));
1628    andrey  258383  }


Previous Comments:
------------------------------------------------------------------------
[2012-03-16 09:16:27] julien at palard dot fr

Description:
------------
PDO Segfaults or hangs when a statement is executed with both ATTR_PERSISTENT 
=> 
TRUE and ATTR_EMULATE_PREPARES => FALSE

The exact bug is actually :
*** glibc detected *** /usr/local/php-5.4.0/bin/php: free(): invalid pointer: 
0x00007ff976ee84c8 ***
But from my tests yesterday I have seen a segfault and a double free, that I 
can't reproduce today, only the invalid pointer.

Playing with PERSISTENT and EMULATE_PREPARE with the given test script give :

| ATTR_PERSISENT | ATTR_EMULATE_PREPARES |                  WORKS |
|          FALSE |                 FALSE |                    YES |
|          FALSE |                  TRUE |                    YES |
|           TRUE |                 FALSE | free() invalid pointer |
|           TRUE |                  TRUE |                    YES |

Configure command : 

./configure'  '--enable-fpm' '--prefix=/usr/local/php-5.4.0' 
'--enable-mbstring' 
'--enable-gd-native-ttf' '--enable-zip' '--with-mcrypt' '--with-openssl' '--
with-gd' '--with-jpeg-dir=/usr/lib' '--with-freetype-dir' '--with-curl' '--with-
pcre-regex' '--with-gettext' '--without-sqlite' '--without-sqlite3' '--with-pdo-
mysql=mysqlnd' '--disable-rpath' '--disable-debug' '--disable-fileinfo' '--
without-pdo-sqlite' '--disable-phar' '--disable-posix' '--disable-tokenizer' '--
disable-xmlreader' '--disable-xmlwriter' '--without-pear'

Same bug reproduced in php 5.3.8 and php 5.3.10

Test script:
---------------
<?php

$options = array(PDO::ATTR_PERSISTENT => TRUE,
                 PDO::ATTR_EMULATE_PREPARES => FALSE); 

$pdo = new PDO('mysql:host=sql;dbname=??;charset=utf8',
               '??', '??', $options);

$statement = $pdo->prepare("SELECT count(*) from a_table");
$statement->execute();
foreach ($statement as $line)
    var_dump($line);


Expected result:
----------------
I expect PHP not to segfault

Actual result:
--------------
*** glibc detected *** /usr/local/php-5.4.0/bin/php: free(): invalid pointer: 
0x00007ff976ee84c8 ***



------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=61411&edit=1