#34818 [Opn->Asn]: new mysqli_stmt() crashes if first parameter is not a valid mysqli_link

tony2001 Mon, 10 Oct 2005 12:55:39 -0700

 ID:               34818
 Updated by:       [EMAIL PROTECTED]
 Reported By:      squasar at eternalviper dot net
-Status:           Open
+Status:           Assigned
 Bug Type:         MySQLi related
 Operating System: *
 PHP Version:      5.1.0RC1
-Assigned To:      
+Assigned To:      tony2001



Previous Comments:
------------------------------------------------------------------------

[2005-10-10 21:24:40] squasar at eternalviper dot net

Description:
------------
Calling __construct() on mysqli_stmt with an unset variable 
as the mysqli_link crashes PHP in mysqli_stmt_construct. 
Note that this is actually 5.1.0RC2 (CVS tag 
php_5_1_0RC2_PRE). This may affect other MySQLi functions
(?). A possible fix, minus a more informative error message 
is here, but my instinct says there may be more going on 
behind this than the check in MYSQLI_FETCH_RESOURCE() since 
passing a literal NULL or similar instead of an undefined 
variable gives an error message instead of crashing.

Index: ext/mysqli/php_mysqli.h
============================================================
=======
RCS file: /repository/php-src/ext/mysqli/php_mysqli.h,v
retrieving revision 1.54
diff -u -r1.54 php_mysqli.h
--- ext/mysqli/php_mysqli.h     3 Aug 2005 14:07:31 -0000       
1.54
+++ ext/mysqli/php_mysqli.h     10 Oct 2005 19:17:35 -0000
@@ -202,7 +202,12 @@
 #define MYSQLI_FETCH_RESOURCE(__ptr, __type, __id, __name) 
\
 { \
        MYSQLI_RESOURCE *my_res; \
-       mysqli_object *intern = (mysqli_object *)
zend_object_store_get_object(*(__id) TSRMLS_CC);\
+       mysqli_object *intern = NULL; \
+       if (Z_TYPE_PP(__id) != IS_OBJECT) {\
+               php_error(E_WARNING, "Object parameter 
invalid"); \
+               RETURN_NULL(); \
+       } \
+       intern = (mysqli_object *)
zend_object_store_get_object(*(__id) TSRMLS_CC);\
        if (!(my_res = (MYSQLI_RESOURCE *)intern->ptr)) {\
                php_error(E_WARNING, "Couldn't fetch %s", 
intern->zo.ce->name);\
                RETURN_NULL();\


Reproduce code:
---------------
<?php $s = new mysqli_stmt( $undefined, "SELECT 1 FROM DUAL" ); ?>


Expected result:
----------------
Warning: Object parameter invalid in - on line 1

Actual result:
--------------
Bus error

Thread 0 Crashed:
0   php         0x000c1bb8 zif_mysqli_stmt_construct + 252 
(mysqli.c:675)
1   php         0x0020ab88 zend_do_fcall_common_helper_SPEC + 1560 
(zend_vm_execute.h:184)
2   php         0x0020a4c4 execute + 520 (zend_vm_execute.h:87)
3   php         0x001e0630 zend_execute_scripts + 444 (zend.c:
1079)
4   php         0x00195334 php_execute_script + 780 (main.c:1679)
5   php         0x002921ac main + 3684 (php_cli.c:1040)
6   php         0x00002b58 _start + 344 (crt.c:272)
7   php         0x000029fc start + 60



------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=34818&edit=1

#34818 [Opn->Asn]: new mysqli_stmt() crashes if first parameter is not a valid mysqli_link

Reply via email to