ID: 38535 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: Assigned +Status: Closed Bug Type: PDO related Operating System: All PHP Version: 5CVS-2006-08-21 (CVS) Assigned To: iliaa New Comment:
This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2006-08-21 13:58:24] [EMAIL PROTECTED] Description: ------------ Using any kind of error, errorInfo uses unitialized or already freed memory. This simple script shows the problem. It is on AMD64, using pgsql 8.1.4 Reproduce code: --------------- $dsn = 'pgsql:host=localhost;port=5432;dbname=foo;'; $user = 'test'; $password = '12345'; $pdo = new PDO($dsn, $user, $password); $sql = "INSERT INTO bar ( field ) VALUES ( 'value',, ) "; if (!$pdo->query($sql)) { var_dump($pdo->errorInfo()); } else { var_dump("ok"); } Actual result: -------------- ==21482== Use of uninitialised value of size 8 ==21482== at 0x5680DE9: BN_mod_exp_mont_consttime (in /usr/lib/libcrypto.so.0.9.8) ==21482== by 0x56A25E7: (within /usr/lib/libcrypto.so.0.9.8) ==21482== by 0x54D2451: ssl3_send_client_key_exchange (in /usr/lib/libssl.so.0.9.8) ==21482== by 0x54D3737: ssl3_connect (in /usr/lib/libssl.so.0.9.8) ==21482== by 0x4FE9DDD: pqsecure_open_client (in /usr/lib/libpq.so.4.1) ==21482== by 0x4FDDC1B: PQconnectPoll (in /usr/lib/libpq.so.4.1) ==21482== by 0x4FDF5D0: (within /usr/lib/libpq.so.4.1) ==21482== by 0x4FDF84E: PQconnectdb (in /usr/lib/libpq.so.4.1) ==21482== by 0x5475CC: pdo_pgsql_handle_factory (pgsql_driver.c:670) ==21482== by 0x535055: zim_PDO_dbh_constructor (pdo_dbh.c:372) ==21482== by 0x70205C: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:200) ==21482== by 0x703312: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:322) ==21482== ==21482== Use of uninitialised value of size 8 ==21482== at 0x56819C0: BN_num_bits_word (in /usr/lib/libcrypto.so.0.9.8) ==21482== by 0x5681A22: BN_num_bits (in /usr/lib/libcrypto.so.0.9.8) ==21482== by 0x5680A87: BN_mod_exp_mont_consttime (in /usr/lib/libcrypto.so.0.9.8) ==21482== by 0x56A2801: (within /usr/lib/libcrypto.so.0.9.8) ==21482== by 0x54D273E: ssl3_send_client_key_exchange (in /usr/lib/libssl.so.0.9.8) ==21482== by 0x54D3737: ssl3_connect (in /usr/lib/libssl.so.0.9.8) ==21482== by 0x4FE9DDD: pqsecure_open_client (in /usr/lib/libpq.so.4.1) ==21482== by 0x4FDDC1B: PQconnectPoll (in /usr/lib/libpq.so.4.1) ==21482== by 0x4FDF5D0: (within /usr/lib/libpq.so.4.1) ==21482== by 0x4FDF84E: PQconnectdb (in /usr/lib/libpq.so.4.1) ==21482== by 0x5475CC: pdo_pgsql_handle_factory (pgsql_driver.c:670) ==21482== by 0x535055: zim_PDO_dbh_constructor (pdo_dbh.c:372) ==21482== ==21482== Use of uninitialised value of size 8 ==21482== at 0x5680DE9: BN_mod_exp_mont_consttime (in /usr/lib/libcrypto.so.0.9.8) ==21482== by 0x56A2801: (within /usr/lib/libcrypto.so.0.9.8) ==21482== by 0x54D273E: ssl3_send_client_key_exchange (in /usr/lib/libssl.so.0.9.8) ==21482== by 0x54D3737: ssl3_connect (in /usr/lib/libssl.so.0.9.8) ==21482== by 0x4FE9DDD: pqsecure_open_client (in /usr/lib/libpq.so.4.1) ==21482== by 0x4FDDC1B: PQconnectPoll (in /usr/lib/libpq.so.4.1) ==21482== by 0x4FDF5D0: (within /usr/lib/libpq.so.4.1) ==21482== by 0x4FDF84E: PQconnectdb (in /usr/lib/libpq.so.4.1) ==21482== by 0x5475CC: pdo_pgsql_handle_factory (pgsql_driver.c:670) ==21482== by 0x535055: zim_PDO_dbh_constructor (pdo_dbh.c:372) ==21482== by 0x70205C: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:200) ==21482== by 0x703312: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:322) ==21482== ==21482== Conditional jump or move depends on uninitialised value(s) ==21482== at 0x4C5697E: (within /usr/lib/libz.so.1.2.3) ==21482== by 0x4C57645: (within /usr/lib/libz.so.1.2.3) ==21482== by 0x4C57E89: deflate (in /usr/lib/libz.so.1.2.3) ==21482== by 0x56FB24C: (within /usr/lib/libcrypto.so.0.9.8) ==21482== by 0x56FAEB1: COMP_compress_block (in /usr/lib/libcrypto.so.0.9.8) ==21482== by 0x54D60DB: ssl3_do_compress (in /usr/lib/libssl.so.0.9.8) ==21482== by 0x54D633E: (within /usr/lib/libssl.so.0.9.8) ==21482== by 0x54D661D: ssl3_write_bytes (in /usr/lib/libssl.so.0.9.8) ==21482== by 0x4FEA4B5: pqsecure_write (in /usr/lib/libpq.so.4.1) ==21482== by 0x4FE333B: (within /usr/lib/libpq.so.4.1) ==21482== by 0x4FE0C1B: PQsendQuery (in /usr/lib/libpq.so.4.1) ==21482== by 0x4FE12E8: PQexec (in /usr/lib/libpq.so.4.1) ==21482== ==21482== Source and destination overlap in memcpy(0x6D502F0, 0x6D5031C, 200) ==21482== at 0x4A1BA62: memcpy (mac_replace_strmem.c:394) ==21482== by 0x6BDA14: _estrndup (zend_alloc.c:1733) ==21482== by 0x6DDB4C: add_next_index_string (zend_API.c:1194) ==21482== by 0x537608: zim_PDO_errorInfo (pdo_dbh.c:979) ==21482== by 0x70205C: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:200) ==21482== by 0x703312: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:322) ==21482== by 0x7019B9: execute (zend_vm_execute.h:92) ==21482== by 0x6DBC37: zend_execute_scripts (zend.c:1095) ==21482== by 0x68C928: php_execute_script (main.c:1759) ==21482== by 0x768D09: main (php_cli.c:1097) array(3) { [0]=> string(200) "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ�̏*ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ�̏*" [1]=> int(7) [2]=> string(51) "ERROR: syntax error at or near "," at character 99" } ==21482== ==21482== Conditional jump or move depends on uninitialised value(s) ==21482== at 0x4C56946: (within /usr/lib/libz.so.1.2.3) ==21482== by 0x4C57645: (within /usr/lib/libz.so.1.2.3) ==21482== by 0x4C57E89: deflate (in /usr/lib/libz.so.1.2.3) ==21482== by 0x56FB24C: (within /usr/lib/libcrypto.so.0.9.8) ==21482== by 0x56FAEB1: COMP_compress_block (in /usr/lib/libcrypto.so.0.9.8) ==21482== by 0x54D60DB: ssl3_do_compress (in /usr/lib/libssl.so.0.9.8) ==21482== by 0x54D633E: (within /usr/lib/libssl.so.0.9.8) ==21482== by 0x54D661D: ssl3_write_bytes (in /usr/lib/libssl.so.0.9.8) ==21482== by 0x4FEA4B5: pqsecure_write (in /usr/lib/libpq.so.4.1) ==21482== by 0x4FE333B: (within /usr/lib/libpq.so.4.1) ==21482== by 0x4FDCBB6: (within /usr/lib/libpq.so.4.1) ==21482== by 0x4FDCBDD: PQfinish (in /usr/lib/libpq.so.4.1) ==21482== ==21482== Conditional jump or move depends on uninitialised value(s) ==21482== at 0x4C56901: (within /usr/lib/libz.so.1.2.3) ==21482== by 0x4C57645: (within /usr/lib/libz.so.1.2.3) ==21482== by 0x4C57E89: deflate (in /usr/lib/libz.so.1.2.3) ==21482== by 0x56FB24C: (within /usr/lib/libcrypto.so.0.9.8) ==21482== by 0x56FAEB1: COMP_compress_block (in /usr/lib/libcrypto.so.0.9.8) ==21482== by 0x54D60DB: ssl3_do_compress (in /usr/lib/libssl.so.0.9.8) ==21482== by 0x54D633E: (within /usr/lib/libssl.so.0.9.8) ==21482== by 0x54D661D: ssl3_write_bytes (in /usr/lib/libssl.so.0.9.8) ==21482== by 0x4FEA4B5: pqsecure_write (in /usr/lib/libpq.so.4.1) ==21482== by 0x4FE333B: (within /usr/lib/libpq.so.4.1) ==21482== by 0x4FDCBB6: (within /usr/lib/libpq.so.4.1) ==21482== by 0x4FDCBDD: PQfinish (in /usr/lib/libpq.so.4.1) ==21482== ==21482== Conditional jump or move depends on uninitialised value(s) ==21482== at 0x4C5690C: (within /usr/lib/libz.so.1.2.3) ==21482== by 0x4C57645: (within /usr/lib/libz.so.1.2.3) ==21482== by 0x4C57E89: deflate (in /usr/lib/libz.so.1.2.3) ==21482== by 0x56FB24C: (within /usr/lib/libcrypto.so.0.9.8) ==21482== by 0x56FAEB1: COMP_compress_block (in /usr/lib/libcrypto.so.0.9.8) ==21482== by 0x54D60DB: ssl3_do_compress (in /usr/lib/libssl.so.0.9.8) ==21482== by 0x54D633E: (within /usr/lib/libssl.so.0.9.8) ==21482== by 0x54D661D: ssl3_write_bytes (in /usr/lib/libssl.so.0.9.8) ==21482== by 0x4FEA4B5: pqsecure_write (in /usr/lib/libpq.so.4.1) ==21482== by 0x4FE333B: (within /usr/lib/libpq.so.4.1) ==21482== by 0x4FDCBB6: (within /usr/lib/libpq.so.4.1) ==21482== by 0x4FDCBDD: PQfinish (in /usr/lib/libpq.so.4.1) ==21482== ==21482== ERROR SUMMARY: 43800 errors from 21 contexts (suppressed: 17 from 3) ==21482== malloc/free: in use at exit: 59,508 bytes in 1,951 blocks. ==21482== malloc/free: 23,706 allocs, 21,755 frees, 3,598,515 bytes allocated. ==21482== For counts of detected errors, rerun with: -v ==21482== searching for pointers to 1,951 not-freed blocks. ==21482== checked 2,543,544 bytes. ==21482== ==21482== LEAK SUMMARY: ==21482== definitely lost: 292 bytes in 11 blocks. ==21482== possibly lost: 0 bytes in 0 blocks. ==21482== still reachable: 59,216 bytes in 1,940 blocks. ==21482== suppressed: 0 bytes in 0 blocks. ==21482== Use --leak-check=full to see details of leaked memory. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=38535&edit=1
