ID: 40639
Updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
-Status: Open
+Status: Assigned
Bug Type: PDO related
Operating System: Mac OS X 10.4.8
PHP Version: 5CVS-2007-02-26 (CVS)
-Assigned To:
+Assigned To: fmk
New Comment:
Frank, could you take a look at it?
Previous Comments:
------------------------------------------------------------------------
[2007-02-26 14:01:01] [EMAIL PROTECTED]
Also, check out this one, I'm not sure whether this is the
expected behaviour, but the colno seems to change value:
Breakpoint 1, fetch_value (stmt=0x172a624, dest=0x172a984,
colno=0, type_override=0x0) at /usr/local/src/PHP_5_2/ext/
pdo/pdo_stmt.c:500
500 char *value = NULL;
(gdb) step
501 unsigned long value_len = 0;
(gdb) step
502 int caller_frees = 0;
(gdb) step
506 type = PDO_PARAM_TYPE(col->param_type);
(gdb) step
507 new_type = type_override ? PDO_PARAM_TYPE
(*type_override) : type;
(gdb) step
509 value = NULL;
(gdb) step
510 value_len = 0;
(gdb) step
512 stmt->methods->get_col(stmt, colno, &value,
&value_len, &caller_frees TSRMLS_CC);
(gdb) print colno
$5 = 0
(gdb) step
pdo_dblib_stmt_get_col (stmt=0x172a624, colno=0,
ptr=0xbffff05c, len=0xbffff058, caller_frees=0xbffff054) at
/usr/local/src/PHP_5_2/ext/pdo_dblib/dblib_stmt.c:255
255 pdo_dblib_stmt *S = (pdo_dblib_stmt*)stmt-
>driver_data;
(gdb) finish
Run till exit from #0 pdo_dblib_stmt_get_col
(stmt=0x172a624, colno=0, ptr=0xbffff05c, len=0xbffff058,
caller_frees=0xbffff054) at /usr/local/src/PHP_5_2/ext/
pdo_dblib/dblib_stmt.c:255
fetch_value (stmt=0x172a624, dest=0x172a984, colno=24291756,
type_override=0x0) at /usr/local/src/PHP_5_2/ext/pdo/
pdo_stmt.c:514
514 switch (type) {
Value returned is $6 = 1
(gdb) print colno
$7 = 24291756
------------------------------------------------------------------------
[2007-02-26 13:51:09] [EMAIL PROTECTED]
(gdb) p stmt
$1 = (pdo_stmt_t *) 0x172a624
(gdb) p *stmt
$2 = {
ce = 0x24a0180,
properties = 0x172a6e8,
in_get = 0,
in_set = 0,
methods = 0x557bc0,
driver_data = 0x172a768,
executed = 1,
supports_placeholders = 0,
_reserved = 0,
column_count = 1,
columns = 0x172a95c,
database_object_handle = {
value = {
lval = 1,
dval = 5.5997329951816251e-307,
str = {
val = 0x1 <Address 0x1 out of bounds>,
len = 5843616
},
ht = 0x1,
obj = {
handle = 1,
handlers = 0x592aa0
}
},
refcount = 2,
type = 5 '\005',
is_ref = 0 '\0'
},
dbh = 0x172a3a0,
bound_params = 0x172ad34,
bound_param_map = 0x0,
bound_columns = 0x0,
row_count = -1,
query_string = 0x172a740 "SELECT 'foo' WHERE '1'
= :value",
query_stringlen = 31,
active_query_string = 0x0,
active_query_stringlen = 28,
error_code = "00000",
lazy_object_ref = {
value = {
lval = 0,
dval = 0,
str = {
val = 0x0,
len = 0
},
ht = 0x0,
obj = {
handle = 0,
handlers = 0x0
}
},
refcount = 0,
type = 0 '\0',
is_ref = 0 '\0'
},
refcount = 1,
default_fetch_type = PDO_FETCH_BOTH,
fetch = {
column = 0,
cls = {
ce = 0x0,
ctor_args = 0x0,
retval_ptr = 0x0,
fci = {
size = 0,
function_table = 0x0,
function_name = 0x0,
symbol_table = 0x0,
retval_ptr_ptr = 0x0,
param_count = 0,
params = 0x0,
object_pp = 0x0,
no_separation = 0 '\0'
},
fcc = {
initialized = 0 '\0',
function_handler = 0x0,
calling_scope = 0x0,
object_pp = 0x0
}
},
func = {
function = 0x0,
fetch_args = 0x0,
object = 0x0,
fci = {
size = 0,
function_table = 0x0,
function_name = 0x0,
symbol_table = 0x0,
retval_ptr_ptr = 0x0,
param_count = 0,
params = 0x0,
object_pp = 0x0,
no_separation = 0 '\0'
},
fcc = {
initialized = 0 '\0',
function_handler = 0x0,
calling_scope = 0x0,
object_pp = 0x0
},
values = 0x0
},
into = 0x0
},
named_rewrite_template = 0x0
}
(gdb) p i
$3 = 0
(gdb) p stmt->columns[i]
$4 = {
name = 0x0,
namelen = 6648949,
maxlen = 25,
param_type = 17,
precision = 47,
dbdo_data = 0x172adf4
}
------------------------------------------------------------------------
[2007-02-26 13:00:19] [EMAIL PROTECTED]
Type in gdb after the segfault:
p stmt
p *stmt
p i
p stmt->columns[i]
and post the results here.
------------------------------------------------------------------------
[2007-02-26 12:52:12] [EMAIL PROTECTED]
Description:
------------
The DBLIB PDO driver seems to crash when first execution of
repeated prepared statement wont actually return any rows. If
the first execution does return rows, it works fine.
Reproduce code:
---------------
$pdo = new PDO('dblib:host=hostname;dbname=dbname', 'user', 'pass');
$query = "SELECT 'foo' WHERE '1' = :value";
$stmt = $pdo->prepare($query);
$values = array('0', '1');
foreach ($values as $value) {
$stmt->bindValue(':value', $value);
$stmt->execute();
while ($stmt->fetch() !== false);
$stmt->closeCursor();
}
Expected result:
----------------
Nothing.
Actual result:
--------------
(gdb) run dblib2.php
Starting program: /usr/local/bin/php dblib2.php
Reading symbols for shared libraries .+++..+++++..++++.. done
Program received signal EXC_BAD_ACCESS, Could not access
memory.
Reason: KERN_PROTECTION_FAILURE at address: 0x00000000
0x000faf43 in do_fetch (stmt=0x172a624, do_bind=0,
return_value=0x172a944, how=PDO_FETCH_USE_DEFAULT,
ori=PDO_FETCH_ORI_NEXT, offset=0, return_all=0x0) at /usr/
local/src/PHP_5_2/ext/pdo/pdo_stmt.c:1026
1026 add_assoc_zval
(return_value, stmt->columns[i].name, val);
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=40639&edit=1
