bug53551.phpt

Johannes Schlüter Fri, 14 Jan 2011 06:58:28 -0800

johannes                                 Fri, 14 Jan 2011 14:57:57 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=307478


Log:
- Fix #53551 (PDOStatement execute segfaults for pdo_mysql driver)

Bug: http://bugs.php.net/53551 (Assigned) PDOStatement execute segfaults for 
pdo_mysql driver
      
Changed paths:
    U   php/php-src/branches/PHP_5_3/NEWS
    U   php/php-src/branches/PHP_5_3/ext/pdo_mysql/mysql_statement.c
    A   php/php-src/branches/PHP_5_3/ext/pdo_mysql/tests/bug53551.phpt
    U   php/php-src/trunk/ext/pdo_mysql/mysql_statement.c
    A   php/php-src/trunk/ext/pdo_mysql/tests/bug53551.phpt

Modified: php/php-src/branches/PHP_5_3/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3/NEWS   2011-01-14 14:54:18 UTC (rev 307477)
+++ php/php-src/branches/PHP_5_3/NEWS   2011-01-14 14:57:57 UTC (rev 307478)
@@ -63,6 +63,10 @@
   . Fixed stream_socket_enable_crypto() not honoring the socket timeout in
     server mode. (Gustavo)

+- PDO MySQL driver:
+  . Fixed bug #53551 (PDOStatement execute segfaults for pdo_mysql driver).
+    (Johannes)
+
 - PDO Oracle driver:
   . Fixed bug #39199 (Cannot load Lob data with more than 4000 bytes on
     ORACLE 10). (spatar at mail dot nnov dot ru)

Modified: php/php-src/branches/PHP_5_3/ext/pdo_mysql/mysql_statement.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/pdo_mysql/mysql_statement.c        
2011-01-14 14:54:18 UTC (rev 307477)
+++ php/php-src/branches/PHP_5_3/ext/pdo_mysql/mysql_statement.c        
2011-01-14 14:57:57 UTC (rev 307478)
@@ -142,8 +142,7 @@
        /* (re)bind the parameters */
        if (mysql_stmt_bind_param(S->stmt, S->params) || 
mysql_stmt_execute(S->stmt)) {
                if (S->params) {
-                       efree(S->params);
-                       S->params = 0;
+                       memset(S->params, 0, S->num_params * 
sizeof(MYSQL_BIND));
                }
                pdo_mysql_error_stmt(stmt);
                if (mysql_stmt_errno(S->stmt) == 2057) {

Added: php/php-src/branches/PHP_5_3/ext/pdo_mysql/tests/bug53551.phpt
===================================================================
--- php/php-src/branches/PHP_5_3/ext/pdo_mysql/tests/bug53551.phpt              
                (rev 0)
+++ php/php-src/branches/PHP_5_3/ext/pdo_mysql/tests/bug53551.phpt      
2011-01-14 14:57:57 UTC (rev 307478)
@@ -0,0 +1,73 @@
+--TEST--
+Bug #44327 (PDORow::queryString property & numeric offsets / Crash)
+--SKIPIF--
+<?php
+require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'skipif.inc');
+require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc');
+MySQLPDOTest::skip();
+$db = MySQLPDOTest::factory();
+?>
+--FILE--
+<?php
+include __DIR__ . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc';
+$db = MySQLPDOTest::factory();
+
+$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, 0);
+
+$createSql = "CREATE TABLE `bug53551` (
+  `count` bigint(20) unsigned NOT NULL DEFAULT '0'
+)";
+
+$db->exec('drop table if exists bug53551');
+$db->exec($createSql);
+$db->exec("insert into bug53551 set `count` = 1 ");
+$db->exec("SET sql_mode = 'Traditional'");
+$sql = 'UPDATE bug53551 SET `count` = :count';
+$stmt = $db->prepare($sql);
+
+$values = array (
+    'count' => NULL,
+);
+
+echo "1\n";
+$stmt->execute($values);
+var_dump($stmt->errorInfo());
+
+echo "2\n";
+$stmt->execute($values);
+var_dump($stmt->errorInfo());
+
+echo "\ndone\n";
+
+?>
+--CLEAN--
+<?php
+include __DIR__ . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc';
+$db = MySQLPDOTest::factory();
+$db->exec('DROP TABLE IF EXISTS bug53551');
+?>
+--EXPECTF--
+1
+
+Warning: PDOStatement::execute(): SQLSTATE[23000]: Integrity constraint 
violation: 1048 Column 'count' cannot be null in %s on line %d
+array(3) {
+  [0]=>
+  string(5) "23000"
+  [1]=>
+  int(1048)
+  [2]=>
+  string(29) "Column 'count' cannot be null"
+}
+2
+
+Warning: PDOStatement::execute(): SQLSTATE[23000]: Integrity constraint 
violation: 1048 Column 'count' cannot be null in %s on line %d
+array(3) {
+  [0]=>
+  string(5) "23000"
+  [1]=>
+  int(1048)
+  [2]=>
+  string(29) "Column 'count' cannot be null"
+}
+
+done


Property changes on: 
php/php-src/branches/PHP_5_3/ext/pdo_mysql/tests/bug53551.phpt
___________________________________________________________________
Added: svn:keywords
   + Id Rev Revision
Added: svn:eol-style
   + native

Modified: php/php-src/trunk/ext/pdo_mysql/mysql_statement.c
===================================================================
--- php/php-src/trunk/ext/pdo_mysql/mysql_statement.c   2011-01-14 14:54:18 UTC 
(rev 307477)
+++ php/php-src/trunk/ext/pdo_mysql/mysql_statement.c   2011-01-14 14:57:57 UTC 
(rev 307478)
@@ -136,8 +136,7 @@
        /* (re)bind the parameters */
        if (mysql_stmt_bind_param(S->stmt, S->params) || 
mysql_stmt_execute(S->stmt)) {
                if (S->params) {
-                       efree(S->params);
-                       S->params = 0;
+                       memset(S->params, 0, S->num_params * 
sizeof(MYSQL_BIND));
                }
                pdo_mysql_error_stmt(stmt);
                if (mysql_stmt_errno(S->stmt) == 2057) {

Added: php/php-src/trunk/ext/pdo_mysql/tests/bug53551.phpt
===================================================================
--- php/php-src/trunk/ext/pdo_mysql/tests/bug53551.phpt                         
(rev 0)
+++ php/php-src/trunk/ext/pdo_mysql/tests/bug53551.phpt 2011-01-14 14:57:57 UTC 
(rev 307478)
@@ -0,0 +1,73 @@
+--TEST--
+Bug #44327 (PDORow::queryString property & numeric offsets / Crash)
+--SKIPIF--
+<?php
+require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'skipif.inc');
+require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc');
+MySQLPDOTest::skip();
+$db = MySQLPDOTest::factory();
+?>
+--FILE--
+<?php
+include __DIR__ . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc';
+$db = MySQLPDOTest::factory();
+
+$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, 0);
+
+$createSql = "CREATE TABLE `bug53551` (
+  `count` bigint(20) unsigned NOT NULL DEFAULT '0'
+)";
+
+$db->exec('drop table if exists bug53551');
+$db->exec($createSql);
+$db->exec("insert into bug53551 set `count` = 1 ");
+$db->exec("SET sql_mode = 'Traditional'");
+$sql = 'UPDATE bug53551 SET `count` = :count';
+$stmt = $db->prepare($sql);
+
+$values = array (
+    'count' => NULL,
+);
+
+echo "1\n";
+$stmt->execute($values);
+var_dump($stmt->errorInfo());
+
+echo "2\n";
+$stmt->execute($values);
+var_dump($stmt->errorInfo());
+
+echo "\ndone\n";
+
+?>
+--CLEAN--
+<?php
+include __DIR__ . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc';
+$db = MySQLPDOTest::factory();
+$db->exec('DROP TABLE IF EXISTS bug53551');
+?>
+--EXPECTF--
+1
+
+Warning: PDOStatement::execute(): SQLSTATE[23000]: Integrity constraint 
violation: 1048 Column 'count' cannot be null in %s on line %d
+array(3) {
+  [0]=>
+  string(5) "23000"
+  [1]=>
+  int(1048)
+  [2]=>
+  string(29) "Column 'count' cannot be null"
+}
+2
+
+Warning: PDOStatement::execute(): SQLSTATE[23000]: Integrity constraint 
violation: 1048 Column 'count' cannot be null in %s on line %d
+array(3) {
+  [0]=>
+  string(5) "23000"
+  [1]=>
+  int(1048)
+  [2]=>
+  string(29) "Column 'count' cannot be null"
+}
+
+done


Property changes on: php/php-src/trunk/ext/pdo_mysql/tests/bug53551.phpt
___________________________________________________________________
Added: svn:keywords
   + Id Rev Revision
Added: svn:eol-style
   + native

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/pdo_mysql/mysql_statement.c branches/PHP_5_3/ext/pdo_mysql/tests/bug53551.phpt trunk/ext/pdo_mysql/mysql_statement.c trunk/ext/pdo_mysql/tests/bug53551.phpt

Reply via email to