Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Fixed Bug #66034 (Segmentation Fault when constructor of PDO statemen…

…t throws an exception)

I know zend_call_function will initilize retval_ptr_ptr, but still set
it to NULL explict is more readable
  • Loading branch information...
commit e3d9e18e7b24ba2d5c9e420510e804330c94f955 1 parent 2b7e89e
@laruence laruence authored
Showing with 40 additions and 3 deletions.
  1. +5 −1 NEWS
  2. +2 −2 ext/pdo/pdo_dbh.c
  3. +33 −0 ext/pdo_sqlite/tests/bug66033.phpt
View
6 NEWS
@@ -18,10 +18,14 @@ PHP NEWS
- FTP:
. Fixed bug #65667 (ftp_nb_continue produces segfault). (Philip Hofstetter)
-- ODBC
+- ODBC:
. Fixed bug #65950 (Field name truncation if the field name is bigger than
32 characters). (patch submitted by: michael dot y at zend dot com, Yasuo)
+- PDO:
+ . Fixed bug #66033 (Segmentation Fault when constructor of PDO statement
+ throws an exception). (Laruence)
+
- Sockets:
. Fixed bug #65808 (the socket_connect() won't work with IPv6 address).
(Mike)
View
4 ext/pdo/pdo_dbh.c
@@ -460,7 +460,7 @@ static void pdo_stmt_construct(pdo_stmt_t *stmt, zval *object, zend_class_entry
if (dbstmt_ce->constructor) {
zend_fcall_info fci;
zend_fcall_info_cache fcc;
- zval *retval;
+ zval *retval = NULL;
fci.size = sizeof(zend_fcall_info);
fci.function_table = &dbstmt_ce->function_table;
@@ -495,7 +495,7 @@ static void pdo_stmt_construct(pdo_stmt_t *stmt, zval *object, zend_class_entry
zval_dtor(object);
ZVAL_NULL(object);
object = NULL; /* marks failure */
- } else {
+ } else if (retval) {
zval_ptr_dtor(&retval);
}
View
33 ext/pdo_sqlite/tests/bug66033.phpt
@@ -0,0 +1,33 @@
+--TEST--
+Bug #66033 (Segmentation Fault when constructor of PDO statement throws an exception)
+--SKIPIF--
+<?php
+if (!extension_loaded('pdo_sqlite')) print 'skip not loaded';
+?>
+--FILE--
+<?php
+class DBStatement extends PDOStatement {
+ public $dbh;
+ protected function __construct($dbh) {
+ $this->dbh = $dbh;
+ throw new Exception("Blah");
+ }
+}
+
+$pdo = new PDO('sqlite::memory:', null, null);
+$pdo->setAttribute(PDO::ATTR_STATEMENT_CLASS, array('DBStatement',
+ array($pdo)));
+$pdo->exec("CREATE TABLE IF NOT EXISTS messages (
+ id INTEGER PRIMARY KEY,
+ title TEXT,
+ message TEXT,
+ time INTEGER)");
+
+try {
+ $pdoStatement = $pdo->query("select * from messages");
+} catch (Exception $e) {
+ var_dump($e->getMessage());
+}
+?>
+--EXPECTF--
+string(4) "Blah"
Please sign in to comment.
Something went wrong with that request. Please try again.