Bug #52546 [Com]: pdo_dblib segmentation fault when iterating MONEY values

rgagnon24 at gmail dot com Fri, 06 Aug 2010 08:42:10 -0700

Edit report at http://bugs.php.net/bug.php?id=52546&edit=1


 ID:                 52546
 Comment by:         rgagnon24 at gmail dot com
 Reported by:        rgagnon24 at gmail dot com
 Summary:            pdo_dblib segmentation fault when iterating MONEY
                     values
 Status:             Closed
 Type:               Bug
 Package:            PDO related
 Operating System:   CentOS 5.5
 PHP Version:        5.2.14
 Assigned To:        felipe
 Block user comment: N

 New Comment:

With patch committed to SVN (r301916), segmentation fault still occurs.



The issue is the val->data pointer is null at the time of spprintf()
being called.  Using "8" in place of "val->len" or sizeof(DBFLT8) in the
dbconvert() call does not help at all.


Previous Comments:
------------------------------------------------------------------------
[2010-08-06 01:32:47] fel...@php.net

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Thanks.

------------------------------------------------------------------------
[2010-08-06 01:32:19] fel...@php.net

Automatic comment from SVN on behalf of felipe
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=301916
Log: - Fixed bug #52546 (pdo_dblib segmentation fault when iterating
MONEY values)

------------------------------------------------------------------------
[2010-08-05 22:04:37] rgagnon24 at gmail dot com

Description:
------------
Fix for bug 51213 released into 5.2.14 and 5.3.3 causes segmentation
fault when an SQL query attempts to read MSSQL MONEY type columns, or
aggregates of those column types.



Problem appears to be invalid val->data pointer passed to spprintf()
call at line 174 of dblib_stmt.c



Oddly, the patch attached to bug 51213 works properly, but is not the
same as what was comitted to the code base.



In the patch attached to 51213, val->data is properly emalloc'd some
memory before any sprintf()-type of operation is performed.

Test script:
---------------
// On a table containing a MONEY (field named "amount");



$sql = "SELECT SUM(amount) FROM table";

$rs = $pdo->query($sql, PDO::FETCH_OBJ);

foreach($rs as $row) {

   var_dump($row);

}

Expected result:
----------------
Expected to see rows dumped from table.

Actual result:
--------------
Segmentation fault.


------------------------------------------------------------------------



-- 
Edit this bug report at http://bugs.php.net/bug.php?id=52546&edit=1

Bug #52546 [Com]: pdo_dblib segmentation fault when iterating MONEY values

Reply via email to