Edit report at http://bugs.php.net/bug.php?id=52546&edit=1
ID: 52546
Updated by: ahar...@php.net
Reported by: rgagnon24 at gmail dot com
Summary: pdo_dblib segmentation fault when iterating MONEY
values
-Status: Closed
+Status: Re-Opened
Type: Bug
Package: PDO related
Operating System: CentOS 5.5
PHP Version: 5.2.14
Assigned To: felipe
Block user comment: N
New Comment:
Reopening, given it's apparently still segfaulting. Felipe, can you cast
an eye over the new patch, please?
Previous Comments:
------------------------------------------------------------------------
[2010-08-10 15:29:45] preben at ghost dot dk
Here's a fix.
Test code
---------
<?php
$dbh = new PDO('dblib:dbname=DB;host=HOST', 'USER', 'PASS');
$sth = $dbh->query ('create table #tmp(col money)');
$sth = $dbh->query ('insert into #tmp(col) values(123.25)');
$sth = $dbh->query ('insert into #tmp(col) values(-123.25)');
$sth = $dbh->prepare('SELECT col FROM #tmp');
$sth->execute();
$r = $sth->fetchAll(2);
print_r($r);
---------
Output
---------
Array
(
[0] => Array
(
[col] => 123.2500
)
[1] => Array
(
[col] => -123.2500
)
)
---------
Diff
---------
--- php-5.3.3/ext/pdo_dblib/dblib_stmt.c 2010-03-08
13:39:44.000000000 +0100
+++ ../php-5.3.3/ext/pdo_dblib/dblib_stmt.c 2010-08-10
15:18:48.000000000 +0200
@@ -170,8 +170,10 @@
case SQLMONEY4:
case SQLMONEYN: {
DBFLT8 money_value;
+ val->len = (2 *
dbdatlen(H->link, i + 1)) + 32;
+ val->data =
emalloc(val->len);
dbconvert(NULL,
S->cols[i].coltype, dbdata(H->link, i+1), dbdatlen(H->link, i+1),
SQLFLT8, (LPBYTE)&money_value, val->len);
- val->len =
spprintf(val->data, 0, "%.4f", money_value);
+ val->len =
sprintf(val->data, "%.4f", money_value);
}
break;
default:
---------
------------------------------------------------------------------------
[2010-08-06 18:18:19] rgagnon24 at gmail dot com
Patch uploaded as diff of actual SVN checkout this time.
Patch made from PHP_5_2 branch, but appears to be the same for PHP_5_3
------------------------------------------------------------------------
[2010-08-06 17:42:01] rgagnon24 at gmail dot com
With patch committed to SVN (r301916), segmentation fault still occurs.
The issue is the val->data pointer is null at the time of spprintf()
being called. Using "8" in place of "val->len" or sizeof(DBFLT8) in the
dbconvert() call does not help at all.
------------------------------------------------------------------------
[2010-08-06 01:32:47] fel...@php.net
This bug has been fixed in SVN.
Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
Thank you for the report, and for helping us make PHP better.
Thanks.
------------------------------------------------------------------------
[2010-08-06 01:32:19] fel...@php.net
Automatic comment from SVN on behalf of felipe
Revision: http://svn.php.net/viewvc/?view=revision&revision=301916
Log: - Fixed bug #52546 (pdo_dblib segmentation fault when iterating
MONEY values)
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/bug.php?id=52546
--
Edit this bug report at http://bugs.php.net/bug.php?id=52546&edit=1
