Edit report at https://bugs.php.net/bug.php?id=54908&edit=1
ID: 54908
Updated by: ssuffic...@php.net
Reported by: StevenHadfield at letu dot edu
Summary: DBLIB segfaults when GROUPing with 0 rows for
prepared statements
-Status: Open
+Status: Feedback
Type: Bug
Package: PDO related
Operating System: Fedora Rawhide
PHP Version: 5.3.6
Block user comment: N
Private report: N
New Comment:
Please try using this snapshot:
http://snaps.php.net/php5.4-latest.tar.gz
For Windows:
http://windows.php.net/snapshots/
PDO_DBLIB has been significantly redesigned in PHP 5.4. Many memory allocations
were removed possibly resolving this issue.
Previous Comments:
------------------------------------------------------------------------
[2011-05-23 15:25:45] StevenHadfield at letu dot edu
gdb backtrace:
#0 _zend_mm_free_int (heap=0xb2c310, p=0xe1b868) at
/usr/src/debug/php-5.3.6/Zend/zend_alloc.c:2028
#1 0x00007fffef1d1b1e in free_statement (stmt=0xe1bb70) at
/usr/src/debug/php-5.3.6/ext/pdo/pdo_stmt.c:2410
#2 0x00000000005d0f3f in zend_objects_store_del_ref_by_handle_ex (handle=2,
handlers=<optimized out>)
at /usr/src/debug/php-5.3.6/Zend/zend_objects_API.c:220
#3 0x00000000005d0f63 in zend_objects_store_del_ref (zobject=0xe1aa08) at
/usr/src/debug/php-5.3.6/Zend/zend_objects_API.c:172
#4 0x00000000005a09f2 in _zval_dtor (zvalue=<optimized out>) at
/usr/src/debug/php-5.3.6/Zend/zend_variables.h:35
#5 _zval_ptr_dtor (zval_ptr=0xe1c170) at
/usr/src/debug/php-5.3.6/Zend/zend_execute_API.c:443
#6 _zval_ptr_dtor (zval_ptr=0xe1c170) at
/usr/src/debug/php-5.3.6/Zend/zend_execute_API.c:432
#7 0x00000000005bb931 in zend_hash_del_key_or_index (ht=0x939ec8,
arKey=<optimized out>, nKeyLength=<optimized out>, h=<optimized out>,
flag=<optimized out>) at /usr/src/debug/php-5.3.6/Zend/zend_hash.c:500
#8 0x000000000062b36a in ZEND_UNSET_VAR_SPEC_CV_HANDLER
(execute_data=0x7fffeb09c050) at
/usr/src/debug/php-5.3.6/Zend/zend_vm_execute.h:22511
#9 0x00000000005d1e2b in execute (op_array=0xe1b260) at
/usr/src/debug/php-5.3.6/Zend/zend_vm_execute.h:107
#10 0x00007ffff1e78d6d in xdebug_execute (op_array=0xe1b260) at
/usr/src/debug/php-pecl-xdebug-2.1.1/xdebug-2.1.1/xdebug.c:1268
#11 0x00000000005affb0 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /usr/src/debug/php-5.3.6/Zend/zend.c:1194
#12 0x000000000055d3b3 in php_execute_script (primary_file=0x7fffffffdd20) at
/usr/src/debug/php-5.3.6/main/main.c:2268
#13 0x000000000042486e in main (argc=2, argv=0x7fffffffdf28) at
/usr/src/debug/php-5.3.6/sapi/cli/php_cli.c:1193
------------------------------------------------------------------------
[2011-05-23 15:21:06] fel...@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32
Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.
------------------------------------------------------------------------
[2011-05-23 15:18:04] StevenHadfield at letu dot edu
Description:
------------
I haven't fully figured out the cause of this problem, but for what I can
narrow it down, it's a bit of a remote case.
What I am experiencing is odd behavior when doing a PDO(DBLIB) prepared
statement on a SELECT query with a GROUP BY clause. As far as I can tell, when
the query would have returned 0 results, the query returns an empty array, but
the next time the query is run, I get the following result (regardless of what
the data should actually be):
array(1) {
[0]=>
array(2) {
["!"]=>
NULL
[0]=>
NULL
}
}
After this occurs, any attempt (whether explicit or implicit) to unset the
statement results in a segfault in Zend/zend_alloc.c:2028:
if (ZEND_MM_IS_FREE_BLOCK(next_block)) {
I have also found that this only happens when the first execution of the
prepared statement results in a 0 row query. If the order of the execution in
the test script below is reversed so that a result is returned, the prepared
statement works fine from then on.
Another specific of this bug is that it only occurs with the GROUP BY clause.
The query will work fine if I have an aggregate function, but do not have the
GROUP BY column specified.
I have tried the query in a different query tool, and it works fine.
I also tried the script with the php5.3-201105231230 snapshot, but was still
having the issue.
This problem is similar to Bug #40639, but my problem seems more narrow in
focus. I also do not receive the same segfault as the other bug.
Test script:
---------------
<?php
$db = new PDO('dblib:host=server;dbname=db', 'user', 'pass');
$query = $db->prepare('SELECT COALESCE(SUM(tblTransaction.Amount), 0) FROM
tblTransaction INNER JOIN tblDiscount ON tblTransaction.TransactionTypeID =
tblDiscount.TransactionTypeID AND tblDiscount.DiscountID = :DiscountID WHERE
tblTransaction.Voided IS NULL AND tblTransaction.RegistrationID =
:RegistrationID GROUP BY tblTransaction.RegistrationID');
// This combination does not exist together in the database
$execute = $query->execute(array(':DiscountID' => 1, ':RegistrationID' => 114));
echo "\nExecuted: " . ($execute ? 'Successful' : 'Failed') . "\n";
$results = $query->fetchAll();
var_dump($results);
// This combination does exist together in the database
$execute = $query->execute(array(':DiscountID' => 20, ':RegistrationID' =>
114));
echo 'Executed: ' . ($execute ? 'Successful' : 'Failed') . "\n";
$results = $query->fetchAll();
var_dump($results);
unset($query);
echo 'Unset';
Expected result:
----------------
Executed: Successful
array(0) {
}
Executed: Successful
array(1) {
[0]=>
array(2) {
["computed"]=>
string(4) "5.00"
[0]=>
string(4) "5.00"
}
}
Unset
Actual result:
--------------
Executed: Successful
array(0) {
}
Executed: Successful
array(1) {
[0]=>
array(2) {
["!"]=>
NULL
[0]=>
NULL
}
}
Segmentation fault (core dumped)
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=54908&edit=1
