diff options
| author | Xinchen Hui <laruence@php.net> | 2013-11-05 11:04:55 +0800 |
|---|---|---|
| committer | Xinchen Hui <laruence@php.net> | 2013-11-05 11:04:55 +0800 |
| commit | e3d9e18e7b24ba2d5c9e420510e804330c94f955 (patch) | |
| tree | 8acdae615620c1e8e259f7d834e699e273f7b5b2 | |
| parent | 2b7e89e20a4ab23a50ac2c29884d7d1928560635 (diff) | |
| download | php-git-e3d9e18e7b24ba2d5c9e420510e804330c94f955.tar.gz | |
Fixed Bug #66034 (Segmentation Fault when constructor of PDO statement throws an exception)
I know zend_call_function will initilize retval_ptr_ptr, but still set
it to NULL explict is more readable
| -rw-r--r-- | NEWS | 6 | ||||
| -rw-r--r-- | ext/pdo/pdo_dbh.c | 4 | ||||
| -rw-r--r-- | ext/pdo_sqlite/tests/bug66033.phpt | 33 |
3 files changed, 40 insertions, 3 deletions
@@ -18,10 +18,14 @@ PHP NEWS - FTP: . Fixed bug #65667 (ftp_nb_continue produces segfault). (Philip Hofstetter) -- ODBC +- ODBC: . Fixed bug #65950 (Field name truncation if the field name is bigger than 32 characters). (patch submitted by: michael dot y at zend dot com, Yasuo) +- PDO: + . Fixed bug #66033 (Segmentation Fault when constructor of PDO statement + throws an exception). (Laruence) + - Sockets: . Fixed bug #65808 (the socket_connect() won't work with IPv6 address). (Mike) diff --git a/ext/pdo/pdo_dbh.c b/ext/pdo/pdo_dbh.c index d5860b1a1e..ac8d29a95c 100644 --- a/ext/pdo/pdo_dbh.c +++ b/ext/pdo/pdo_dbh.c @@ -460,7 +460,7 @@ static void pdo_stmt_construct(pdo_stmt_t *stmt, zval *object, zend_class_entry if (dbstmt_ce->constructor) { zend_fcall_info fci; zend_fcall_info_cache fcc; - zval *retval; + zval *retval = NULL; fci.size = sizeof(zend_fcall_info); fci.function_table = &dbstmt_ce->function_table; @@ -495,7 +495,7 @@ static void pdo_stmt_construct(pdo_stmt_t *stmt, zval *object, zend_class_entry zval_dtor(object); ZVAL_NULL(object); object = NULL; /* marks failure */ - } else { + } else if (retval) { zval_ptr_dtor(&retval); } diff --git a/ext/pdo_sqlite/tests/bug66033.phpt b/ext/pdo_sqlite/tests/bug66033.phpt new file mode 100644 index 0000000000..28da3b54bf --- /dev/null +++ b/ext/pdo_sqlite/tests/bug66033.phpt @@ -0,0 +1,33 @@ +--TEST-- +Bug #66033 (Segmentation Fault when constructor of PDO statement throws an exception) +--SKIPIF-- +<?php +if (!extension_loaded('pdo_sqlite')) print 'skip not loaded'; +?> +--FILE-- +<?php +class DBStatement extends PDOStatement { + public $dbh; + protected function __construct($dbh) { + $this->dbh = $dbh; + throw new Exception("Blah"); + } +} + +$pdo = new PDO('sqlite::memory:', null, null); +$pdo->setAttribute(PDO::ATTR_STATEMENT_CLASS, array('DBStatement', + array($pdo))); +$pdo->exec("CREATE TABLE IF NOT EXISTS messages ( + id INTEGER PRIMARY KEY, + title TEXT, + message TEXT, + time INTEGER)"); + +try { + $pdoStatement = $pdo->query("select * from messages"); +} catch (Exception $e) { + var_dump($e->getMessage()); +} +?> +--EXPECTF-- +string(4) "Blah" |