Bug 824199

Summary: PDOStatement execute segfaults for pdo_mysql driver
Product: Red Hat Enterprise Linux 6 Reporter: Jan <kingsizewhopper>
Component: phpAssignee: Remi Collet <rcollet>
Status: CLOSED ERRATA QA Contact: David Kutálek <dkutalek>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.2CC: kingsizewhopper, rcollet
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 869693 (view as bug list) Environment:
Last Closed: 2013-02-21 10:14:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 869693    

Description Jan 2012-05-23 00:37:06 UTC 
The bug described here is present in RHEL 6.2 php 5.3.3:
https://bugs.php.net/bug.php?id=53551

Description:
------------
A segfault will occur when a PDOStatement is reused after failing due to a NOT 
NULL integrity constraint.  This occurred when using the pdo_mysql driver as 
opposed to the mysqlnd driver.

Also to avoid confusion, I was only able to test this on PHP 5.3.2.  I could find 
nothing in the changelogs that would imply this bug has been fixed.  I 
unfortunately did not have the time to free up hardware or vms for an upgrade.

Test script:
---------------
$dbh = new PDO('mysql:host=127.0.0.1;dbname=foo', 'user', 'pass');
$dbh->setAttribute(PDO::ATTR_EMULATE_PREPARES, 0);

$createSql = "CREATE TABLE `foo` (
  `count` bigint(20) unsigned NOT NULL DEFAULT '0'
)";

$dbh->exec('drop table if exists foo');
$dbh->exec($createSql);
$dbh->exec("insert into foo set `count` = 1 ");

$sql = 'UPDATE foo SET `count` = :count';
$stmt = $dbh->prepare($sql);

$values = array (
  'count' => NULL,
);

echo "1\n";
$stmt->execute($values);
var_dump($stmt->errorInfo());

echo "2\n";
$stmt->execute($values);
var_dump($stmt->errorInfo());

echo "\ndone\n";


Expected result:
----------------
[ed@foo ~]$ php ed.php
1
array(3) {
  [0]=>
  string(5) "23000"
  [1]=>
  int(1048)
  [2]=>
  string(29) "Column 'count' cannot be null"
}
2
array(3) {
  [0]=>
  string(5) "23000"
  [1]=>
  int(1048)
  [2]=>
  string(29) "Column 'count' cannot be null"
}
done


Actual result:
--------------
[ed@foo ~]$ php ed.php
1
array(3) {
  [0]=>
  string(5) "23000"
  [1]=>
  int(1048)
  [2]=>
  string(29) "Column 'count' cannot be null"
}
2
Segmentation fault
Comment 2 Joe Orton 2012-05-23 08:13:17 UTC 
Thanks for the report!
Comment 4 RHEL Program Management 2012-07-10 08:31:24 UTC 
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Comment 5 RHEL Program Management 2012-07-11 01:54:14 UTC 
This request was erroneously removed from consideration in Red Hat Enterprise Linux 6.4, which is currently under development.  This request will be evaluated for inclusion in Red Hat Enterprise Linux 6.4.
Comment 9 errata-xmlrpc 2013-02-21 10:14:03 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0514.html