Home Original page

PDO-ODBC stored procedure call from Solaris 64-bit causes seg fault

Bug #50445 PDO-ODBC stored procedure call from Solaris 64-bit causes seg fault
Submitted: 2009-12-11 00:32 UTC Modified: 2009-12-11 22:32 UTC
From: davbrown4 at yahoo dot com Assigned: felipe (profile)
Status: Closed Package: PDO related
PHP Version: 5.2, 5.3, 6 OS: Solaris
Private report: No CVE-ID: None

 [2009-12-11 00:32 UTC] davbrown4 at yahoo dot com

Description:
------------
While testing the 64-bit version of our ODBC driver (StarQuest StarSQL http://www.starquest.com) on Solaris SPARC, with unixODBC 2.2.14 (the current stable version),  we encountered a seg fault when when using PDO-ODBC to call a stored procedure.  The patch below (5.3.1) fixed our problem.

The existing php code is making the assumption that an "enum" has the same size as a "long". That is not the case on many 64-bit systems. We fixed this one by using an local intermediate "long" variable. It could likely also be fixed by modifying the format string. 
 
There may be several other faulty assumptions about the size of "enum" that we didn't encounter.

Here are our patches to 5.3.11:


diff -ur pdo-orig/pdo_stmt.c pdo/pdo_stmt.c
--- pdo-orig/pdo_stmt.c 2009-10-19 14:43:34.000000000 -0700
+++ pdo/pdo_stmt.c      2009-12-03 16:31:18.000000000 -0800
@@ -1657,12 +1657,13 @@
 static int register_bound_param(INTERNAL_FUNCTION_PARAMETERS, pdo_stmt_t *stmt, int is_param) /* {{{ */
 {
        struct pdo_bound_param_data param = {0};
+       long param_type;

        param.paramno = -1;
        param.param_type = PDO_PARAM_STR;

        if (FAILURE == zend_parse_parameters_ex(ZEND_PARSE_PARAMS_QUIET, ZEND_NUM_ARGS() TSRMLS_CC,
-                       "lz|llz!", &param.paramno, &param.parameter, &param.param_type, &param.max_value_len,
+                       "lz|llz!", &param.paramno, &param.parameter, &param_type, &param.max_value_len,
                        &param.driver_params)) {
                if (FAILURE == zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sz|llz!", &param.name,
                                &param.namelen, &param.parameter, &param.param_type, &param.max_value_len,
@@ -1671,6 +1672,7 @@
                }
        }

+       param.param_type = (int)param_type;
        if (param.paramno > 0) {
                --param.paramno; /* make it zero-based internally */
        } else if (!param.name) {




Reproduce code:
---------------
<?php

// Connect to the database
try{
$dbh = new PDO("odbc:MAX64", 'USER', 'PWD');
}catch (PDOException $e) {
    print "Error!: " . $e->getMessage();
    die();
}

// Set parameter values
$inval = 'ANNIE';
$inoutval = 'HALL';
$outval = NULL;

// Prepare stored procedure call with three parameters
$sth = $dbh->prepare('CALL USER.SPROC(?, ?, ?)');

// Bind parameter 1 as IN parameter
// Be sure *not* to set a length to indicate it's an IN parameter
$sth->bindParam(1, $inval, PDO::PARAM_STR);

// Bind parameter 2 as INOUT parameter
$sth->bindParam(2, $inoutval, PDO::PARAM_STR|PDO::PARAM_INPUT_OUTPUT, 20);

// Bind parameter 3 as OUT parameter
// Be sure to explicitly set a length to indicate it's an OUTPUT parameter
$sth->bindParam(3, $outval, PDO::PARAM_INT, 20);

// Call the stored procedure
print "Executing stored procedure...\n";
$res = $sth->execute();
....

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

 [2009-12-11 22:32 UTC] felipe@php.net

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

I've committed a bit modified patch.
Thanks for the patch!