PHP  
 PHP_5_6
downloads | QA | documentation | faq | getting help | mailing lists | reporting bugs | php.net sites | links | my php.net 
 

Test Failure Report for ext/pdo_mysql/tests/bug41125.phpt ('Bug #41125 (PDO mysql + quote() + prepare() can result in seg fault)')

Script

1: <?php
2:
3:
require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR 'mysql_pdo_test.inc');
4:
5:
$db PDOTest::test_factory(dirname(__FILE__) . '/common.phpt');
6:
7:
$search "o'";
8:
$sql "SELECT 1 FROM DUAL WHERE 'o''riley' LIKE " $db->quote('%' $search '%');
9:
$stmt $db->prepare($sql);
10:
$stmt->execute();
11: print 
implode(' - ', (($r = @$stmt->fetch(PDO::FETCH_NUM)) ? $r : array())) ."\n";
12: print 
implode(' - '$stmt->errorinfo()) ."\n";
13:
14: print 
"-------------------------------------------------------\n";
15:
16:
$queries = array(
17:     
"SELECT 1 FROM DUAL WHERE 1 = '?\'\''",
18:     
"SELECT 'a\\'0' FROM DUAL WHERE 1 = ?",
19:     
"SELECT 'a', 'b\'' FROM DUAL WHERE '''' LIKE '\\'' AND ?",
20:     
"SELECT 'foo?bar', '', '''' FROM DUAL WHERE ?"
21:
);
22:
23: foreach (
$queries as $k => $query) {
24:     
$stmt $db->prepare($query);
25:     
$stmt->execute(array(1));
26:     
printf("[%d] Query: [[%s]]\n"$k 1$query);
27:     print 
implode(' - ', (($r = @$stmt->fetch(PDO::FETCH_NUM)) ? $r : array())) ."\n";
28:     print 
implode(' - '$stmt->errorinfo()) ."\n";
29:     print 
"--------\n";
30: }
31:
32:
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES1);
33:
$sql "SELECT upper(:id) FROM DUAL WHERE '1'";
34:
$stmt $db->prepare($sql);
35:
36:
$id 'o\'\0';
37:
$stmt->bindParam(':id'$id);
38:
$stmt->execute();
39:
printf("Query: [[%s]]\n"$sql);
40: print 
implode(' - ', (($r = @$stmt->fetch(PDO::FETCH_NUM)) ? $r : array())) ."\n";
41: print 
implode(' - '$stmt->errorinfo()) ."\n";
42:
43: print 
"-------------------------------------------------------\n";
44:
45:
$queries = array(
46:     
"SELECT 1, 'foo' FROM DUAL WHERE 1 = :id AND '\\0' IS NULL AND  2 <> :id",
47:     
"SELECT 1 FROM DUAL WHERE 1 = :id AND '' AND  2 <> :id",
48:     
"SELECT 1 FROM DUAL WHERE 1 = :id AND '\'\'' = '''' AND  2 <> :id",
49:     
"SELECT 1 FROM DUAL WHERE 1 = :id AND '\'' = '''' AND  2 <> :id",
50:     
"SELECT 'a', 'b\'' FROM DUAL WHERE '''' LIKE '\\'' AND 1",
51:     
"SELECT 'a''', '\'b\'' FROM DUAL WHERE '''' LIKE '\\'' AND 1",
52:     
"SELECT UPPER(:id) FROM DUAL WHERE '1'",
53:     
"SELECT 1 FROM DUAL WHERE '\''",
54:     
"SELECT 1 FROM DUAL WHERE :id AND '\\0' OR :id",
55:     
"SELECT 1 FROM DUAL WHERE 'a\\f\\n\\0' AND 1 >= :id",
56:     
"SELECT 1 FROM DUAL WHERE '\'' = ''''",
57:     
"SELECT '\\n' '1 FROM DUAL WHERE '''' and :id'",
58:     
"SELECT 1 'FROM DUAL WHERE :id AND '''' = '''' OR 1 = 1 AND ':id",
59: );
60:
61:
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES1);
62:
$id 1;
63:
64: foreach (
$queries as $k => $query) {
65:     
$stmt $db->prepare($query);
66:     
$stmt->bindParam(':id'$id);
67:     
$stmt->execute();
68:     
69:     
printf("[%d] Query: [[%s]]\n"$k 1$query);
70:     print 
implode(' - ', (($r = @$stmt->fetch(PDO::FETCH_NUM)) ? $r : array())) ."\n";
71:     print 
implode(' - '$stmt->errorinfo()) ."\n";
72:     print 
"--------\n";
73: }
74:
75:
?>
76:

Expected

1
00000 -  - 
-------------------------------------------------------
[1] Query: [[SELECT 1 FROM DUAL WHERE 1 = '?\'\'']]

00000 -  - 
--------
[2] Query: [[SELECT 'a\'0' FROM DUAL WHERE 1 = ?]]
a'0
00000 -  - 
--------
[3] Query: [[SELECT 'a', 'b\'' FROM DUAL WHERE '''' LIKE '\'' AND ?]]
a - b'
00000 -  - 
--------
[4] Query: [[SELECT 'foo?bar', '', '''' FROM DUAL WHERE ?]]
foo?bar -  - '
00000 -  - 
--------
Query: [[SELECT upper(:id) FROM DUAL WHERE '1']]
O'\0
00000 -  - 
-------------------------------------------------------
[1] Query: [[SELECT 1, 'foo' FROM DUAL WHERE 1 = :id AND '\0' IS NULL AND  2 <> :id]]

00000 -  - 
--------
[2] Query: [[SELECT 1 FROM DUAL WHERE 1 = :id AND '' AND  2 <> :id]]

00000 -  - 
--------
[3] Query: [[SELECT 1 FROM DUAL WHERE 1 = :id AND '\'\'' = '''' AND  2 <> :id]]

00000 -  - 
--------
[4] Query: [[SELECT 1 FROM DUAL WHERE 1 = :id AND '\'' = '''' AND  2 <> :id]]
1
00000 -  - 
--------
[5] Query: [[SELECT 'a', 'b\'' FROM DUAL WHERE '''' LIKE '\'' AND 1]]
a - b'
00000 -  - 
--------
[6] Query: [[SELECT 'a''', '\'b\'' FROM DUAL WHERE '''' LIKE '\'' AND 1]]
a' - 'b'
00000 -  - 
--------
[7] Query: [[SELECT UPPER(:id) FROM DUAL WHERE '1']]
1
00000 -  - 
--------
[8] Query: [[SELECT 1 FROM DUAL WHERE '\'']]

00000 -  - 
--------
[9] Query: [[SELECT 1 FROM DUAL WHERE :id AND '\0' OR :id]]
1
00000 -  - 
--------
[10] Query: [[SELECT 1 FROM DUAL WHERE 'a\f\n\0' AND 1 >= :id]]

00000 -  - 
--------
[11] Query: [[SELECT 1 FROM DUAL WHERE '\'' = '''']]
1
00000 -  - 
--------
[12] Query: [[SELECT '\n' '1 FROM DUAL WHERE '''' and :id']]

1 FROM DUAL WHERE '' and :id
00000 -  - 
--------
[13] Query: [[SELECT 1 'FROM DUAL WHERE :id AND '''' = '''' OR 1 = 1 AND ':id]]
1
00000 -  - 
--------

Output

1
00000 -  - 
-------------------------------------------------------
Out of memory

Diff

004+ Out of memory
004- [1] Query: [[SELECT 1 FROM DUAL WHERE 1 = '?\'\'']]
005- 
006- 00000 -  - 
007- --------
008- [2] Query: [[SELECT 'a\'0' FROM DUAL WHERE 1 = ?]]
009- a'0
010- 00000 -  - 
011- --------
012- [3] Query: [[SELECT 'a', 'b\'' FROM DUAL WHERE '''' LIKE '\'' AND ?]]
013- a - b'
014- 00000 -  - 
015- --------
016- [4] Query: [[SELECT 'foo?bar', '', '''' FROM DUAL WHERE ?]]
017- foo?bar -  - '
018- 00000 -  - 
019- --------
020- Query: [[SELECT upper(:id) FROM DUAL WHERE '1']]
021- O'\0
022- 00000 -  - 
023- -------------------------------------------------------
024- [1] Query: [[SELECT 1, 'foo' FROM DUAL WHERE 1 = :id AND '\0' IS NULL AND  2 <> :id]]
025- 
026- 00000 -  - 
027- --------
028- [2] Query: [[SELECT 1 FROM DUAL WHERE 1 = :id AND '' AND  2 <> :id]]
029- 
030- 00000 -  - 
031- --------
032- [3] Query: [[SELECT 1 FROM DUAL WHERE 1 = :id AND '\'\'' = '''' AND  2 <> :id]]
033- 
034- 00000 -  - 
035- --------
036- [4] Query: [[SELECT 1 FROM DUAL WHERE 1 = :id AND '\'' = '''' AND  2 <> :id]]
037- 1
038- 00000 -  - 
039- --------
040- [5] Query: [[SELECT 'a', 'b\'' FROM DUAL WHERE '''' LIKE '\'' AND 1]]
041- a - b'
042- 00000 -  - 
043- --------
044- [6] Query: [[SELECT 'a''', '\'b\'' FROM DUAL WHERE '''' LIKE '\'' AND 1]]
045- a' - 'b'
046- 00000 -  - 
047- --------
048- [7] Query: [[SELECT UPPER(:id) FROM DUAL WHERE '1']]
049- 1
050- 00000 -  - 
051- --------
052- [8] Query: [[SELECT 1 FROM DUAL WHERE '\'']]
053- 
054- 00000 -  - 
055- --------
056- [9] Query: [[SELECT 1 FROM DUAL WHERE :id AND '\0' OR :id]]
057- 1
058- 00000 -  - 
059- --------
060- [10] Query: [[SELECT 1 FROM DUAL WHERE 'a\f\n\0' AND 1 >= :id]]
061- 
062- 00000 -  - 
063- --------
064- [11] Query: [[SELECT 1 FROM DUAL WHERE '\'' = '''']]
065- 1
066- 00000 -  - 
067- --------
068- [12] Query: [[SELECT '\n' '1 FROM DUAL WHERE '''' and :id']]
069- 
070- 1 FROM DUAL WHERE '' and :id
071- 00000 -  - 
072- --------
073- [13] Query: [[SELECT 1 'FROM DUAL WHERE :id AND '''' = '''' OR 1 = 1 AND ':id]]
074- 1
075- 00000 -  - 
076- --------

 

Generated at Mon, 27 Nov 2017 05:04:32 +0000 (16 days ago)

Copyright © 2005-2017 The PHP Group
All rights reserved.