From 168f53b72b688b4f5f91ab8bd06375cfeb29c60f Mon Sep 17 00:00:00 2001
From: Antony Dovgal <tony2001@php.net>
Date: Sun, 30 Jul 2006 11:19:56 +0000
Subject: [PATCH] fix bug #38253 (PDO produces segfault with default fetch
 mode) add test

---
 NEWS                         |  1 +
 ext/pdo/pdo_stmt.c           |  8 ++++++
 ext/pdo/tests/bug_38253.phpt | 47 ++++++++++++++++++++++++++++++++++++
 3 files changed, 56 insertions(+)
 create mode 100644 ext/pdo/tests/bug_38253.phpt

diff --git a/NEWS b/NEWS
index e71da9d9b8..b39a16eaa5 100644
--- a/NEWS
+++ b/NEWS
@@ -20,6 +20,7 @@ PHP                                                                        NEWS
 - Fixed a bug in the filter extension that prevented magic_quotes_gpc from
   being applied when RAW filter is used. (Ilia)
 - Fixed bug #38255 (openssl possible leaks while passing keys) (Pierre)
+- Fixed bug #38253 (PDO produces segfault with default fetch mode). (Tony)
 - Fixed bug #38236 (Binary data gets corrupted on multipart/formdata POST).
   (Ilia)
 - Fixed bug #38234 (Exception in __clone makes memory leak). (Dmitry, Nuno)
diff --git a/ext/pdo/pdo_stmt.c b/ext/pdo/pdo_stmt.c
index de448b6c4f..057e339f51 100755
--- a/ext/pdo/pdo_stmt.c
+++ b/ext/pdo/pdo_stmt.c
@@ -919,6 +919,10 @@ static int do_fetch(pdo_stmt_t *stmt, int do_bind, zval *return_value,
 					zval_dtor(&val);
 				}
 				ce = stmt->fetch.cls.ce;
+				if (!ce) {
+					pdo_raise_impl_error(stmt->dbh, stmt, "HY000", "No fetch class specified" TSRMLS_CC);
+					return 0;
+				}
 				if ((flags & PDO_FETCH_SERIALIZE) == 0) {
 					object_init_ex(return_value, ce);
 					if (!stmt->fetch.cls.fci.size) {
@@ -960,6 +964,10 @@ static int do_fetch(pdo_stmt_t *stmt, int do_bind, zval *return_value,
 				break;
 
 			case PDO_FETCH_FUNC:
+				if (!stmt->fetch.func.function) {
+					pdo_raise_impl_error(stmt->dbh, stmt, "HY000", "No fetch function specified" TSRMLS_CC);
+					return 0;
+				}
 				if (!stmt->fetch.func.fci.size) {
 					if (!do_fetch_func_prepare(stmt TSRMLS_CC))
 					{
diff --git a/ext/pdo/tests/bug_38253.phpt b/ext/pdo/tests/bug_38253.phpt
new file mode 100644
index 0000000000..713eefb701
--- /dev/null
+++ b/ext/pdo/tests/bug_38253.phpt
@@ -0,0 +1,47 @@
+--TEST--
+PDO Common: PHP Bug #38253: PDO produces segfault with default fetch mode
+--SKIPIF--
+<?php # vim:ft=php
+if (!extension_loaded('pdo')) die('skip');
+$dir = getenv('REDIR_TEST_DIR');
+if (false == $dir) die('skip no driver');
+require_once $dir . 'pdo_test.inc';
+PDOTest::skip();
+?>
+--FILE--
+<?php
+if (getenv('REDIR_TEST_DIR') === false) putenv('REDIR_TEST_DIR='.dirname(__FILE__) . '/../../pdo/tests/');
+require_once getenv('REDIR_TEST_DIR') . 'pdo_test.inc';
+$pdo = PDOTest::factory();
+
+$pdo->exec ("create table test (id integer primary key, n text)");
+$pdo->exec ("INSERT INTO test (n) VALUES ('hi')");
+
+$pdo->setAttribute (PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_CLASS);
+$stmt = $pdo->prepare ("SELECT * FROM test");
+$stmt->execute();
+var_dump($stmt->fetchAll());
+
+$pdo = PDOTest::factory();
+
+$pdo->exec ("create table test2 (id integer primary key, n text)");
+$pdo->exec ("INSERT INTO test2 (n) VALUES ('hi')");
+
+$pdo->setAttribute (PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_FUNC);
+$stmt = $pdo->prepare ("SELECT * FROM test2");
+$stmt->execute();
+var_dump($stmt->fetchAll());
+
+?>
+--EXPECTF--
+Warning: PDOStatement::fetchAll(): SQLSTATE[HY000]: General error: No fetch class specified in %s on line %d
+
+Warning: PDOStatement::fetchAll(): SQLSTATE[HY000]: General error%s on line %d
+array(0) {
+}
+
+Warning: PDOStatement::fetchAll(): SQLSTATE[HY000]: General error: No fetch function specified in %s on line %d
+
+Warning: PDOStatement::fetchAll(): SQLSTATE[HY000]: General error%s on line %d
+array(0) {
+}
-- 
2.40.0