php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #36802 Signal 11 with with mysqli_set_charset ()
Submitted: 2006-03-20 19:49 UTC Modified: 2006-03-27 17:11 UTC
Votes:2
Avg. Score:4.0 ± 1.0
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:2 (100.0%)
From: mdalton at galaxytelecom dot net Assigned: georg (profile)
Status: Closed Package: Reproducible crash
PHP Version: 5.1.2 OS: Linux
Private report: No CVE-ID: None
 [2006-03-20 19:49 UTC] mdalton at galaxytelecom dot net
Description:
------------
While trying to call set_charset method on a mysqli object php crashes with a signal 11.

Situation tested on a stock ubuntu php + mysqli + mysql 5.0 setup, and on a home rolled apache+hardened-php+mysql 5.0 system

Reproduce code:
---------------
<?php
$mysqli = mysqli_init ();
$mysqli->set_charset ( 'utf8' );
echo $mysqli->character_set_name ();
?>


Expected result:
----------------
script should echo 'utf8'

Actual result:
--------------
The apache child process bombs with a signal 11

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-03-20 19:51 UTC] tony2001@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5.1-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.1-win32-latest.zip

If you still can reproduce it with plain PHP, please provide gdb backtrace (see http://bugs.php.net/bugs-generating-backtrace.php).
 [2006-03-20 23:28 UTC] judas dot iscariote at gmail dot com
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 46912513283232 (LWP 30938)]
0x00002aaaae4b9c65 in mysql_send_query () from /usr/lib64/libmysqlclient.so.15
(gdb) bt
#0  0x00002aaaae4b9c65 in mysql_send_query () from /usr/lib64/libmysqlclient.so.15
#1  0x00002aaaae4b9cd9 in mysql_real_query () from /usr/lib64/libmysqlclient.so.15
#2  0x00002aaaae4ba011 in mysql_set_character_set () from /usr/lib64/libmysqlclient.so.15
#3  0x00002aaaae6dcbc2 in zif_mysqli_set_charset (ht=<value optimized out>, return_value=0x950488,
    return_value_ptr=<value optimized out>, this_ptr=<value optimized out>, return_value_used=<value optimized out>)
    at /usr/src/debug/php-5.1.2/ext/mysqli/mysqli_nonapi.c:329
#4  0x00000000005555d0 in zend_do_fcall_common_helper_SPEC (execute_data=0x7fffffb1d2a0) at zend_vm_execute.h:200
#5  0x0000000000554c53 in execute (op_array=0x9657a8) at zend_vm_execute.h:92
#6  0x000000000053857c in zend_execute_scripts (type=8, retval=<value optimized out>, file_count=3)
    at /usr/src/debug/php-5.1.2/Zend/zend.c:1109
#7  0x00000000004fac35 in php_execute_script (primary_file=0x7fffffb1f950) at /usr/src/debug/php-5.1.2/main/main.c:1725
#8  0x00000000005c9285 in main (argc=2, argv=0x7fffffb1fb08) at /usr/src/debug/php-5.1.2/sapi/cli/php_cli.c:1092

php -v

PHP 5.1.3RC2-dev (cli) (built: Mar 20 2006 17:23:27)
 [2006-03-20 23:57 UTC] judas dot iscariote at gmail dot com
although Im not an expert on this,

seems the OP example lacks of a valid internal "mysql_link" (created with mysqli_real_connect or similar ) and some validation is missing in the mysqli extension an that result in a crash...

I deduce this because using a valid mysqli link the function works as expected.

This is a bug anyway, no userspace code should crash PHP.
 [2006-03-21 16:35 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 [2006-03-22 10:55 UTC] georg@php.net
reopened
 [2006-03-27 17:11 UTC] georg@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 30 14:01:28 2024 UTC