PHP :: Bug #29252 :: Segmentation fault

Bug #29252

Segmentation fault

Submitted:

2004-07-19 09:45 UTC

Modified:

2004-07-20 22:40 UTC

Votes:	2
Avg. Score:	4.0 ± 1.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

clemens at gutweiler dot net

Assigned:

Status:

Not a bug

Package:

Reproducible crash

PHP Version:

4.3.8

OS:

Linux 2.4.19-xfs

Private report:

CVE-ID:

None

View Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	clemens at gutweiler dot net
New email:
PHP Version:		OS:

New/Additional Comment:

[2004-07-19 09:45 UTC] clemens at gutweiler dot net

Description:
------------
Segfault of php-cli and apache-sapi (apxs).

Reproduce code:
---------------
could not extract the reproduce code

Expected result:
----------------
no segfault

Actual result:
--------------
(gdb) run index.php
Starting program: /usr/local/bin/php index.php
[Thread debugging using libthread_db enabled]
[New Thread 16384 (LWP 11311)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 11311)]
0x40816a8f in strlen () from /lib/libc.so.6
(gdb) bt
#0  0x40816a8f in strlen () from /lib/libc.so.6
#1  0x081701ba in add_property_string_ex (arg=0x0, key=0x0, key_len=0, str=0x40 <Address 0x40 out of bounds>, duplicate=1) at /usr/local/src/php-4.3.8/Zend/zend_API.c:978
#2  0x0809e241 in zif_mysql_fetch_field (ht=0, return_value=0x82ab164, this_ptr=0x0, return_value_used=1) at /usr/local/src/php-4.3.8/ext/mysql/php_mysql.c:2165
#3  0x0817c706 in execute (op_array=0x8245b84) at /usr/local/src/php-4.3.8/Zend/zend_execute.c:1635
#4  0x0817c477 in execute (op_array=0x8256c3c) at /usr/local/src/php-4.3.8/Zend/zend_execute.c:1679
#5  0x0817c477 in execute (op_array=0x8283c18) at /usr/local/src/php-4.3.8/Zend/zend_execute.c:1679
#6  0x0817c477 in execute (op_array=0x82837e8) at /usr/local/src/php-4.3.8/Zend/zend_execute.c:1679
#7  0x0817c477 in execute (op_array=0x82be804) at /usr/local/src/php-4.3.8/Zend/zend_execute.c:1679
#8  0x0817db12 in execute (op_array=0x822e8a4) at /usr/local/src/php-4.3.8/Zend/zend_execute.c:2200
#9  0x0817db12 in execute (op_array=0x82370f4) at /usr/local/src/php-4.3.8/Zend/zend_execute.c:2200
#10 0x0817db12 in execute (op_array=0x822e71c) at /usr/local/src/php-4.3.8/Zend/zend_execute.c:2200
#11 0x0816debb in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/local/src/php-4.3.8/Zend/zend.c:891
#12 0x08141f2f in php_execute_script (primary_file=0xbffffd10) at /usr/local/src/php-4.3.8/main/main.c:1734
#13 0x08181a3c in main (argc=2, argv=0xbffffd94) at /usr/local/src/php-4.3.8/sapi/cli/php_cli.c:822
(gdb) frame 3
#3  0x0817c706 in execute (op_array=0x8245b84) at /usr/local/src/php-4.3.8/Zend/zend_execute.c:1635
1635                                                            ((zend_internal_function *) EX(function_state).function)->handler(EX(opline)->extended_value, EX(Ts)[EX(opline)->result.u.var].var.ptr, EX(object).ptr, return_value_used TSRMLS_CC);
(gdb) print (char *)(executor_globals.function_state_ptr->function)->common.function_name
$1 = 0x818a859 "mysql_fetch_field"

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-07-20 02:45 UTC] iliaa@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc.

If possible, make the script source available online and provide
an URL to it here. Try avoid embedding huge scripts into the report.

[2004-07-20 09:23 UTC] clemens at gutweiler dot net

<?php
        mysql_connect('localhost','username','password');
        mysql_select_db('test');
        mysql_query('CREATE TABLE segfault (col VARCHAR(100) NOT NULL)');
        mysql_query('INSERT INTO segfault (col) VALUES ("fooo")');

        $q = 'SELECT * FROM segfault';
        if($r=mysql_query($q)) {
                // crash..
                var_dump(mysql_fetch_field($r));
        }
?>

[2004-07-20 13:36 UTC] clemens at gutweiler dot net

PHP used wrong mysql library version (3 instead of 4), see bug #23490.

./configure --with-mysql=/usr/local/mysql-4.x.x .. use the library in /usr/lib and not in /usr/local/mysql-4.x.x.

Is this a bug?

[2004-07-20 13:37 UTC] clemens at gutweiler dot net

Sorry, the bug shouldnt be closed :)

[2004-07-20 22:40 UTC] sniper@php.net

Closed.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Oct 17 11:01:28 2024 UTC