php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #34623 Segfault when selecting 'longtext' field with pdo/mysql
Submitted: 2005-09-24 06:03 UTC Modified: 2005-10-19 16:12 UTC
From: stewey at ambitious dot ca Assigned: wez (profile)
Status: Closed Package: PDO related
PHP Version: 5CVS-2005-09-29 (snap) OS: Mac OS X 10.4.2
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: stewey at ambitious dot ca
New email:
PHP Version: OS:

 

 [2005-09-24 06:03 UTC] stewey at ambitious dot ca
Description:
------------
Selecting a text field using PDO and the PDO MySQL driver 
intermittently causes a seg fault. Occurs roughly one out of 
two times. If I don't select the text field, it runs fine. 

Possibly related to Bug #33533.

Reproduce code:
---------------
$PDO = new PDO(  
	"mysql:dbname=test;host=127.0.0.1", 
	'user', 'pass' );
$statement = $PDO->prepare("select * from table");
$statement->execute();
$rows = $statement->fetchAll( PDO_FETCH_ASSOC );

print_r($rows);
exit;


Expected result:
----------------
All columns of all rows of the table.

Actual result:
--------------
[Fri Sep 23 20:55:10 2005] [notice] child pid 12721 exit 
signal Segmentation fault (11)


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-09-28 00:20 UTC] stewey at ambitious dot ca
Bug has resurfaced. Tested with php5-200509271430. Reproduce 
code is the same as before.

[Tue Sep 27 15:15:31 2005] [notice] child pid 15934 exit 
signal Segmentation fault (11)

Here is the backtrace:

(gdb) run -X
Starting program: /usr/local/apache2/bin/httpd -X
Reading symbols for shared libraries .+++ done
Reading symbols for shared libraries .... done

Program received signal EXC_BAD_ACCESS, Could not access 
memory.
Reason: KERN_INVALID_ADDRESS at address: 0x7269748d
0x020a1504 in dispatch_param_event (stmt=0x49ac08, 
event_type=PDO_PARAM_EVT_FETCH_POST) at /Users/stewey/
Desktop/php5-200509271430/ext/pdo/pdo_stmt.c:133
133             if (!stmt->methods->param_hook) {
(gdb) bt
#0  0x020a1504 in dispatch_param_event (stmt=0x49ac08, 
event_type=PDO_PARAM_EVT_FETCH_POST) at /Users/stewey/
Desktop/php5-200509271430/ext/pdo/pdo_stmt.c:133
#1  0x020a26b4 in do_fetch_common (stmt=0x49ac08, 
ori=PDO_FETCH_ORI_NEXT, offset=0, do_bind=1) at /Users/
stewey/Desktop/php5-200509271430/ext/pdo/pdo_stmt.c:542
#2  0x020a36d8 in do_fetch (stmt=0x49ac08, do_bind=1, 
return_value=0x49fb78, how=PDO_FETCH_ASSOC, 
ori=PDO_FETCH_ORI_NEXT, offset=0, return_all=0x0) at /Users/
stewey/Desktop/php5-200509271430/ext/pdo/pdo_stmt.c:754
#3  0x020a56e8 in zif_PDOStatement_fetchAll (ht=1, 
return_value=0x49bba8, return_value_ptr=0x0, 
this_ptr=0x49a7e8, return_value_used=1) at /Users/stewey/
Desktop/php5-200509271430/ext/pdo/pdo_stmt.c:1348
#4  0x0232daac in zend_do_fcall_common_helper_SPEC 
(execute_data=0xbfffe578) at /Users/stewey/Desktop/
php5-200509271430/Zend/zend_vm_execute.h:187
#5  0x0232eca4 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER 
(execute_data=0xbfffe578) at /Users/stewey/Desktop/
php5-200509271430/Zend/zend_vm_execute.h:310
#6  0x0232d4e8 in execute (op_array=0x499678) at /Users/
stewey/Desktop/php5-200509271430/Zend/zend_vm_execute.h:88
#7  0x022ed6b0 in zend_execute_scripts (type=8, retval=0x0, 
file_count=3) at /Users/stewey/Desktop/php5-200509271430/
Zend/zend.c:1087
#8  0x02282420 in php_execute_script 
(primary_file=0xbfffef44) at /Users/stewey/Desktop/
php5-200509271430/main/main.c:1677
#9  0x023a2840 in php_handler (r=0x18bde50) at /Users/
stewey/Desktop/php5-200509271430/sapi/apache2handler/
sapi_apache2.c:568
#10 0x0003daf4 in ap_run_handler (r=0x18bde50) at config.c:
152
#11 0x0003e0bc in ap_invoke_handler (r=0x18bde50) at 
config.c:364
#12 0x0001203c in ap_process_request (r=0x18bde50) at 
http_request.c:249
#13 0x0000cc14 in ap_process_http_connection (c=0x18b7f28) 
at http_core.c:251
#14 0x00044898 in ap_run_process_connection (c=0x18b7f28) at 
connection.c:43
#15 0x000298f8 in child_main (child_num_arg=4828168) at 
prefork.c:610
#16 0x000299dc in make_child (s=0x180ad58, slot=0) at 
prefork.c:650
#17 0x00029b14 in startup_children (number_to_start=5) at 
prefork.c:722
#18 0x00029fe0 in ap_mpm_run (_pconf=0x1806418, plog=0x5, 
s=0x180ad58) at prefork.c:941
#19 0x0002baf4 in main (argc=2, argv=0xbffffb20) at main.c:
618
 [2005-09-28 13:03 UTC] sniper@php.net
How did you compile/configure PHP?

 [2005-09-28 17:20 UTC] stewey at ambitious dot ca
$ ./configure --with-apxs2=/usr/local/apache2/bin/apxs --
with-mysql=/usr/local/mysql --enable-pdo --prefix=/usr/
local/php5 --with-xmlrpc --with-pdo-mysql --enable-debug

$ make

$ make install

Hope that helps!
 [2005-09-28 22:03 UTC] tony2001@php.net
Can't reproduce.
Please show your CREATE TABLE command.
Also, are you able to replicate it using PHP CLI ?
 [2005-09-28 23:11 UTC] stewey at ambitious dot ca
It's actually a 'longtext'. I'm very sorry for the 
misinformation. To the obvious question: yes, this makes the 
difference. If it's 'text', no problem, longtext = segfault. 
Again, I'm sorry.

Yes, I can repro via the CLI. Would you like a backtrace of 
that?


CREATE TABLE `article` (
  `articleId` int(10) unsigned NOT NULL auto_increment,
  `parentId` int(10) unsigned NOT NULL default '0',
  `templateId` int(10) unsigned NOT NULL default '0',
  `title` varchar(100) NOT NULL default '',
  `subTitle` varchar(255) default NULL,
  `text` longtext NOT NULL,
  `creationTime` timestamp NULL default NULL,
  `modificationTime` timestamp NULL default 
CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP,
  `state` enum('Online','Offline') NOT NULL default 
'Online',
  `audience` enum('Private','Public') NOT NULL default 
'Private',
  `childSortOrder` enum
('Title','Date','Popularity','Arbitrary') NOT NULL default 
'Title',
  `sortWeight` int(11) NOT NULL default '0',
  PRIMARY KEY  (`articleId`),
  KEY `parentId` (`parentId`,`templateId`),
  FULLTEXT KEY `title` (`title`,`subTitle`,`text`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
 [2005-09-28 23:36 UTC] tony2001@php.net
Still no luck in reproducing it.
Please do the following in gdb (when you got the backtrace):
gdb> p *stmt
gdb> p *stmt->methods
and paste results here.
 [2005-09-28 23:44 UTC] stewey at ambitious dot ca
Hope this helps...


(gdb) p *stmt
$1 = {
  ce = 0x712f6461, 
  properties = 0x74615f69, 
  in_get = 0, 
  in_set = 1, 
  methods = 0x72697479, 
  driver_data = 0x2f696e64, 
  executed = 0, 
  supports_placeholders = 3, 
  _reserved = 91762280, 
  column_count = 1953328163, 
  columns = 0x646f776e, 
  database_object_handle = {
    value = {
      lval = 1735549284, 
      dval = 2.0473549222889057e+190, 
      str = {
        val = 0x67726164 <Address 0x67726164 out of bounds>, 
        len = 1696742984
      }, 
      ht = 0x67726164, 
      obj = {
        handle = 1735549284, 
        handlers = 0x65223e48
      }
    }, 
    refcount = 1870078052, 
    type = 111 'o', 
    is_ref = 32 ' '
  }, 
  dbh = 0x646f776e, 
  bound_params = 0x67726164, 
  bound_param_map = 0x65206120, 
  bound_columns = 0x63686563, 
  row_count = 1802530665, 
  query_string = 0x6e742073 <Address 0x6e742073 out of 
bounds>, 
  query_stringlen = 1864397928, 
  active_query_string = 0x61742061 <Address 0x61742061 out 
of bounds>, 
  active_query_stringlen = 1847616865, 
  error_code = "rlier ", 
  lazy_object_ref = {
    value = {
      lval = 1920361842, 
      dval = 2.3894187096828918e+243, 
      str = {
        val = 0x72766572 <Address 0x72766572 out of bounds>, 
        len = 537725472
      }, 
      ht = 0x72766572, 
      obj = {
        handle = 1920361842, 
        handlers = 0x200d0a20
      }
    }, 
    refcount = 538976355, 
    type = 97 'a', 
    is_ref = 110 'n'
  }, 
  refcount = 1700881440, 
  default_fetch_type = 1769226044, 
  fetch = {
    column = 794902048, 
    cls = {
      ce = 0x2f613e20, 
      ctor_args = 0xd0a2020, 
      retval_ptr = 0x3c6c693e, 
      fci = {
        size = 1012998248, 
        function_table = 0x7265663d, 
        function_name = 0x22687474, 
        symbol_table = 0x703a2f2f, 
        retval_ptr_ptr = 0x636f6d70, 
        param_count = 1970562418, 
        params = 0x2f646570, 
        object_pp = 0x6f742f69, 
        no_separation = 110 'n'
      }, 
      fcc = {
        initialized = 110 'n', 
        function_handler = 0x74732f66, 
        calling_scope = 0x61712f64, 
        object_pp = 0x6174615f
      }
    }, 
    func = {
      function = 0x2f613e20, 
      fetch_args = 0xd0a2020, 
      object = 0x3c6c693e, 
      fci = {
        size = 1012998248, 
        function_table = 0x7265663d, 
        function_name = 0x22687474, 
        symbol_table = 0x703a2f2f, 
        retval_ptr_ptr = 0x636f6d70, 
        param_count = 1970562418, 
        params = 0x2f646570, 
        object_pp = 0x6f742f69, 
        no_separation = 110 'n'
      }, 
      fcc = {
        initialized = 110 'n', 
        function_handler = 0x74732f66, 
        calling_scope = 0x61712f64, 
        object_pp = 0x6174615f
      }, 
      values = 0x696e7465
    }, 
    into = 0x2f613e20
  }, 
  named_rewrite_template = 0x67726974 <Address 0x67726974 
out of bounds>
}
(gdb) p *stmt->methods
Cannot access memory at address 0x72697479
 [2005-09-29 00:06 UTC] tony2001@php.net
And what does valgrind say about it?
valgrind --tool=memcheck --leak-check=yes --num-callers=30 php /path/to/your/script.php
 [2005-09-29 00:18 UTC] stewey at ambitious dot ca
No valgrind on my system :(  A brief look around suggests it 
isn't available (won't build?) on OS X.  If you know 
otherwise, or if there's an alternative tool for OS X, please 
let me know.
 [2005-09-29 03:59 UTC] iliaa@php.net
Are you certain that you are using the latest pdo and pdo_mysql extensions from the CVS?
 [2005-09-29 05:23 UTC] stewey at ambitious dot ca
Nope; I'm using: php5-200509271430. I'll test again with the 
latest snap and report back.
 [2005-09-29 08:01 UTC] stewey at ambitious dot ca
Problem persists with php5-200509290230.
 [2005-10-19 16:12 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Nov 23 07:01:29 2024 UTC