PHP :: Bug #1052 :: SIGSEGV in mysql_free_result after mysql_fetch

Bug #1052	SIGSEGV in mysql_free_result after mysql_fetch_row
Submitted:	1999-01-10 18:31 UTC	Modified:	1999-06-20 10:15 UTC
From:	hessu at hes dot iki dot fi	Assigned:
Status:	Closed	Package:	Reproducible Crash
PHP Version:	3.0.6	OS:	Linux 2.0.35 / RH5.2 / libc6 / D
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	hessu at hes dot iki dot fi
New email:
PHP Version:		OS:

New Comment:

[1999-01-10 18:31 UTC] hessu at hes dot iki dot fi

Script:

$q = "SELECT field  FROM table WHERE (key = '$key')";
$r = mysql_query($q);
$n = mysql_numrows($r);

while ($row = mysql_fetch_row($r)) {
	print "$row[0]<br>\n";
}

mysql_free_result($r);

At this point the httpd process gets a SIGSEGV. If you don't put the
mysql_free_result() here, the SIGSEGV happens after the script has been
executed and the client has got the data, presumably when php3 is automatically
freeing the memory.

If i don't do the mysql_fetch_row(), it doesn't crash.

I tried this out on my Intel based Linux box, and it worked OK, so i would suppose
it's got something to do with the 64 bit pointers on the Alpha, perhaps the
pointer being freed is cast to a variable with too few bits somewhere.

Here's the backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x15555e6a678 in chunk_free (ar_ptr=0x15555fd52d8, p=0x120234610)
    at malloc.c:2964
malloc.c:2964: No such file or directory.
(gdb) bt
#0  0x15555e6a678 in chunk_free (ar_ptr=0x15555fd52d8, p=0x120234610)
    at malloc.c:2964
#1  0x15555e6a4fc in __libc_free (mem=0x15555fd52d8) at malloc.c:2877
#2  0x1555577a428 in my_no_flags_free ()
#3  0x1555577852c in mysql_free_result ()
#4  0x120049e98 in _free_mysql_result (mysql_result=0x15555fd52d8)
    at functions/mysql.c:191
#5  0x12002bed4 in list_entry_destructor (ptr=0x12023f308) at list.c:99
#6  0x120022060 in _php3_hash_del_key_or_index (ht=0x1201ee788, arKey=0x0, 
    nKeyLength=0, h=2, flag=1) at php3_hash.c:608
#7  0x12002be00 in php3_list_do_delete (list=0x15555fd52d8, id=2) at list.c:75
#8  0x12004e3c4 in php3_mysql_free_result (ht=0x15555fd52d8, 
    return_value=0x1201eb1f8, list=0x1201ee788, plist=0x2)
    at functions/mysql.c:1963
#9  0x120068d48 in phpparse () at control_structures_inline.h:930
#10 0x120020574 in php3_parse (yyin=0x15555fd52d8) at main.c:1474
#11 0x120020818 in apache_php3_module_main (r=0x120228a00, fd=28, 
    display_source_mode=0, preprocessed=0) at main.c:1854
#12 0x12001d290 in send_php3 (r=0x120228a00, display_source_mode=0, 
    preprocessed=0, filename=0x120229c70 "/home/www/hes/html/noh/query.php3")
    at mod_php3.c:245
#13 0x12001d340 in send_parsed_php3 (r=0x15555fd52d8) at mod_php3.c:261
#14 0x12007a398 in ap_invoke_handler (r=0x120228a00) at http_config.c:505
...

I read through that code path, and couldn't find anything obviously wrong,
perhaps it's around the fetch_row() somewhere. The fetch_row itself works...

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[1999-06-20 10:15 UTC] sas at cvs dot php dot net

This kind of error was fixed in 3.0.8. You shouldn't see it anymore with newer versions.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sun Jul 06 15:01:35 2025 UTC