PHP :: Bug #27608 :: mysql_free_result causes segfault with invalid result and exceptionerrorhandler

Bug #27608	mysql_free_result causes segfault with invalid result and exceptionerrorhandler
Submitted:	2004-03-15 12:32 UTC	Modified:	2004-04-09 11:08 UTC
From:	david dot danier at team23 dot de	Assigned:
Status:	Not a bug	Package:	MySQL related
PHP Version:	5CVS-2004-04-08	OS:	Gentoo Linux 1.4
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	david dot danier at team23 dot de
New email:
PHP Version:		OS:

New Comment:

[2004-03-15 12:32 UTC] david dot danier at team23 dot de

Description:
------------
We have a class that catches the result of mysql_query (this here in the example is minimal). In the __descruct()-method it should do an mysql_free_result(). The errorhandler
throws an exception. Now, if we do an INSERT the mysql_free_result()-function gives an error (it MUST give an error, because mysql_query() gives us no valid result if we use INSERT), this error is passed to error() whith should throw an exception. But it creates a segmentation fault. :-(
Other exceptions thrown by the error()-function are working perfectly.
SELECT-statements are working. (like they should do)

PHP-Version:
CVS 2004-03-07
(reproduced with CVS 2004-03-15)

Configured with (taken from the PHP4-ebuild, but modified):
./configure --prefix=/usr --host=i686-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --with-apxs2=/usr/sbin/apxs2 --with-ndbm=/usr --with-db4=/usr --with-mcrypt=/usr --with-mhash=/usr --without-interbase --without-ming --without-swf --without-sybase --with-gdbm=/usr --with-java=/opt/blackdown-jdk-1.4.1 --without-mcal --without-unixODBC --without-pgsql --without-snmp --with-xpm-dir=/usr/X11R6 --with-pdflib=/usr --with-gd --enable-gd-native-ttf --with-png=/usr --with-png-dir=/usr --with-jpeg=/usr --with-jpeg-dir=/usr --enable-exif --with-tiff=/usr --with-tiff-dir=/usr --with-mysql=/usr --with-mysql-sock=/var/run/mysqld/mysqld.sock --with-freetype-dir=/usr --with-ttf=/usr --with-t1lib=/usr --with-gettext --with-qtdom=/usr/qt/3 --with-pspell=/usr --with-openssl=/usr --with-imap=/usr --without-ldap --with-dom=/usr --with-dom-xslt=/usr --with-dom-exslt=/usr --without-kerberos --with-pam --disable-memory-limit --disable-ipv6 --without-yaz --without-curl --enable-dbx --with-imap-ssl --with-zlib=/usr --with-zlib-dir=/usr --with-sablot=/usr --enable-xslt --with-xslt-sablot --with-xmlrpc --enable-wddx --with-xml --enable-mbstring=all --enable-mbregex --with-bz2=/usr --with-crack=/usr --with-cdb --enable-pcntl --enable-bcmath --enable-calendar --enable-dbase --enable-filepro --enable-ftp --with-mime-magic --enable-sockets --enable-sysvsem --enable-sysvshm --enable-sysvipc --with-iconv --enable-shmop --enable-dio --enable-yp --without-ncurses --without-readline --enable-inline-optimization --enable-track-vars --enable-trans-sid --enable-versioning --with-config-file-path=/etc/php/apache2-php5

php.ini:
not changed


Reproduce code:
---------------
<?php

class result
{
        var $result;

        public function __construct($result)
        {
                if (!$result)
                {
                        die(mysql_error());
                }
                echo 'GO ';
                $this->result = $result;
        }

        public function __destruct()
        {
                echo 'OK ';
                mysql_free_result($this->result);
        }
}

function error($errno, $errstr, $errfile, $errline)
{
        throw new Exception();
}

set_error_handler('error', E_ALL);

$db = mysql_connect('localhost', 'default');
mysql_select_db('test', $db);

echo '1 '; // only to get the position the error happens
$test = new result(mysql_query('INSERT INTO blafasl SET text="segfault!"', $db));
echo '2 ';
unset($test); // if we don't unset $test PHP gives an exception error
echo '3 ';

?>


Expected result:
----------------
Errormessage about uncought exception.....

Actual result:
--------------
(gdb) bt
#0  0x082814dc in _zval_ptr_dtor (zval_ptr=0xbfffd40c)
    at /home/goliath/downloads/php/php-src/Zend/zend_execute_API.c:356
#1  0x0828c148 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /home/goliath/downloads/php/php-src/Zend/zend.c:1082
#2  0x08252b5f in php_execute_script (primary_file=0xbffff760)
    at /home/goliath/downloads/php/php-src/main/main.c:1655
#3  0x082b728c in main (argc=2, argv=0xbffff7e4)
    at /home/goliath/downloads/php/php-src/sapi/cli/php_cli.c:943

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-03-16 17:39 UTC] iliaa@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

No longer crashes with latest CVS.

[2004-03-17 06:22 UTC] david dot danier at team23 dot de

Got the same error with fresh compiled PHP from CVS.

-----------------------
$ php -v
PHP 5.0.0RC1-dev (cli) (built: Mar 17 2004 12:18:26)
Copyright (c) 1997-2004 The PHP Group
Zend Engine v2.0.0-dev, Copyright (c) 1998-2004 Zend Technologies
$ php segfault_mysql_free_result.php 
1 GO 2 OK Speicherzugriffsfehler
-----------------------
(Speicherzugriffsfehler = Segfault)

[2004-03-17 09:37 UTC] iliaa@php.net

I tried running the code again, but I only get  
"Fatal error: Exception thrown without a stack frame in 
Unknown on line 0" regardless of unset().

[2004-03-17 13:58 UTC] david dot danier at team23 dot de

Did a complete cleanup on PHP and installed the new Version:
$ rm /usr/bin/php
$ rm /usr/lib/apache2/libphp5.so
$ rm -rf /usr/lib/php
-> CVS checkout (deleted the sourcedir before)
-> newly compiled with options like above

...same error :(

'php -v' says:
PHP 5.0.0RC1-dev (cli) (built: Mar 17 2004 19:51:01)
Copyright (c) 1997-2004 The PHP Group
Zend Engine v2.0.0-dev, Copyright (c) 1998-2004 Zend Technologies

Backtrace:
(gdb) run segfault_mysql_free_result.php
Starting program: /usr/bin/php segfault_mysql_free_result.php
1 GO 2 OK 
Program received signal SIGSEGV, Segmentation fault.
0x082817bc in _zval_ptr_dtor (zval_ptr=0xbfffd37c)
    at /home/goliath/downloads/php/php-src/Zend/zend_execute_API.c:385
385             (*zval_ptr)->refcount--;
(gdb) bt
#0  0x082817bc in _zval_ptr_dtor (zval_ptr=0xbfffd37c)
    at /home/goliath/downloads/php/php-src/Zend/zend_execute_API.c:385
#1  0x0828c438 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /home/goliath/downloads/php/php-src/Zend/zend.c:1084
#2  0x08252c3f in php_execute_script (primary_file=0xbffff6d0)
    at /home/goliath/downloads/php/php-src/main/main.c:1628
#3  0x082b75fc in main (argc=2, argv=0xbffff754)
    at /home/goliath/downloads/php/php-src/sapi/cli/php_cli.c:943

[2004-03-17 14:06 UTC] david dot danier at team23 dot de

Perhaps the Apache/MySQL-Version helps:
apache-2.0.48-r1
mysql-4.0.18
(both gentoo ebuilds)

[2004-04-08 11:48 UTC] sniper@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip

[2004-04-09 09:36 UTC] david dot danier at team23 dot de

I think this "latest" snapshot is nothing more than a fresh CVS checkout, so I did the checkout first. ;-)

Same Error:
(gdb) run segfault_mysql_free_result.php 
Starting program: /usr/bin/php segfault_mysql_free_result.php
1 GO 2 OK 
Program received signal SIGSEGV, Segmentation fault.
0x08282c9c in _zval_ptr_dtor (zval_ptr=0xbfffd36c)
    at /home/goliath/downloads/php/php-src/Zend/zend_execute_API.c:389
389             (*zval_ptr)->refcount--;
(gdb) bt
#0  0x08282c9c in _zval_ptr_dtor (zval_ptr=0xbfffd36c)
    at /home/goliath/downloads/php/php-src/Zend/zend_execute_API.c:389
#1  0x0828dd08 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /home/goliath/downloads/php/php-src/Zend/zend.c:1095
#2  0x08253e0f in php_execute_script (primary_file=0xbffff6c0)
    at /home/goliath/downloads/php/php-src/main/main.c:1630
#3  0x082b988c in main (argc=2, argv=0xbffff744)
    at /home/goliath/downloads/php/php-src/sapi/cli/php_cli.c:943


After that I tried the "latest" Snapshot:

The same :(

(gdb) run segfault_mysql_free_result.php
Starting program: /home/goliath/downloads/php/latest/php5-200404091030/sapi/cli/php /home/goliath/Work/Homepages/Projekte/molp/tests/segfault_mysql_free_result.php
1 GO 2 OK 
Program received signal SIGSEGV, Segmentation fault.
0x08282b9c in _zval_ptr_dtor (zval_ptr=0xbfffd2cc)
    at /home/goliath/downloads/php/latest/php5-200404091030/Zend/zend_execute_API.c:389
389             (*zval_ptr)->refcount--;
(gdb) bt
#0  0x08282b9c in _zval_ptr_dtor (zval_ptr=0xbfffd2cc)
    at /home/goliath/downloads/php/latest/php5-200404091030/Zend/zend_execute_API.c:389
#1  0x0828dc08 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /home/goliath/downloads/php/latest/php5-200404091030/Zend/zend.c:1095
#2  0x08253d1f in php_execute_script (primary_file=0xbffff620)
    at /home/goliath/downloads/php/latest/php5-200404091030/main/main.c:1630
#3  0x082b978c in main (argc=2, argv=0xbffff6a4)
    at /home/goliath/downloads/php/latest/php5-200404091030/sapi/cli/php_cli.c:943


I tried it on another Machine with actual PHP5-CVS Sources, it runs there. So the Problem must be somewhere in my System libs or something like that.

I'm using:
Linux 2.6.5
gcc (GCC) 3.3.2 20031218
...for more version-numbers simply ask.
(other machine uses Linux 2.4.*)

[2004-04-09 11:08 UTC] sniper@php.net

Neither me or Ilia could reproduce this -> bogus (also see above comment..)

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Dec 27 02:01:29 2024 UTC