PHP :: Bug #36802 :: Signal 11 with with mysqli_set

Bug #36802

Signal 11 with with mysqli_set_charset ()

Submitted:

2006-03-20 19:49 UTC

Modified:

2006-03-27 17:11 UTC

Votes:	2
Avg. Score:	4.0 ± 1.0
Reproduced:	2 of 2 (100.0%)
Same Version:	2 (100.0%)
Same OS:	2 (100.0%)

From:

mdalton at galaxytelecom dot net

Assigned:

georg (profile)

Status:

Closed

Package:

Reproducible crash

PHP Version:

5.1.2

OS:

Linux

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	mdalton at galaxytelecom dot net
New email:
PHP Version:		OS:

New Comment:

[2006-03-20 19:49 UTC] mdalton at galaxytelecom dot net

Description:
------------
While trying to call set_charset method on a mysqli object php crashes with a signal 11.

Situation tested on a stock ubuntu php + mysqli + mysql 5.0 setup, and on a home rolled apache+hardened-php+mysql 5.0 system

Reproduce code:
---------------
<?php
$mysqli = mysqli_init ();
$mysqli->set_charset ( 'utf8' );
echo $mysqli->character_set_name ();
?>


Expected result:
----------------
script should echo 'utf8'

Actual result:
--------------
The apache child process bombs with a signal 11

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-03-20 19:51 UTC] tony2001@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5.1-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.1-win32-latest.zip

If you still can reproduce it with plain PHP, please provide gdb backtrace (see http://bugs.php.net/bugs-generating-backtrace.php).

[2006-03-20 23:28 UTC] judas dot iscariote at gmail dot com

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 46912513283232 (LWP 30938)]
0x00002aaaae4b9c65 in mysql_send_query () from /usr/lib64/libmysqlclient.so.15
(gdb) bt
#0  0x00002aaaae4b9c65 in mysql_send_query () from /usr/lib64/libmysqlclient.so.15
#1  0x00002aaaae4b9cd9 in mysql_real_query () from /usr/lib64/libmysqlclient.so.15
#2  0x00002aaaae4ba011 in mysql_set_character_set () from /usr/lib64/libmysqlclient.so.15
#3  0x00002aaaae6dcbc2 in zif_mysqli_set_charset (ht=<value optimized out>, return_value=0x950488,
    return_value_ptr=<value optimized out>, this_ptr=<value optimized out>, return_value_used=<value optimized out>)
    at /usr/src/debug/php-5.1.2/ext/mysqli/mysqli_nonapi.c:329
#4  0x00000000005555d0 in zend_do_fcall_common_helper_SPEC (execute_data=0x7fffffb1d2a0) at zend_vm_execute.h:200
#5  0x0000000000554c53 in execute (op_array=0x9657a8) at zend_vm_execute.h:92
#6  0x000000000053857c in zend_execute_scripts (type=8, retval=<value optimized out>, file_count=3)
    at /usr/src/debug/php-5.1.2/Zend/zend.c:1109
#7  0x00000000004fac35 in php_execute_script (primary_file=0x7fffffb1f950) at /usr/src/debug/php-5.1.2/main/main.c:1725
#8  0x00000000005c9285 in main (argc=2, argv=0x7fffffb1fb08) at /usr/src/debug/php-5.1.2/sapi/cli/php_cli.c:1092

php -v

PHP 5.1.3RC2-dev (cli) (built: Mar 20 2006 17:23:27)

[2006-03-20 23:57 UTC] judas dot iscariote at gmail dot com

although Im not an expert on this,

seems the OP example lacks of a valid internal "mysql_link" (created with mysqli_real_connect or similar ) and some validation is missing in the mysqli extension an that result in a crash...

I deduce this because using a valid mysqli link the function works as expected.

This is a bug anyway, no userspace code should crash PHP.

[2006-03-21 16:35 UTC] iliaa@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

[2006-03-22 10:55 UTC] georg@php.net

reopened

[2006-03-27 17:11 UTC] georg@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Apr 04 08:01:30 2025 UTC