php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #47367 segfault when connecting while unbuffered query is running
Submitted: 2009-02-12 10:10 UTC Modified: 2009-04-28 08:05 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: Sjon at react dot nl Assigned:
Status: Closed Package: MySQL related
PHP Version: 5.2.9RC1 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: Sjon at react dot nl
New email:
PHP Version: OS:

 

 [2009-02-12 10:10 UTC] Sjon at react dot nl 
Description:
------------
PHP Segfaults when establishing a second connection when an unbuffered query is running

Since I cannot report a bug in 5.2.8; I compiled php5.2-200902120730 and reproduced the bug with that version

$ ./configure --with-mysql=shared
$ make
$ ./sapi/cli/php -v

PHP 5.2.9RC2-dev (cli) (built: Feb 12 2009 10:52:08) 
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies

$ ./sapi/cli/php -n -d extension_dir=./modules/ -d extension=mysql.so mysql-unbuffered-crash.php

Reproduce code:
---------------
<?PHP

$rl1 = mysql_connect('localhost','Sjon','test') or die (mysql_error());
mysql_query("DROP DATABASE IF EXISTS mysql_unbuffered_crash");
mysql_query("CREATE DATABASE mysql_unbuffered_crash");
mysql_select_db('mysql_unbuffered_crash') or die (mysql_error());
mysql_query("CREATE TABLE test (`data` VARCHAR( 256 ) NOT NULL) ENGINE = innodb;");
mysql_query("INSERT INTO test VALUES ('asdf');");

$rs = mysql_unbuffered_query("SELECT data FROM test"); # passing $rl1 will fix it
while ($r = mysql_fetch_assoc($rs))
{
	// Setup another connection so we don't disturb the unbuffered_query
	$rl2 = mysql_connect('localhost','Sjon','test', TRUE) or die (mysql_error($rl2));
	mysql_select_db('mysql_unbuffered_crash', $rl2) or die (mysql_error($rl2));

	var_dump($r);
}

echo 'SUCCESS';

Expected result:
----------------
array(1) {
  ["data"]=>
  string(4) "asdf"
}
SUCCESS

Actual result:
--------------
array(1) {
  ["data"]=>
  string(4) "asdf"
}
SUCCESS

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb7d4f6c0 (LWP 21345)]
zend_mm_add_to_free_list (heap=<value optimized out>, mm_block=0x9ee4e30)
    at /tmp/php5.2-200902120730/Zend/zend_alloc.c:747
747					if (ZEND_MM_FREE_BLOCK_SIZE(prev) != size) {
(gdb) bt
#0  zend_mm_add_to_free_list (heap=<value optimized out>, mm_block=0x9ee4e30)
    at /tmp/php5.2-200902120730/Zend/zend_alloc.c:747
#1  0x0826790b in _zend_mm_free_int (heap=0x9e2c1e8, p=<value optimized out>)
    at /tmp/php5.2-200902120730/Zend/zend_alloc.c:1987
#2  0x08277445 in shutdown_executor ()
    at /tmp/php5.2-200902120730/Zend/zend_execute_API.c:283
#3  0x08281aa3 in zend_deactivate ()
    at /tmp/php5.2-200902120730/Zend/zend.c:860
#4  0x08240857 in php_request_shutdown (dummy=0x0)
    at /tmp/php5.2-200902120730/main/main.c:1492
#5  0x082ecd71 in main (argc=7, argv=0xbf9c1a44)
    at /tmp/php5.2-200902120730/sapi/cli/php_cli.c:1314

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-04-27 20:46 UTC] jani@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/
 [2009-04-28 08:05 UTC] Sjon at react dot nl 
This bug is no longer reproducible in 5.2.9 or PHP 5.2.10-dev; so I assume it is fixed
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Jul 10 19:01:34 2025 UTC