PHP :: Bug #48754 :: mysql_close() crash php when no handle specified

Bug #48754

mysql_close() crash php when no handle specified

Submitted:

2009-07-01 12:30 UTC

Modified:

2009-09-18 10:50 UTC

Votes:	53
Avg. Score:	4.5 ± 0.9
Reproduced:	49 of 50 (98.0%)
Same Version:	46 (93.9%)
Same OS:	34 (69.4%)

From:

busia at tiscali dot it

Assigned:

mysql (profile)

Status:

Closed

Package:

MySQL related

PHP Version:

5.3.0 (as of 21-07-2008)

OS:

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	busia at tiscali dot it
New email:
PHP Version:		OS:

New Comment:

[2009-07-01 12:30 UTC] busia at tiscali dot it

Description:
------------
This simple code crash php.

This is the Debug diagnostic tool output:

In php__PID__5128__Date__07_01_2009__Time_02_22_25PM__909__Second_Chance_Exception_C0000005.dmp the assembly instruction at php_mysql!zif_mysql_close+92 in C:\Program Files\PHP\ext\php_mysql.dll from The PHP Group has caused an access violation exception (0xC0000005) when trying to read from memory location 0x00000000 on thread 0


Report for php__PID__5128__Date__07_01_2009__Time_02_22_25PM__909__Second_Chance_Exception_C0000005.dmp
Type of Analysis Performed   Crash Analysis 
Machine Name   PC-UTENTE 
Operating System   Windows Vista Service Pack 1 
Number Of Processors   2 
Process ID   5128 
Process Image   C:\Program Files\PHP\php.exe 
System Up-Time   00:13:11 
Process Up-Time   00:00:02 


Thread 0 - System ID 5132
Entry point   php!mainCRTStartup 
Create time   01/07/2009 14.22.23 
Time spent in user mode   0 Days 0:0:0.31 
Time spent in kernel mode   0 Days 0:0:0.62 






Function     Arg 1     Arg 2     Arg 3   Source 
php_mysql!zif_mysql_close+92     00000000     02a0d350     00000000    
php5ts!zend_do_fcall_common_helper_SPEC+946     00000000     02a40070     00052fd0    
php5ts!ZEND_DO_FCALL_SPEC_CONST_HANDLER+130     00c0fbd4     00052fd0     00c0fe70    
php5ts!execute+29e     02a40070     00052f00     00000000    
php5ts!zend_execute_scripts+f6     00000008     00052fd0     00000000    
php5ts!php_execute_script+22d     00c0fe70     00052fd0     00000000    
php!main+bf1     00000002     00052f68     00051888    
php!mainCRTStartup+e3     7ffdb000     00c0ffd4     77bee4b6    
kernel32!BaseThreadInitThunk+e     7ffdb000     770bbeaf     00000000    
ntdll!__RtlUserThreadStart+23     00402d78     7ffdb000     00000000    
ntdll!_RtlUserThreadStart+1b     00402d78     7ffdb000     00000000    




PHP_MYSQL!ZIF_MYSQL_CLOSE+92In php__PID__5128__Date__07_01_2009__Time_02_22_25PM__909__Second_Chance_Exception_C0000005.dmp the assembly instruction at php_mysql!zif_mysql_close+92 in C:\Program Files\PHP\ext\php_mysql.dll from The PHP Group has caused an access violation exception (0xC0000005) when trying to read from memory location 0x00000000 on thread 0

Module Information 
Image Name: C:\Program Files\PHP\ext\php_mysql.dll   Symbol Type:  PDB 
Base address: 0x01c30000   Time Stamp:  Mon Jun 29 22:24:49 2009  
Checksum: 0x00000000   Comments:  Thanks to Zeev Suraski, Zak Greant, Georg Richter 
COM DLL: False   Company Name:  The PHP Group 
ISAPIExtension: False   File Description:  MySQL 
ISAPIFilter: False   File Version:  5.3.0 
Managed DLL: False   Internal Name:  MYSQL extension 
VB DLL: False   Legal Copyright:  Copyright ? 1997-2009 The PHP Group 
Loaded Image Name:  php_mysql.dll   Legal Trademarks:  PHP 
Mapped Image Name:  C:\Program Files\PHP\ext\php_mysql.dll   Original filename:  php_mysql.dll 
Module name:  php_mysql   Private Build:   
Single Threaded:  False   Product Name:  PHP 
Module Size:  44,00 KBytes   Product Version:  5.3.0 
Symbol File Name:  C:\Users\utente\Desktop\php-debug-pack-5.3.0-Win32-VC6-x86\php_mysql.pdb   Special Build:  & 




Reproduce code:
---------------
<?php
sleep(2);
mysql_connect('127.0.0.1', 'root', 'root');
mysql_close();
?>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-07-01 18:04 UTC] sjoerd-php at linuxonly dot nl

Thank you for your bug report.

I have a couple of questions regarding your bug report:
1. Is the sleep(2) needed to reproduce the bug?
2. Does the database connection succeed? (i.e. what is the return value of mysql_connect?)

[2009-07-01 21:59 UTC] busia at tiscali dot it

1) The sleep function is not needed
2) The connection is successfull

An other information: if I save in $a the mysql_connect return value and pass it to mysql_close php doesn't crash. In othe words this script works well:
<?
$a=mysql_connect('127.0.0.1', 'root', 'root');
mysql_close($a);
?>

This instead crashes php:
<?
mysql_connect('127.0.0.1', 'root', 'root');
mysql_close();
?>

[2009-07-02 13:05 UTC] uw@php.net

This one is funny. It may have existed since more than one year now and nobody has ever found it.

[2009-07-02 16:45 UTC] uw@php.net

Really a great one.

The bug exists since 21-07-2008. That is 11 months and 1 week ago. Sometimes I which users would try non-GA versions just in case test suites don't catch issues...

This is when the bug was introduced:
http://cvs.php.net/viewvc.cgi/php-src/ext/mysql/php_mysql.c?r1=1.213.2.6.2.16.2.22&r2=1.213.2.6.2.16.2.23&

mysql_link points to NULL and that's causing a crash. 

Possible workaround (as suggested by Johannes):

nixnutz@linux-en61:~/src/login/php5> cvs diff ext/mysql/tests/
cvs diff: Diffing .
cvs diff: Diffing ext
cvs diff: Diffing ext/mysql
cvs diff: Diffing ext/mysql/tests
nixnutz@linux-en61:~/src/login/php5> cvs diff ext/mysql/
cvs diff: Diffing ext/mysql
Index: ext/mysql/php_mysql.c
===================================================================
RCS file: /repository/php-src/ext/mysql/php_mysql.c,v
retrieving revision 1.213.2.6.2.16.2.37
diff -r1.213.2.6.2.16.2.37 php_mysql.c
372a373,376
> #ifdef MYSQL_USE_MYSQLND
>       mysqlnd_end_psession(link->conn);
> #endif
>
987,995c991
< #ifdef MYSQL_USE_MYSQLND
<       {
<               int tmp;
<               if ((mysql = zend_list_find(Z_RESVAL_P(mysql_link), &tmp)) && tmp == le_plink) {
<                       mysqlnd_end_psession(mysql->conn);
<               }
<       }
< #endif
<       if (mysql_link) { /* explicit resource number */
---
>       if (mysql_link) {
cvs diff: Diffing ext/mysql/tests


Someone may want to review that.

[2009-07-07 14:47 UTC] xektrum at gmail dot com

Description:
------
I can confirm this, I'm having the same issue with php 5.3 and apache2 when calling mysql_close without a mysql_link as parameter.

Reproduce code: 
------
<?php

mysql_connect('localhost','root','password');
mysql_close(); // win32 uncaught exception catched by MSVS

?>

Workaround/not crashing:
------
<?php
$link = mysql_connect('localhost','root','password');
mysql_close($link);
?>

Exception :
------
Not handled Exception in 0x006e2072 in httpd.exe: 0xC0000005:
Access violation when reading location 0x00000000.

Note : The Exception has been translated so it is not literal

[2009-07-14 01:50 UTC] sujoe_2006 at 163 dot com

my development evioronment is 
   windows xp sp2
   apache 2.2
   php 5.3.0
   mysql 5.1.36

I write some code in test.php
<?php
   $conn = mysql_connect('ip','user','password');
   mysql_close();
?>
then ,I Will be catched a error by apache 2.2,it is:
"...
0x006e2072 in httpd.exe: 0xC0000005:
Access violation when reading location 0x00000000.
..."

but when check the mysql_close function like this for test.php
<?php
   $conn = mysql_connect('ip','user','password');
   mysql_close($conn);
?>
it will work no any error.
so ,i want to know its reason of the mysql_close(),please mail to me
Thanks!

[2009-07-16 14:34 UTC] guillermog at tricuspide dot com

Still in the release, I really think lot's of people are having the same 
problem with their sctripts!!

I filled a bug report hours ago to later accidentally find that it was a 
very simple problem. Once I found the problem I looked for mysql_close 
and version 5.3 to find this bug report.

Uff finnally after the whole day!!!

Regards,

Guillermo

[2009-08-26 05:13 UTC] jfb at zer7 dot com

I get this as well. I had avoided upgrading my ancient PHP code (some of it was from PHP4); turns out it being that ancient also means it uses old patterns, like not using handles. :)

Likely that newer code will not encounter this, so it'll be folks upgrading slowly and cautiously.

[2009-08-28 23:27 UTC] empacc100 at seznam dot cz

WinXP SP3, PHP 5.3.0 VC9 TS, Apache 2.2.13 (apachelounge) + mod_fcgid 2.2b, MySQL 5.1.37 == same bug (php-cgi.exe crash)

/*
* php-cgi.exe OK
*/
$a=mysql_connect('127.0.0.1:3306', 'root', 'fdgdfgd'));
mysql_close($a);

/*
* php-cgi.exe CRASH
*/
mysql_connect('127.0.0.1:3306', 'root', 'fdgdfgd'));
mysql_close();

[2009-09-09 05:21 UTC] louis at steelbytes dot com

repro on 5.3.0 on Win2003 using php.exe in command shell.  didn't have this problem with 5.2.10

[2009-09-18 10:46 UTC] svn@php.net

Automatic comment from SVN on behalf of andrey
Revision: http://svn.php.net/viewvc/?view=revision&revision=288436
Log: Fix for bug#48754 mysql_close() crash php when no handle specified

[2009-09-18 10:49 UTC] svn@php.net

Automatic comment from SVN on behalf of andrey
Revision: http://svn.php.net/viewvc/?view=revision&revision=288437
Log: MFH:Fix for bug#48754 mysql_close() crash php when no handle specified

[2009-09-18 10:50 UTC] andrey@php.net

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Fix should be part of 5.3.1

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue Mar 11 04:01:28 2025 UTC