PHP :: Bug #48821 :: mysql_fetch_array segfaults on second parameter

Bug #48821	mysql_fetch_array segfaults on second parameter
Submitted:	2009-07-06 16:59 UTC	Modified:	2009-08-09 14:54 UTC
From:	margus at zone dot ee	Assigned:
Status:	Not a bug	Package:	MySQL related
PHP Version:	5.3.0	OS:	CentOS 4.7/x86_64
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	margus at zone dot ee
New email:
PHP Version:		OS:

New Comment:

[2009-07-06 16:59 UTC] margus at zone dot ee

Description:
------------
mysql_fetch_assoc/mysql_fetch_array will segfault PHP if second parameter (MYSQL_BOTH, MYSQL_ASSOC or MYSQL_NUM) is specified.

The value of parameter does'nt make any difference.

This happens only for PHP-CGI and Apache module and strangely not to CLI.

Reproduce code:
---------------
<?php

mysql_connect ("localhost", "user", "password");
mysql_select_db ("test");

$r = mysql_query ("SELECT * FROM users");

print_r (mysql_fetch_assoc ($r, MYSQL_BOTH));

?>

Expected result:
----------------
Array
(
    [id] => 1
    [username] => asd1
    [email] => asd2
    [asd] => 2000
)

Actual result:
--------------
Segmentation fault

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-07-06 17:19 UTC] jani@php.net

What was the full configure line used to compile PHP?

[2009-07-06 18:41 UTC] margus at zone dot ee

Configure line is quite traditional:

'./configure' '--prefix=/opt/zone' '--with-config-file-path=/etc/opt/zone/php53-module' '--with-apxs2=/opt/zone/sbin/apxs' '--with-mysql=/opt/zone/x86_64/configure-for-mysql51' '--with-pdo-mysql=/opt/zone/x86_64/configure-for-mysql51' '--with-pdo-sqlite' '--disable-cli' '--with-openssl=/usr/x86_64' '--enable-mbstring' '--with-curl=/usr/x86_64' '--with-gd' '--enable-exif' '--with-zlib-dir=/usr/x86_64' '--with-png-dir=/usr/x86_64' '--with-jpeg-dir=/usr/x86_64' '--with-freetype-dir=/usr/x86_64' '--disable-sockets' '--with-iconv=/opt/zone/x86_64' '--without-pear' '--with-libxml-dir=/opt/zone/x86_64' '--disable-phar'

[2009-07-16 08:18 UTC] margus at zone dot ee

Configure line for SAPI:

'./configure' '--prefix=/opt/zone'
'--with-config-file-path=/etc/opt/zone/php53-module'
'--with-apxs2=/opt/zone/sbin/apxs'
'--with-mysql=/opt/zone/x86_64/configure-for-mysql51'
'--with-pdo-mysql=/opt/zone/x86_64/configure-for-mysql51'
'--with-pdo-sqlite' '--disable-cli' '--with-openssl=/usr/x86_64'
'--enable-mbstring' '--with-curl=/usr/x86_64' '--with-gd'
'--enable-exif' '--with-zlib-dir=/usr/x86_64'
'--with-png-dir=/usr/x86_64' '--with-jpeg-dir=/usr/x86_64'
'--with-freetype-dir=/usr/x86_64' '--disable-sockets'
'--with-iconv=/opt/zone/x86_64' '--without-pear'
'--with-libxml-dir=/opt/zone/x86_64' '--disable-phar'

[2009-07-21 22:08 UTC] jani@php.net

Neither of the provided configure lines produce CLI binary, so how can 
it crash?

[2009-07-22 15:30 UTC] erki at zone dot ee

Hello.

Actually, Margus was saying that CLI does not crash, that's why he disabled CLI.

I tested this case a little further and discovered, that CLI also crashes and this bug appears on x86_64 systems using GCC 3 and with GCC optimization enabled.
Using GCC 4 or disabling GCC optimization fixes this bug.

These are my results on Debian (squeeze):

Configure lines:
---------------
CC=gcc-3.4 ./configure --disable-all --with-mysql               [DOES NOT WORK]
CC=gcc-3.4 CFLAGS=-O1 ./configure --disable-all --with-mysql    [DOES NOT WORK]
CC=gcc-3.4 CFLAGS=-O0 ./configure --disable-all --with-mysql    [WORKS]
CC=gcc-4.0 ./configure --disable-all --with-mysql               [WORKS]


Reproduce code:
---------------
sapi/cli/php -r "mysql_fetch_array (fopen ('php://stdin', 'r'), MYSQL_BOTH);"
(I'm using fopen, because the first parameter must be some kind of resource, but the actual value makes no difference)


Expected result:
----------------
Warning: mysql_fetch_array(): supplied resource is not a valid MySQL result resource in Command line code on line 1


Actual result:
--------------
Segmentation fault

[2009-08-09 14:54 UTC] jani@php.net

GCC bugs are not PHP bugs.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue May 13 01:01:28 2025 UTC