PHP :: Bug #55431 :: SIGSEV11 mysqli_result::fetch

Bug #55431	SIGSEV11 mysqli_result::fetch_fields
Submitted:	2011-08-16 01:12 UTC	Modified:	2011-08-17 12:52 UTC
From:	lgandras at gmail dot com	Assigned:
Status:	Closed	Package:	Reproducible crash
PHP Version:	5.3.6	OS:	Cent OS 5.6
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	lgandras at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2011-08-16 01:12 UTC] lgandras at gmail dot com

Description:
------------
Hi,

I was using phpunit 3.5.13 during this crash. I'm executing a query of type "SHOW CREATE TABLE `name`". I'm also using Zend framework 1.11.6. This means the query es being executed using prepare. I believe this has something to do with the fact that the field returned by mysql has a space in between "Create table". I've got to have a crash executing the same query in other environment, but without being able to reproduce. That time the error came up executing mysqli_result::fetch_fields. This time i don't really know.

'./configure' '--disable-fileinfo' '--disable-pdo' '--disable-phar' '--enable-bcmath' '--enable-calendar' '--enable-ftp' '--enable-libxml' '--enable-magic-quotes' '--enable-mbstring' '--enable-pcntl' '--enable-shmop' '--enable-soap' '--enable-sockets' '--enable-sysvmsg' '--enable-sysvsem' '--enable-sysvshm' '--enable-zip' '--prefix=/usr' '--with-curl=/opt/curlssl/' '--with-gd' '--with-imap=/opt/php_with_imap_client/' '--with-imap-ssl=/usr' '--with-jpeg-dir=/usr' '--with-kerberos' '--with-libxml-dir=/opt/xml2' '--with-libxml-dir=/opt/xml2/' '--with-mcrypt=/opt/libmcrypt/' '--with-mysql=/usr' '--with-mysql-sock=/var/lib/mysql/mysql.sock' '--with-mysqli=/usr/bin/mysql_config' '--with-openssl=/usr' '--with-openssl-dir=/usr' '--with-pcre-regex=/opt/pcre' '--with-png-dir=/usr' '--with-xpm-dir=/usr' '--with-zlib' '--with-zlib-dir=/usr' '--without-sqlite3' 



#0  0x0841f2e8 in add_property_string_ex (arg=0xa2cce98, key=0x87ad4cc "catalog", key_len=8, str=0x79726100 <Address 0x79726100 out of bounds>, duplicate=1)
    at /home/cpeasyapache/src/php-5.3.6/Zend/zend_API.c:1524
#1  0x081d7628 in php_add_field_properties (value=0xa2cce98, field=0x9c65874) at /home/cpeasyapache/src/php-5.3.6/ext/mysqli/mysqli_api.c:1056
#2  0x081d79b7 in zif_mysqli_fetch_fields (ht=0, return_value=0xa2ea190, return_value_ptr=0x0, this_ptr=0xa2ea310, return_value_used=1)
    at /home/cpeasyapache/src/php-5.3.6/ext/mysqli/mysqli_api.c:1114
#3  0x0844632f in zend_do_fcall_common_helper_SPEC (execute_data=0x9c16e40) at /home/cpeasyapache/src/php-5.3.6/Zend/zend_vm_execute.h:316
#4  0x08446f6b in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x9c16e40) at /home/cpeasyapache/src/php-5.3.6/Zend/zend_vm_execute.h:421
#5  0x084456fe in execute (op_array=0xa022ae8) at /home/cpeasyapache/src/php-5.3.6/Zend/zend_vm_execute.h:107
#6  0x0840b5a3 in zend_call_function (fci=0xbf80a798, fci_cache=0xbf80a784) at /home/cpeasyapache/src/php-5.3.6/Zend/zend_execute_API.c:964
#7  0x081ed8f6 in zim_reflection_method_invokeArgs (ht=2, return_value=0xa2eb2fc, return_value_ptr=0x0, this_ptr=0xa2eb450, return_value_used=1)
    at /home/cpeasyapache/src/php-5.3.6/ext/reflection/php_reflection.c:2745
#8  0x0844632f in zend_do_fcall_common_helper_SPEC (execute_data=0x9c15a18) at /home/cpeasyapache/src/php-5.3.6/Zend/zend_vm_execute.h:316
#9  0x08446f6b in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x9c15a18) at /home/cpeasyapache/src/php-5.3.6/Zend/zend_vm_execute.h:421
#10 0x084456fe in execute (op_array=0xa18b944) at /home/cpeasyapache/src/php-5.3.6/Zend/zend_vm_execute.h:107
#11 0x08419b44 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/cpeasyapache/src/php-5.3.6/Zend/zend.c:1194
#12 0x083ad584 in php_execute_script (primary_file=0xbf80cc94) at /home/cpeasyapache/src/php-5.3.6/main/main.c:2268
#13 0x084e6f64 in main (argc=2, argv=0xbf80cdf4) at /home/cpeasyapache/src/php-5.3.6/sapi/cli/php_cli.c:1193


The same executed again

#0  0x0841f2e8 in add_property_string_ex (arg=0x9bd0ae4, key=0x87ad4cc "catalog", key_len=8, str=0x3c202000 <Address 0x3c202000 out of bounds>, duplicate=1)
    at /home/cpeasyapache/src/php-5.3.6/Zend/zend_API.c:1524
#1  0x081d7628 in php_add_field_properties (value=0x9bd0ae4, field=0x955aae4) at /home/cpeasyapache/src/php-5.3.6/ext/mysqli/mysqli_api.c:1056
#2  0x081d79b7 in zif_mysqli_fetch_fields (ht=0, return_value=0x9bd11e4, return_value_ptr=0x0, this_ptr=0x9bd1364, return_value_used=1)
    at /home/cpeasyapache/src/php-5.3.6/ext/mysqli/mysqli_api.c:1114
#3  0x0844632f in zend_do_fcall_common_helper_SPEC (execute_data=0x95040f8) at /home/cpeasyapache/src/php-5.3.6/Zend/zend_vm_execute.h:316
#4  0x08446f6b in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x95040f8) at /home/cpeasyapache/src/php-5.3.6/Zend/zend_vm_execute.h:421
#5  0x084456fe in execute (op_array=0x9910360) at /home/cpeasyapache/src/php-5.3.6/Zend/zend_vm_execute.h:107
#6  0x0840b5a3 in zend_call_function (fci=0xbf8d91f8, fci_cache=0xbf8d91e4) at /home/cpeasyapache/src/php-5.3.6/Zend/zend_execute_API.c:964
#7  0x081ed8f6 in zim_reflection_method_invokeArgs (ht=2, return_value=0x9bd2344, return_value_ptr=0x0, this_ptr=0x9bd2444, return_value_used=1)
    at /home/cpeasyapache/src/php-5.3.6/ext/reflection/php_reflection.c:2745
#8  0x0844632f in zend_do_fcall_common_helper_SPEC (execute_data=0x9502a18) at /home/cpeasyapache/src/php-5.3.6/Zend/zend_vm_execute.h:316
#9  0x08446f6b in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x9502a18) at /home/cpeasyapache/src/php-5.3.6/Zend/zend_vm_execute.h:421
#10 0x084456fe in execute (op_array=0x9a7aa7c) at /home/cpeasyapache/src/php-5.3.6/Zend/zend_vm_execute.h:107
#11 0x08419b44 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/cpeasyapache/src/php-5.3.6/Zend/zend.c:1194
#12 0x083ad584 in php_execute_script (primary_file=0xbf8db6f4) at /home/cpeasyapache/src/php-5.3.6/main/main.c:2268
#13 0x084e6f64 in main (argc=2, argv=0xbf8db854) at /home/cpeasyapache/src/php-5.3.6/sapi/cli/php_cli.c:1193

The thing is when i get to write many echos, the segfault stops appearing. This is really frustrating. Right now i can't provide anything more. Any recommendations?

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2011-08-16 01:21 UTC] lgandras at gmail dot com

-Summary: SIGSEV11 phpunit 3.5.13 +Summary: SIGSEV11 mysqli_result::fetch_fields

[2011-08-16 01:21 UTC] lgandras at gmail dot com

Definitively the problematic function is mysqli_result::fetch_fields

[2011-08-16 03:57 UTC] laruence@php.net

-Status: Open +Status: Feedback

[2011-08-16 03:57 UTC] laruence@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.

[2011-08-17 12:52 UTC] lgandras at gmail dot com

-Status: Feedback +Status: Closed

[2011-08-17 12:52 UTC] lgandras at gmail dot com

This is a duplicate of https://bugs.php.net/bug.php?id=55414

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Mon May 12 13:01:27 2025 UTC