php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #66762 Segfault in mysqli_stmt::bind_result() when link closed
Submitted: 2014-02-24 15:05 UTC Modified: 2014-02-25 09:08 UTC
From: remi@php.net Assigned: remi (profile)
Status: Closed Package: MySQLi related
PHP Version: 5.4.25 OS: GNU/Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: remi@php.net
New email:
PHP Version: OS:

 

 [2014-02-24 15:05 UTC] remi@php.net 
Description:
------------
Trying to use a Mysqli_Stmt object after the Mysql object is clean result in segfault.

Notice: only with libmysqlclient (no segfault with mysqlnd).

I haven't find a simple solution to check if the link oject is still valid from the stmt object...


Test script:
---------------
$mysqli = new mysqli($host, $user, $pass, $db);
$read_stmt = $mysqli->prepare("SELECT 1");
$mysqli = null;
$read_stmt->bind_result($data);

Expected result:
----------------
no segfault.

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.

(gdb) bt
#0  0x00007ffff7aedf3c in mysql_stmt_bind_result () from /usr/lib64/mysql/libmysqlclient.so.18
#1  0x0000000000474b59 in mysqli_stmt_bind_result_do_bind (start=0, argc=<optimized out>, args=0x7ffff7ab7cb8, stmt=0x7ffff7ab7560)
    at /tmp/php-5.5.9/ext/mysqli/mysqli_api.c:430
#2  zif_mysqli_stmt_bind_result (ht=<optimized out>, return_value=0x7ffff7ab8dd8, return_value_ptr=<optimized out>, this_ptr=<optimized out>, 
    return_value_used=<optimized out>) at /tmp/php-5.5.9/ext/mysqli/mysqli_api.c:509
#3  0x000000000062667a in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7a81260) at /tmp/php-5.5.9/Zend/zend_vm_execute.h:550
#4  0x00000000005a2b38 in execute_ex (execute_data=0x7ffff7a81260) at /tmp/php-5.5.9/Zend/zend_vm_execute.h:363
#5  0x000000000057c14d in zend_execute_scripts (type=type@entry=8, retval=retval@entry=0x0, file_count=file_count@entry=3) at /tmp/php-5.5.9/Zend/zend.c:1316
#6  0x000000000051dae2 in php_execute_script (primary_file=primary_file@entry=0x7fffffffc8b0) at /tmp/php-5.5.9/main/main.c:2506
#7  0x0000000000628734 in do_cli (argc=2, argv=0x9be8b0) at /tmp/php-5.5.9/sapi/cli/php_cli.c:994
#8  0x000000000041a107 in main (argc=2, argv=0x9be8b0) at /tmp/php-5.5.9/sapi/cli/php_cli.c:1378
(gdb) 
#0  0x00007ffff7aedf3c in mysql_stmt_bind_result () from /usr/lib64/mysql/libmysqlclient.so.18
#1  0x0000000000474b59 in mysqli_stmt_bind_result_do_bind (start=0, argc=<optimized out>, args=0x7ffff7ab7cb8, stmt=0x7ffff7ab7560)
    at /tmp/php-5.5.9/ext/mysqli/mysqli_api.c:430
#2  zif_mysqli_stmt_bind_result (ht=<optimized out>, return_value=0x7ffff7ab8dd8, return_value_ptr=<optimized out>, this_ptr=<optimized out>, 
    return_value_used=<optimized out>) at /tmp/php-5.5.9/ext/mysqli/mysqli_api.c:509
#3  0x000000000062667a in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7a81260) at /tmp/php-5.5.9/Zend/zend_vm_execute.h:550
#4  0x00000000005a2b38 in execute_ex (execute_data=0x7ffff7a81260) at /tmp/php-5.5.9/Zend/zend_vm_execute.h:363
#5  0x000000000057c14d in zend_execute_scripts (type=type@entry=8, retval=retval@entry=0x0, file_count=file_count@entry=3) at /tmp/php-5.5.9/Zend/zend.c:1316
#6  0x000000000051dae2 in php_execute_script (primary_file=primary_file@entry=0x7fffffffc8b0) at /tmp/php-5.5.9/main/main.c:2506
#7  0x0000000000628734 in do_cli (argc=2, argv=0x9be8b0) at /tmp/php-5.5.9/sapi/cli/php_cli.c:994
#8  0x000000000041a107 in main (argc=2, argv=0x9be8b0) at /tmp/php-5.5.9/sapi/cli/php_cli.c:1378

Patches

mysqli-protect-link.patch (last revision 2014-02-25 07:44 UTC by remi@php.net)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-02-24 16:35 UTC] remi@php.net 
The following patch has been added/updated:

Patch Name: mysqli-protect-link.patch
Revision:   1393259740
URL:        https://bugs.php.net/patch-display.php?bug=66762&patch=mysqli-protect-link.patch&revision=1393259740
 [2014-02-24 16:36 UTC] remi@php.net 
The attached patch seems to be a workaround.

Each new statement increment link refcount, so the link will be really destroyed after all statements.
 [2014-02-24 17:35 UTC] remi@php.net
-Assigned To: +Assigned To: andrey
 [2014-02-24 17:35 UTC] remi@php.net 
@Andrey, can you please review this patch ?
 [2014-02-24 18:21 UTC] remi@php.net 
The following patch has been added/updated:

Patch Name: mysqli-protect-link.patch
Revision:   1393266074
URL:        https://bugs.php.net/patch-display.php?bug=66762&patch=mysqli-protect-link.patch&revision=1393266074
 [2014-02-24 18:27 UTC] remi@php.net 
As the link is already protected by a internal refcount in mysqlnd, the new patch implement this refcount only when build with libmysqlclient.
 [2014-02-25 07:32 UTC] remi@php.net 
The following patch has been added/updated:

Patch Name: mysqli-protect-link.patch
Revision:   1393313566
URL:        https://bugs.php.net/patch-display.php?bug=66762&patch=mysqli-protect-link.patch&revision=1393313566
 [2014-02-25 07:44 UTC] remi@php.net 
The following patch has been added/updated:

Patch Name: mysqli-protect-link.patch
Revision:   1393314266
URL:        https://bugs.php.net/patch-display.php?bug=66762&patch=mysqli-protect-link.patch&revision=1393314266
 [2014-02-25 09:08 UTC] remi@php.net
-Assigned To: andrey +Assigned To: remi
 [2014-02-25 09:08 UTC] remi@php.net 
I will apply this patch in 5.4+ in a few days (so for 5.4.27/5.5.11)
 [2014-02-27 07:50 UTC] remi@php.net 
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src.git;a=commit;h=9137acc7ecdf1542fe6fda5056a0273359682735
Log: Fixed Bug #66762 Segfault in mysqli_stmt::bind_result() when link closed
 [2014-02-27 07:50 UTC] remi@php.net
-Status: Assigned +Status: Closed
 [2014-02-28 20:06 UTC] ab@php.net 
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src.git;a=commit;h=9137acc7ecdf1542fe6fda5056a0273359682735
Log: Fixed Bug #66762 Segfault in mysqli_stmt::bind_result() when link closed
 [2014-02-28 20:11 UTC] ab@php.net 
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src.git;a=commit;h=9137acc7ecdf1542fe6fda5056a0273359682735
Log: Fixed Bug #66762 Segfault in mysqli_stmt::bind_result() when link closed
 [2014-04-10 04:47 UTC] tyrael@php.net 
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src.git;a=commit;h=9137acc7ecdf1542fe6fda5056a0273359682735
Log: Fixed Bug #66762 Segfault in mysqli_stmt::bind_result() when link closed
 [2014-10-07 23:16 UTC] stas@php.net 
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=9137acc7ecdf1542fe6fda5056a0273359682735
Log: Fixed Bug #66762 Segfault in mysqli_stmt::bind_result() when link closed
 [2014-10-07 23:27 UTC] stas@php.net 
Automatic comment on behalf of remi
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=9137acc7ecdf1542fe6fda5056a0273359682735
Log: Fixed Bug #66762 Segfault in mysqli_stmt::bind_result() when link closed
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sun Oct 26 13:00:02 2025 UTC