php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #70073 mysqlnd crashes on stored procedure call execution
Submitted: 2015-07-14 16:32 UTC Modified: 2020-10-29 15:48 UTC
Votes:3
Avg. Score:4.3 ± 0.9
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (50.0%)
From: johntiror at gmail dot com Assigned:
Status: Duplicate Package: MySQL related
PHP Version: 5.6Git-2015-07-14 (snap) OS: Winows/Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: johntiror at gmail dot com
New email:
PHP Version: OS:

 

 [2015-07-14 16:32 UTC] johntiror at gmail dot com 
Description:
------------
Apache is crashing systematically with error:
AH00428: Parent: child process 9628 exited with status 255 -- Restarting.

APACHE error log:

[Tue Jul 14 15:02:13.038276 2015] [mpm_winnt:notice] [pid 7044:tid 404] AH00428: Parent: child process 9448 exited with status 255 -- Restarting.
[Tue Jul 14 15:02:13.324305 2015] [mpm_winnt:notice] [pid 7044:tid 404] AH00455: Apache/2.4.9 (Win32) PHP/5.5.12 configured -- resuming normal operations
[Tue Jul 14 15:02:13.329306 2015] [mpm_winnt:notice] [pid 7044:tid 404] AH00456: Apache Lounge VC11 Server built: Mar 16 2014 12:13:13
[Tue Jul 14 15:02:13.329306 2015] [core:notice] [pid 7044:tid 404] AH00094: Command line: 'C:\\Program Files\\wamp\\bin\\apache\\apache2.4.9\\bin\\httpd.exe -d C:/Program Files/wamp/bin/apache/apache2.4.9'
[Tue Jul 14 15:02:13.352308 2015] [mpm_winnt:notice] [pid 7044:tid 404] AH00418: Parent: Created child process 3140
[Tue Jul 14 15:02:14.528388 2015] [mpm_winnt:notice] [pid 3140:tid 332] AH00354: Child: Starting 64 worker threads.

I checked windows event and I found httpd.exe is crashing caused by php5ts.dll

Test script:
---------------
HOW TO REPRODUCE:

PHP code:

$mysqli=new mysqli(DB_HOST, DB_USERNAME, DB_PASSWORD, DB_NAME);

if (!($stmt = $mysqli->prepare("CALL test()"))) {
    echo "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error;
}

if (!$stmt->execute()) {
    echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
}

do {
    if ($res = $stmt->get_result()) { //Apache crash on this call
        printf("---\n");
        var_dump($res->fetch_assoc());
        mysqli_free_result($res);
    } else {
        if ($stmt->errno) {
            echo "Store failed: (" . $stmt->errno . ") " . $stmt->error;
        }
    }
} while ($stmt->more_results() && $stmt->next_result());

Store procedure code:

CREATE DEFINER=`root`@`localhost` PROCEDURE `test`()
BEGIN
declare test_var varchar(100) default "ciao";
declare bNoMoreRows bool default false;
declare test_cursor cursor for
    select id from tmp_folder;
declare continue handler for not found set bNoMoreRows := true;
create temporary table tmp_folder select "test" as id;
open test_cursor;
fetch test_cursor into test_var;
close test_cursor;
select test_var;
drop temporary table if exists tmp_folder;
END

Expected result:
----------------
I expect to read "test" in the browser

Actual result:
--------------
Apache is crashing

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-07-15 16:02 UTC] ab@php.net
-Summary: Apache crash +Summary: mysqlnd crashes on -Status: Open +Status: Verified -Operating System: Win 7 +Operating System: Winows/Linux
 [2015-07-15 16:02 UTC] ab@php.net 
I reproduce this with the same backtrace on Linux/Windows in 5.6 and 7.0.0beta1

mysqlnd_fetch_stmt_row_cursor (result=0x7ffff685d780, param=0x7ffff6814210, flags=<optimized out>, fetched_anything=0x7fffffffac5f "") at /home/anatol/tmp/php-7.0.0beta1/ext/mysqlnd/mysqlnd_ps.c:1045
1045                    SET_CLIENT_ERROR(*stmt->conn->error_info, CR_COMMANDS_OUT_OF_SYNC, UNKNOWN_SQLSTATE,
(gdb) bt
#0  mysqlnd_fetch_stmt_row_cursor (result=0x7ffff685d780, param=0x7ffff6814210, flags=<optimized out>, fetched_anything=0x7fffffffac5f "") at /home/anatol/tmp/php-7.0.0beta1/ext/mysqlnd/mysqlnd_ps.c:1045
#1  0x0000000000693a15 in php_mysqlnd_res_fetch_into_pub (result=0x7ffff685d780, flags=1, return_value=0x7ffff6814210, extension=MYSQLND_MYSQLI)
    at /home/anatol/tmp/php-7.0.0beta1/ext/mysqlnd/mysqlnd_result.c:1728
#2  0x000000000057c513 in php_mysqli_fetch_into_hash_aux (fetchtype=<optimized out>, result=<optimized out>, return_value=0x7ffff6814210) at /home/anatol/tmp/php-7.0.0beta1/ext/mysqli/mysqli.c:1216
#3  php_mysqli_fetch_into_hash (execute_data=<optimized out>, return_value=0x7ffff6814210, override_flags=<optimized out>, into_object=0) at /home/anatol/tmp/php-7.0.0beta1/ext/mysqli/mysqli.c:1267

What seems to go wrong is a "CALL test()" which mysqlnd internally thinks should deliver some data. Tested with MySQL 5.6.14. So the actual error must somewhere earlier in stmt::execute(). I'm not sure it should actually deliver some data at all, as that's a stored procedure. And this bug is kinda too MySQL specific me to decide about the correct behavior.

Thanks.
 [2015-07-15 16:02 UTC] ab@php.net
-Summary: mysqlnd crashes on +Summary: mysqlnd crashes on stored procedure call execution
 [2015-07-15 16:02 UTC] ab@php.net 
fix the summary :)
 [2015-07-15 16:03 UTC] ab@php.net
-Assigned To: +Assigned To: mysql
 [2015-07-27 15:55 UTC] mrf174 at gmail dot com 
Reproducing this is so easy. Why don't you fix it. Right now if you do
prepare("CALL `my_stored_procedure`");
execute() and do a get_result(); and try to fetch_all(); on it, PHP will make Apache exit with code 255. Tested on WAMP. Tested on IIS with PHP which made "C:\Program Files (x86)\php-5.3.28-nts-Win32-VC9-x86\php-cgi.exe - The FastCGI process exited unexpectedly".

This happens only IF you do an 'OPEN my_cursor' inside `my_stored_procedure`. Basically you can't use cursors inside MySql Stored Procedures called in mysqli prepare() (as in http://php.net/manual/en/mysqli.prepare.php). When you try to fetch data, t crashes the server and makes the http connection reset.
 [2015-07-27 16:06 UTC] mrf174 at gmail dot com 
Related bug -> https://bugs.php.net/bug.php?id=64638 in case it helps finding the issue.
 [2016-08-15 17:25 UTC] stas@php.net
-Assigned To: mysql +Assigned To: andrey
 [2017-10-24 05:46 UTC] kalle@php.net
-Status: Verified +Status: Assigned
 [2017-10-24 07:21 UTC] kalle@php.net
-Status: Assigned +Status: Open -Assigned To: andrey +Assigned To:
 [2020-10-29 15:48 UTC] nikic@php.net
-Status: Open +Status: Duplicate
 [2020-10-29 15:48 UTC] nikic@php.net 
Same issue as bug #72413, which is now fixed in that get_result() with cursors is now explicitly forbidden.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Wed Dec 18 01:01:28 2024 UTC