php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #1052 SIGSEGV in mysql_free_result after mysql_fetch_row
Submitted: 1999-01-10 18:31 UTC Modified: 1999-06-20 10:15 UTC
From: hessu at hes dot iki dot fi Assigned:
Status: Closed Package: Reproducible Crash
PHP Version: 3.0.6 OS: Linux 2.0.35 / RH5.2 / libc6 / D
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [1999-01-10 18:31 UTC] hessu at hes dot iki dot fi 
Script:

$q = "SELECT field  FROM table WHERE (key = '$key')";
$r = mysql_query($q);
$n = mysql_numrows($r);

while ($row = mysql_fetch_row($r)) {
	print "$row[0]<br>\n";
}

mysql_free_result($r);

At this point the httpd process gets a SIGSEGV. If you don't put the
mysql_free_result() here, the SIGSEGV happens after the script has been
executed and the client has got the data, presumably when php3 is automatically
freeing the memory.

If i don't do the mysql_fetch_row(), it doesn't crash.

I tried this out on my Intel based Linux box, and it worked OK, so i would suppose
it's got something to do with the 64 bit pointers on the Alpha, perhaps the
pointer being freed is cast to a variable with too few bits somewhere.

Here's the backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x15555e6a678 in chunk_free (ar_ptr=0x15555fd52d8, p=0x120234610)
    at malloc.c:2964
malloc.c:2964: No such file or directory.
(gdb) bt
#0  0x15555e6a678 in chunk_free (ar_ptr=0x15555fd52d8, p=0x120234610)
    at malloc.c:2964
#1  0x15555e6a4fc in __libc_free (mem=0x15555fd52d8) at malloc.c:2877
#2  0x1555577a428 in my_no_flags_free ()
#3  0x1555577852c in mysql_free_result ()
#4  0x120049e98 in _free_mysql_result (mysql_result=0x15555fd52d8)
    at functions/mysql.c:191
#5  0x12002bed4 in list_entry_destructor (ptr=0x12023f308) at list.c:99
#6  0x120022060 in _php3_hash_del_key_or_index (ht=0x1201ee788, arKey=0x0, 
    nKeyLength=0, h=2, flag=1) at php3_hash.c:608
#7  0x12002be00 in php3_list_do_delete (list=0x15555fd52d8, id=2) at list.c:75
#8  0x12004e3c4 in php3_mysql_free_result (ht=0x15555fd52d8, 
    return_value=0x1201eb1f8, list=0x1201ee788, plist=0x2)
    at functions/mysql.c:1963
#9  0x120068d48 in phpparse () at control_structures_inline.h:930
#10 0x120020574 in php3_parse (yyin=0x15555fd52d8) at main.c:1474
#11 0x120020818 in apache_php3_module_main (r=0x120228a00, fd=28, 
    display_source_mode=0, preprocessed=0) at main.c:1854
#12 0x12001d290 in send_php3 (r=0x120228a00, display_source_mode=0, 
    preprocessed=0, filename=0x120229c70 "/home/www/hes/html/noh/query.php3")
    at mod_php3.c:245
#13 0x12001d340 in send_parsed_php3 (r=0x15555fd52d8) at mod_php3.c:261
#14 0x12007a398 in ap_invoke_handler (r=0x120228a00) at http_config.c:505
...

I read through that code path, and couldn't find anything obviously wrong,
perhaps it's around the fetch_row() somewhere. The fetch_row itself works...

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [1999-06-20 10:15 UTC] sas at cvs dot php dot net 
This kind of error was fixed in 3.0.8. You shouldn't see it anymore with newer versions.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri May 03 01:01:33 2024 UTC