php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #27608 mysql_free_result causes segfault with invalid result and exceptionerrorhandler
Submitted: 2004-03-15 12:32 UTC Modified: 2004-04-09 11:08 UTC
From: david dot danier at team23 dot de Assigned:
Status: Not a bug Package: MySQL related
PHP Version: 5CVS-2004-04-08 OS: Gentoo Linux 1.4
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: david dot danier at team23 dot de
New email:
PHP Version: OS:

 

 [2004-03-15 12:32 UTC] david dot danier at team23 dot de
Description:
------------
We have a class that catches the result of mysql_query (this here in the example is minimal). In the __descruct()-method it should do an mysql_free_result(). The errorhandler
throws an exception. Now, if we do an INSERT the mysql_free_result()-function gives an error (it MUST give an error, because mysql_query() gives us no valid result if we use INSERT), this error is passed to error() whith should throw an exception. But it creates a segmentation fault. :-(
Other exceptions thrown by the error()-function are working perfectly.
SELECT-statements are working. (like they should do)

PHP-Version:
CVS 2004-03-07
(reproduced with CVS 2004-03-15)

Configured with (taken from the PHP4-ebuild, but modified):
./configure --prefix=/usr --host=i686-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --with-apxs2=/usr/sbin/apxs2 --with-ndbm=/usr --with-db4=/usr --with-mcrypt=/usr --with-mhash=/usr --without-interbase --without-ming --without-swf --without-sybase --with-gdbm=/usr --with-java=/opt/blackdown-jdk-1.4.1 --without-mcal --without-unixODBC --without-pgsql --without-snmp --with-xpm-dir=/usr/X11R6 --with-pdflib=/usr --with-gd --enable-gd-native-ttf --with-png=/usr --with-png-dir=/usr --with-jpeg=/usr --with-jpeg-dir=/usr --enable-exif --with-tiff=/usr --with-tiff-dir=/usr --with-mysql=/usr --with-mysql-sock=/var/run/mysqld/mysqld.sock --with-freetype-dir=/usr --with-ttf=/usr --with-t1lib=/usr --with-gettext --with-qtdom=/usr/qt/3 --with-pspell=/usr --with-openssl=/usr --with-imap=/usr --without-ldap --with-dom=/usr --with-dom-xslt=/usr --with-dom-exslt=/usr --without-kerberos --with-pam --disable-memory-limit --disable-ipv6 --without-yaz --without-curl --enable-dbx --with-imap-ssl --with-zlib=/usr --with-zlib-dir=/usr --with-sablot=/usr --enable-xslt --with-xslt-sablot --with-xmlrpc --enable-wddx --with-xml --enable-mbstring=all --enable-mbregex --with-bz2=/usr --with-crack=/usr --with-cdb --enable-pcntl --enable-bcmath --enable-calendar --enable-dbase --enable-filepro --enable-ftp --with-mime-magic --enable-sockets --enable-sysvsem --enable-sysvshm --enable-sysvipc --with-iconv --enable-shmop --enable-dio --enable-yp --without-ncurses --without-readline --enable-inline-optimization --enable-track-vars --enable-trans-sid --enable-versioning --with-config-file-path=/etc/php/apache2-php5

php.ini:
not changed


Reproduce code:
---------------
<?php

class result
{
        var $result;

        public function __construct($result)
        {
                if (!$result)
                {
                        die(mysql_error());
                }
                echo 'GO ';
                $this->result = $result;
        }

        public function __destruct()
        {
                echo 'OK ';
                mysql_free_result($this->result);
        }
}

function error($errno, $errstr, $errfile, $errline)
{
        throw new Exception();
}

set_error_handler('error', E_ALL);

$db = mysql_connect('localhost', 'default');
mysql_select_db('test', $db);

echo '1 '; // only to get the position the error happens
$test = new result(mysql_query('INSERT INTO blafasl SET text="segfault!"', $db));
echo '2 ';
unset($test); // if we don't unset $test PHP gives an exception error
echo '3 ';

?>


Expected result:
----------------
Errormessage about uncought exception.....

Actual result:
--------------
(gdb) bt
#0  0x082814dc in _zval_ptr_dtor (zval_ptr=0xbfffd40c)
    at /home/goliath/downloads/php/php-src/Zend/zend_execute_API.c:356
#1  0x0828c148 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /home/goliath/downloads/php/php-src/Zend/zend.c:1082
#2  0x08252b5f in php_execute_script (primary_file=0xbffff760)
    at /home/goliath/downloads/php/php-src/main/main.c:1655
#3  0x082b728c in main (argc=2, argv=0xbffff7e4)
    at /home/goliath/downloads/php/php-src/sapi/cli/php_cli.c:943


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-03-16 17:39 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

No longer crashes with latest CVS. 
 [2004-03-17 06:22 UTC] david dot danier at team23 dot de
Got the same error with fresh compiled PHP from CVS.

-----------------------
$ php -v
PHP 5.0.0RC1-dev (cli) (built: Mar 17 2004 12:18:26)
Copyright (c) 1997-2004 The PHP Group
Zend Engine v2.0.0-dev, Copyright (c) 1998-2004 Zend Technologies
$ php segfault_mysql_free_result.php 
1 GO 2 OK Speicherzugriffsfehler
-----------------------
(Speicherzugriffsfehler = Segfault)
 [2004-03-17 09:37 UTC] iliaa@php.net
I tried running the code again, but I only get  
"Fatal error: Exception thrown without a stack frame in 
Unknown on line 0" regardless of unset(). 
 [2004-03-17 13:58 UTC] david dot danier at team23 dot de
Did a complete cleanup on PHP and installed the new Version:
$ rm /usr/bin/php
$ rm /usr/lib/apache2/libphp5.so
$ rm -rf /usr/lib/php
-> CVS checkout (deleted the sourcedir before)
-> newly compiled with options like above

...same error :(

'php -v' says:
PHP 5.0.0RC1-dev (cli) (built: Mar 17 2004 19:51:01)
Copyright (c) 1997-2004 The PHP Group
Zend Engine v2.0.0-dev, Copyright (c) 1998-2004 Zend Technologies

Backtrace:
(gdb) run segfault_mysql_free_result.php
Starting program: /usr/bin/php segfault_mysql_free_result.php
1 GO 2 OK 
Program received signal SIGSEGV, Segmentation fault.
0x082817bc in _zval_ptr_dtor (zval_ptr=0xbfffd37c)
    at /home/goliath/downloads/php/php-src/Zend/zend_execute_API.c:385
385             (*zval_ptr)->refcount--;
(gdb) bt
#0  0x082817bc in _zval_ptr_dtor (zval_ptr=0xbfffd37c)
    at /home/goliath/downloads/php/php-src/Zend/zend_execute_API.c:385
#1  0x0828c438 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /home/goliath/downloads/php/php-src/Zend/zend.c:1084
#2  0x08252c3f in php_execute_script (primary_file=0xbffff6d0)
    at /home/goliath/downloads/php/php-src/main/main.c:1628
#3  0x082b75fc in main (argc=2, argv=0xbffff754)
    at /home/goliath/downloads/php/php-src/sapi/cli/php_cli.c:943
 [2004-03-17 14:06 UTC] david dot danier at team23 dot de
Perhaps the Apache/MySQL-Version helps:
apache-2.0.48-r1
mysql-4.0.18
(both gentoo ebuilds)
 [2004-04-08 11:48 UTC] sniper@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip


 [2004-04-09 09:36 UTC] david dot danier at team23 dot de
I think this "latest" snapshot is nothing more than a fresh CVS checkout, so I did the checkout first. ;-)

Same Error:
(gdb) run segfault_mysql_free_result.php 
Starting program: /usr/bin/php segfault_mysql_free_result.php
1 GO 2 OK 
Program received signal SIGSEGV, Segmentation fault.
0x08282c9c in _zval_ptr_dtor (zval_ptr=0xbfffd36c)
    at /home/goliath/downloads/php/php-src/Zend/zend_execute_API.c:389
389             (*zval_ptr)->refcount--;
(gdb) bt
#0  0x08282c9c in _zval_ptr_dtor (zval_ptr=0xbfffd36c)
    at /home/goliath/downloads/php/php-src/Zend/zend_execute_API.c:389
#1  0x0828dd08 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /home/goliath/downloads/php/php-src/Zend/zend.c:1095
#2  0x08253e0f in php_execute_script (primary_file=0xbffff6c0)
    at /home/goliath/downloads/php/php-src/main/main.c:1630
#3  0x082b988c in main (argc=2, argv=0xbffff744)
    at /home/goliath/downloads/php/php-src/sapi/cli/php_cli.c:943


After that I tried the "latest" Snapshot:

The same :(

(gdb) run segfault_mysql_free_result.php
Starting program: /home/goliath/downloads/php/latest/php5-200404091030/sapi/cli/php /home/goliath/Work/Homepages/Projekte/molp/tests/segfault_mysql_free_result.php
1 GO 2 OK 
Program received signal SIGSEGV, Segmentation fault.
0x08282b9c in _zval_ptr_dtor (zval_ptr=0xbfffd2cc)
    at /home/goliath/downloads/php/latest/php5-200404091030/Zend/zend_execute_API.c:389
389             (*zval_ptr)->refcount--;
(gdb) bt
#0  0x08282b9c in _zval_ptr_dtor (zval_ptr=0xbfffd2cc)
    at /home/goliath/downloads/php/latest/php5-200404091030/Zend/zend_execute_API.c:389
#1  0x0828dc08 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /home/goliath/downloads/php/latest/php5-200404091030/Zend/zend.c:1095
#2  0x08253d1f in php_execute_script (primary_file=0xbffff620)
    at /home/goliath/downloads/php/latest/php5-200404091030/main/main.c:1630
#3  0x082b978c in main (argc=2, argv=0xbffff6a4)
    at /home/goliath/downloads/php/latest/php5-200404091030/sapi/cli/php_cli.c:943


I tried it on another Machine with actual PHP5-CVS Sources, it runs there. So the Problem must be somewhere in my System libs or something like that.

I'm using:
Linux 2.6.5
gcc (GCC) 3.3.2 20031218
...for more version-numbers simply ask.
(other machine uses Linux 2.4.*)
 [2004-04-09 11:08 UTC] sniper@php.net
Neither me or Ilia could reproduce this -> bogus (also see above comment..)

 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 13:01:29 2024 UTC