php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #28933 segfault using mysqli_fetch_array
Submitted: 2004-06-26 12:58 UTC Modified: 2004-07-18 07:14 UTC
From: francesco at pnpitalia dot it Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 5CVS-2004-06-26 (dev) OS: linux gentoo 2q2004
Private report: No CVE-ID:
 [2004-06-26 12:58 UTC] francesco at pnpitalia dot it
Description:
------------
Using mysqli_fetch_array with *all* parameter (result and type) crashes php

php -e test_mysqli.php

gdb php core

(gdb) bt
#0  zend_object_store_get_object (zobject=0x2a00000000) at /INSTALL/php/php-src/Zend/zend_objects_API.c:192
#1  0x000000000051ad48 in php_mysqli_fetch_into_hash (ht=2, return_value=0x2a957b0dd0, this_ptr=0x0, return_value_used=-1073757328, override_flags=0,
    into_object=0) at /INSTALL/php/php-src/ext/mysqli/mysqli.c:602
#2  0x0000000000522b1f in zif_mysqli_fetch_array (ht=0, return_value=0x7fbfffc3b0, this_ptr=0x2, return_value_used=-1073757328)
    at /INSTALL/php/php-src/ext/mysqli/mysqli_nonapi.c:183
#3  0x000000000069fa3b in zend_do_fcall_common_helper (execute_data=0x7fbfffcac0, opline=0x2a957b6360, op_array=0x2a957b1a10)
    at /INSTALL/php/php-src/Zend/zend_execute.c:2699
#4  0x000000000069fb8a in zend_do_fcall_handler (execute_data=0x7fbfffcac0, opline=0x2a957b6360, op_array=0x2a957b1a10)
    at /INSTALL/php/php-src/Zend/zend_execute.c:2828
#5  0x000000000069c350 in execute (op_array=0x2a957b1a10) at /INSTALL/php/php-src/Zend/zend_execute.c:1391
#6  0x000000000067cba9 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /INSTALL/php/php-src/Zend/zend.c:1061
#7  0x0000000000641f4f in php_execute_script (primary_file=0x7fbffff100) at /INSTALL/php/php-src/main/main.c:1627
#8  0x00000000006aa3d5 in main (argc=3, argv=0x7fbffff268) at /INSTALL/php/php-src/sapi/cli/php_cli.c:943

other info:

#uname -a
Linux db 2.6.7-mm1 #2 SMP Mon Jun 21 11:36:21 CEST 2004 x86_64 5  GNU/Linux

#cat /proc/cpuinfo
processor       : 0
vendor_id       : AuthenticAMD
cpu family      : 15
model           : 5
model name      : AMD Opteron(tm) Processor 246
stepping        : 8
cpu MHz         : 1992.117
cache size      : 1024 KB
fpu             : yes
fpu_exception   : yes
cpuid level     : 1
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx mmxext lm 3dnowext 3dnow
bogomips        : 3915.77
TLB size        : 1088 4K pages
clflush size    : 64
cache_alignment : 64
address sizes   : 40 bits physical, 48 bits virtual
power management: ts ttp

processor       : 1
vendor_id       : AuthenticAMD
cpu family      : 15
model           : 5
model name      : AMD Opteron(tm) Processor 246
stepping        : 8
cpu MHz         : 1992.117
cache size      : 1024 KB
fpu             : yes
fpu_exception   : yes
cpuid level     : 1
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx mmxext lm 3dnowext 3dnow
bogomips        : 3981.31
TLB size        : 1088 4K pages
clflush size    : 64
cache_alignment : 64
address sizes   : 40 bits physical, 48 bits virtual
power management: ts ttp

gcc --version
gcc (GCC) 3.3.3 20040412 (Gentoo Linux 3.3.3-r6, ssp-3.3.2-2, pie-8.7.6)
Copyright (C) 2003 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

gcc --version
gcc (GCC) 3.4.0 20040601 (Gentoo Linux 3.4.0-r6, ssp-3.4-2, pie-8.7.6.3)
Copyright (C) 2004 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

mysql --version
mysql  Ver 14.5 Distrib 5.0.1-alpha, for unknown-linux (x86_64)

(also with 4.1.2)

system is gentoo linux ~amd64


#making php

./configure \
\
--enable-debug \
\
--prefix=/usr \
--with-apxs2=/usr/local/apache/bin/apxs \
--with-readline --disable-cgi \
--enable-cli --enable-embed \
--with-ndbm=/usr --with-db4=/usr \
--with-mcrypt=/usr --with-mhash=/usr \
--with-ming=/usr --with-gdbm=/usr \
--with-java=/opt/blackdown-jdk-1.4.2_rc1 \
--without-pgsql --with-xpm-dir=/usr/X11R6 \
--with-pdflib=/usr --with-gd \
--enable-gd-native-ttf --with-png \
--with-png-dir=/usr --with-jpeg \
--with-jpeg-dir=/usr --enable-exif \
--with-tiff --with-tiff-dir=/usr \
--with-freetype-dir=/usr --with-ttf=/usr \
--with-t1lib=/usr --with-gettext \
--with-qtdom=/usr/qt/3 --with-pspell=/usr \
--with-openssl=/usr --without-imap \
--without-ldap --with-dom=/usr \
--with-dom-xslt=/usr --with-dom-exslt=/usr \
--without-kerberos --with-pam \
--disable-memory-limit --enable-ipv6 \
--with-curlwrappers --with-curl=/usr \
--enable-dbx --with-zlib \
--with-zlib-dir=/usr --with-sablot=/usr \
--enable-xslt --with-xslt-sablot \
--with-xmlrpc --enable-wddx \
--with-xml --enable-mbstring=all \

#making mysql
export WANT_AUTOCONF="2.5"
export WANT_AUTOMAKE="1.8"
export CFLAGS="-O2 -march=k8 -ffast-math -DHAVE_ERRNO_AS_DEFINE=1 -DUSE_OLD_FUNCTIONS"
export CHOST="x86_64-pc-linux-gnu"
export CXXFLAGS="${CFLAGS} -felide-constructors -fno-exceptions -fno-rtti"

bk clone bk://mysql.bkbits.net/mysql-5.0 mysql-5.0
cd mysql-5.0
bk -r edit

aclocal; autoheader; autoconf; automake
cd innobase; aclocal; autoheader; autoconf; automake
cd ..
cd bdb/dist; sh s_all
cd ../..


./configure \
--prefix=/usr/local/mysql \
--without-docs \
--enable-thread-safe-client \
--enable-assembler \
--enable-local-infile \
--with-unix-socket-path=/var/run/mysqld/mysqld5.sock \
--without-debug \
--with-mysqld-user=mysql \
--with-charset=latin1 \
--with-collation=latin1_swedish_ci \
--with-extra-charsets=all \
--with-client-ldflags=-lstdc++ \
--with-embedded-server \
--with-embedded-server \
--without-innodb \
&& make -j 4

--enable-mbregex --with-bz2=/usr \
--with-crack=/usr --with-cdb \
--enable-pcntl --enable-bcmath \
--enable-calendar --enable-dbase \
--enable-filepro --enable-ftp \
--with-mime-magic --enable-sockets \
--enable-sysvsem --enable-sysvshm \
--enable-sysvipc --with-iconv \
--enable-shmop --enable-dio \
--enable-inline-optimization \
--enable-track-vars --enable-trans-sid \
--enable-versioning --with-config-file-path=/etc/php/cli-php5 \
--with-tiff-lib --enable-mime-magic \
--enable-sysvmsg --with-gmp \
--enable-soap --with-xsl \
--with-pic --x-includes=/usr/X11/include/X11 \
--x-libraries=/usr/X11/lib \
--with-mysqli=/usr/local/mysql/bin/mysql_config \
--without-mysql \
--enable-shared --enable-static \
&& make -j 8


Reproduce code:
---------------
<?php

$link = mysqli_connect("localhost", "root", "password","test_db",3306,"/path/to/mysqld.sock") or die(mysqli_error($conn));

mysqli_select_db($link, "test_db") or die(mysqli_error());

// this one will execute cleanly
$result = mysqli_query($link, "SELECT * FROM tabella") or die(mysqli_error());
while ($row = mysqli_fetch_array($result)) {
        print_r($row);
}
mysqli_free_result($result);


// this one will SEGFAULT php
$result = mysqli_query($link, "SELECT * FROM tabella") or die(mysqli_error());
while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) {
        print_r($row);
}
mysqli_free_result($result);

?>


Expected result:
----------------
query executed cleanly

Actual result:
--------------
50% ok ;)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-07-17 21:16 UTC] steve at rueb dot com
I am seeing the same behavior with mysqli_fetch_assoc() on i386.

MySQL 4.1.3beta
PHP 5.0.0 final

--with-mysqli --with-zlib --with-dom --with-gdbm
 [2004-07-18 00:55 UTC] steve at rueb dot com
This seems to be fixed in CVS.
 [2004-07-18 07:14 UTC] georg@php.net
changing status to closed 
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Mon Apr 21 14:02:18 2014 UTC