php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #30679 Segmentation fault by php_mysqli_fetch_into_hash
Submitted: 2004-11-03 21:34 UTC Modified: 2004-11-24 01:00 UTC
Votes:3
Avg. Score:5.0 ± 0.0
Reproduced:3 of 3 (100.0%)
Same Version:3 (100.0%)
Same OS:3 (100.0%)
From: alex at netflex dot nl Assigned:
Status: No Feedback Package: MySQLi related
PHP Version: 5.0.2 OS: Fedora Core 2 (x86_64)
Private report: No CVE-ID: None
 [2004-11-03 21:34 UTC] alex at netflex dot nl
Description:
------------
exec a mysql query with mysqli results in Segmentation fault.

Traceback:

#0  zend_object_store_get_object (zobject=0x0) at /data/downloads/php-5.0.2/Zend/zend_objects_API.c:202
#1  0x000000000046e6dc in php_mysqli_fetch_into_hash (ht=2, return_value=0x8584f8, this_ptr=0x0, return_value_used=-1073759168, override_flags=0, into_object=0) at /data/downloads/php-5.0.2/ext/mysqli/mysqli.c:626
#2  0x00000000004769ef in zif_mysqli_fetch_array (ht=0, return_value=0x7fbfffbc80, this_ptr=0x2, return_value_used=-1073759168) at /data/downloads/php-5.0.2/ext/mysqli/mysqli_nonapi.c:185
#3  0x000000000058b10c in zend_do_fcall_common_helper (execute_data=0x7fbfffcf60, opline=0x84bd00, op_array=0x848c50)at /data/downloads/php-5.0.2/Zend/zend_execute.c:2711
#4  0x000000000058b24a in zend_do_fcall_handler (execute_data=0x7fbfffcf60, opline=0x84bd00, op_array=0x848c50) at /data/downloads/php-5.0.2/Zend/zend_execute.c:2843
#5  0x0000000000587da0 in execute (op_array=0x848c50) at /data/downloads/php-5.0.2/Zend/zend_execute.c:1400
#6  0x000000000058aeff in zend_do_fcall_common_helper (execute_data=0x7fbfffd210, opline=0x846980, op_array=0x842078) at /data/downloads/php-5.0.2/Zend/zend_execute.c:2740
#7  0x000000000058b1a1 in zend_do_fcall_by_name_handler (execute_data=0x0, opline=0x7fbfffbc80, op_array=0x2) at /data/downloads/php-5.0.2/Zend/zend_execute.c:2825
#8  0x0000000000587da0 in execute (op_array=0x842078) at /data/downloads/php-5.0.2/Zend/zend_execute.c:1400
#9  0x000000000056af79 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /data/downloads/php-5.0.2/Zend/zend.c:1060
#10 0x00000000005371df in php_execute_script (primary_file=0x7fbffff830) at /data/downloads/php-5.0.2/main/main.c:1629
#11 0x0000000000593bd7 in main (argc=3, argv=0x7fbffff998) at /data/downloads/php-5.0.2/sapi/cli/php_cli.c:943


PHP (5.0.2): ./configure \
--libdir=/usr/local/lib64 \
--with-apxs2=/services/httpd/bin/apxs \
--with-mysql=/services/mysql \
--with-mysqli=/services/mysql/bin/mysql_config \
--enable-track-vars \
--with-openssl=/usr/local/ssl \
--enable-ftp --enable-sysvsem \
--enable-sysvshm \
--enable-sockets \
--with-gettext \
--with-mm=/usr/local/mm-1.3.0 \
--with-zlib \
--enable-so=shared \
--enable-pcntl \
--with-jpeg-dir=/usr/lib64 \
--with-png-dir=/usr/local \
--enable-gd \
--enable-debug--enable-maintainer-mode

httpd (2.0.52): ./configure \
--prefix=/services/httpd \
--enable-module=rewrite \
--enable-module=info \
--enable-module=status \
--enable-module=log_agent \
--enable-module=log_referer \
--enable-module=so \
--enable-ssl=shared \
CPPFLAGS=-I/usr/kerberos/include \
LDFLAGS=-L/usr/kerberos/lib \
--enable-maintainer-mode

mysql (4.1.1): ./configure \
--prefix=/services/mysql \
--enable-assembler \
--with-innodb \
--without-debug

Reproduce code:
---------------
$result = mysqli_query($conn, 'SELECT * FROM `dns_domains` WHERE `id` = ' . (int)$domainId) or die('MySQL: ' . mysqli_error($conn));

Expected result:
----------------
no crash?

Actual result:
--------------
blank web page in the browser

httpd error log:
[Tue Nov 02 21:04:56 2004] [notice] child pid 1659 exit signal Segmentation fault (11)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-11-10 18:12 UTC] tony2001@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc.

If possible, make the script source available online and provide
an URL to it here. Try avoid embedding huge scripts into the report.


 [2004-11-10 18:23 UTC] alex at netflex dot nl
Every mysqli query crash.

The call to zend_parse_method_parameters at line 620 in ext/mysqli/mysqli.c will result into mysql_result = NULL.

mysql_result get passed to zend_object_store_get_object and he will crash because the parameter must not be NULL.
 [2004-11-16 12:38 UTC] tony2001@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.0-win32-latest.zip

I can't reproduce it, please try latest 5.0 snapshot.
 [2004-11-24 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Oct 15 10:01:27 2024 UTC