php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #31288 mysql_fetch_field() crashes
Submitted: 2004-12-24 17:18 UTC Modified: 2005-02-22 16:00 UTC
Votes:4
Avg. Score:4.8 ± 0.4
Reproduced:4 of 4 (100.0%)
Same Version:3 (75.0%)
Same OS:0 (0.0%)
From: m dot brachner at gmx dot at Assigned:
Status: Closed Package: MySQL related
PHP Version: 5CVS-2004-12-24 (dev) OS: Windows XP
Private report: No CVE-ID:
 [2004-12-24 17:18 UTC] m dot brachner at gmx dot at
Description:
------------
mysql_fetch_field produces an PHP-Crash. A Modal Window pops up (I have a German XP):
php-cgi.exe Error in Application
The instruction at '0x1000589c' referenced memory at '0x00000001'.
The memory could not be read.
Click OK to terminate the program. 

MySQL Version 4.0.18

Reproduce code:
---------------
<?php
$conn = mysql_connect('localhost:3306', 'root', '');
mysql_select_db('odb');
$result = mysql_query('select * from classes');
/* get column metadata */
$i = 0;
while ($i < mysql_num_fields($result)) {
   echo "Information for column $i:<br />\n";
   $meta = mysql_fetch_field($result, $i);
   $i++;
}
mysql_free_result($result);
?> 

Expected result:
----------------
mysql_fetch_field should do the documented operations.

Actual result:
--------------
mysql_fetch_field produces an PHP-Crash. A Modal Window pops up (I have a German XP):
php-cgi.exe Error in Application
The instruction at '0x1000589c' referenced memory at '0x00000001'.
The memory could not be read.
Click OK to terminate the program. 


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-12-25 18:52 UTC] m dot brachner at gmx dot at
Using CGI Version
Internet Information Server Version 5.1
 [2005-01-09 19:06 UTC] kurt at indermaur dot com
Failed for me with a "Segmentation Violation" on freebsd, php 4.3.10 and php 5.0.3 (switched to 5.x after encountering this bug), with mysql 4.0.22. I tracked it down to line 2250 of ext/mysql/php_mysql.c:

add_property_string(return_value, "def",(mysql_field->def?mysql_field->def
:empty_string), 1);

According to mysql's documentation (http://dev.mysql.com/doc/mysql/en/C_API_datatypes.html, with my emphasis added):

char * def - The default value of this field, as a null-terminated string. ***This is set only if you use mysql_list_fields()***.

My guess is that *def is never initialized, so it may very well not be null, and then just about any attempt to retrieve its value will result in a segmentation violation (or whatever your OS calls a reference to memory outside the program's control).

A simple workaround for me was to comment out line 2250.
 [2005-02-22 16:00 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sun Apr 20 01:02:05 2014 UTC