|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #32287 Segmentation fault in simple PHP script
Submitted: 2005-03-12 22:51 UTC Modified: 2005-03-14 22:29 UTC
Avg. Score:5.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: john at swartzentruber dot us Assigned:
Status: Not a bug Package: MySQLi related
PHP Version: 5CVS-2005-03-12 (dev) OS: Fedora Core3
Private report: No CVE-ID: None
 [2005-03-12 22:51 UTC] john at swartzentruber dot us
When I run the example script using my browser, there is a segmentation fault on the call to $result->fetch_array(MYSQLI_ASSOC) on line 16. When I run it from the command line, the script appears to work. The segmentation fault only occurs when fetching the associative array. Using MYSQLI_NUM works, but MYSQLI_BOTH also crashes.

Reproduce code:
include "../../secrets/"; // only defines $rootpass
$mysqli = new mysqli("localhost", "root", $rootpass, "World");
printf("Host information: %s\n", $mysqli->host_info);
/* check connection */
if (mysqli_connect_errno()) {
   printf("Connect failed: %s\n", mysqli_connect_error());
$query = "SELECT Name, CountryCode FROM City ORDER by ID LIMIT 3";
$result = $mysqli->query($query);
/* numeric array */
$row = $result->fetch_array(MYSQLI_NUM);
printf ("%s (%s)\n", $row[0], $row[1]);
/* associative array */
$row = $result->fetch_array(MYSQLI_ASSOC);
printf ("%s (%s)\n", $row["Name"], $row["CountryCode"]);

Expected result:
Kabul (AFG)
Qandahar (AFG)

Actual result:
#0  0x0018d96b in strlen () from /lib/tls/
#1  0x0231cc70 in php_mysqli_fetch_into_hash (ht=1, return_value=0x9ed2454, this_ptr=0x9ed16fc, return_value_used=1,
    override_flags=0, into_object=0) at /usr/local/src/php5-STABLE-200503121930/ext/mysqli/mysqli.c:663
#2  0x02326b79 in zif_mysqli_fetch_array (ht=1, return_value=0x9ed2454, this_ptr=0x9ed16fc, return_value_used=1)
    at /usr/local/src/php5-STABLE-200503121930/ext/mysqli/mysqli_nonapi.c:193
#3  0x024c3f31 in zend_do_fcall_common_helper (execute_data=0xbfee64d0, opline=0x9ed61b8, op_array=0x9e78dd4)
    at /usr/local/src/php5-STABLE-200503121930/Zend/zend_execute.c:2727
#4  0x024c4645 in zend_do_fcall_by_name_handler (execute_data=0xbfee64d0, opline=0x9ed61b8, op_array=0x9e78dd4)
    at /usr/local/src/php5-STABLE-200503121930/Zend/zend_execute.c:2841
#5  0x024bf0ee in execute (op_array=0x9e78dd4) at /usr/local/src/php5-STABLE-200503121930/Zend/zend_execute.c:1406
#6  0x0249b364 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /usr/local/src/php5-STABLE-200503121930/Zend/zend.c:1068
#7  0x0245c516 in php_execute_script (primary_file=0xbfee8830) at /usr/local/src/php5-STABLE-200503121930/main/main.c:1630
#8  0x024c9b29 in php_handler (r=0x9ebf8d8)
    at /usr/local/src/php5-STABLE-200503121930/sapi/apache2handler/sapi_apache2.c:555
#9  0x007bf9f7 in ap_run_handler () from /usr/sbin/httpd
#10 0x09b83888 in ?? ()
#11 0x007bf9ce in ap_run_handler () from /usr/sbin/httpd
#12 0x09ebf8d8 in ?? ()
#13 0x09ebf8d8 in ?? ()
#14 0xbfee89a8 in ?? ()
#15 0x007bfe63 in ap_invoke_handler () from /usr/sbin/httpd
Previous frame inner to this frame (corrupt stack?)


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2005-03-13 01:47 UTC] john at swartzentruber dot us
I'm not sure what is being asked for that wasn't provided. The problem seems to be specific to mysqli, so needs to use the database. The database in this case is the standard example world database used in the PHP mysqli examples. As the comment indicates, the include is only to set $rootpass. If you want to just code your root password directly instead of including that file, that will work.
 [2005-03-13 02:58 UTC] john at swartzentruber dot us
I'm an experienced C++ programmer, but unfortunately not a GNU debugger user. So I went way back to my really early days and put a few printf calls at the problem area. Here is my output:

field_len = 0x88bf358, *field_len = 5, fields=0x4f9c285, mysql_num_fields(result) = 2
field_len = 0x88bf358, *field_len = 8, fields=0x88c3a30, mysql_num_fields(result) = 2
fields[0].name = 0x88c3a78
    fields[0].name = Name
fields[0].org_name = 0x88c3a70
    fields[0].org_name = City
fields[0].table = (nil)
fields[0].org_table = 0xfe
Segmentation fault

This segmentation fault is in one of my printfs. The interesting thing is that org_name has a value that *should* be the value for table. And org_table is bogus, causing this segfault.

It looks like something is not using the most recent mysql.h file and there is a structure mismatch.

I went back and looked at my phpinfo(). It says that the mysqli client API version is 3.23.58. I'm running version 4.1.10a of MySQL, so that doesn't look right. That might be the cause of the problem. My big question now is why is it using that version (if that is the case)? Where does that come from?

I hope something here helps.
 [2005-03-14 21:09 UTC] john at swartzentruber dot us
I believe I found the problem. From my default installation I had loading, and it was using an old version of MySQL. By removing that RPM and no longer loading mod_auth_mysql, the problem went away. Sorry about the false alarm.
 [2005-03-14 22:29 UTC]
This is propably the oldest and most well known 'bug' that has been reported.. :)

PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Jun 25 13:01:30 2024 UTC