php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #34270 Segmentation fault in Apache when executing an invalid SQL
Submitted: 2005-08-26 20:02 UTC Modified: 2005-09-06 01:00 UTC
Votes:3
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: nmariz at estadias dot com Assigned:
Status: No Feedback Package: PDO related
PHP Version: 5.1.0RC1 OS: Debian GNU/Linux 3.1 (Apache 2)
Private report: No CVE-ID:
Have you experienced this issue?
Rate the importance of this bug to you:

 [2005-08-26 20:02 UTC] nmariz at estadias dot com
Description:
------------
Segmentation fault in Apache when executing an invalid SQL.

apache error.log:

[Fri Aug 26 18:10:42 2005] [notice] child pid 26519 exit signal Segmentation fault (11)

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1079565216 (LWP 28567)]
0x40865cf5 in _efree (ptr=0x83bbf58) at /root/software/php-5.1.0RC1/Zend/zend_alloc.c:302
302             REMOVE_POINTER_FROM_LIST(p);
(gdb) bt
#0  0x40865cf5 in _efree (ptr=0x83bbf58) at /root/software/php-5.1.0RC1/Zend/zend_alloc.c:302
#1  0x40727109 in pdo_mysql_stmt_dtor (stmt=0x0, tsrm_ls=0x817ecf8) at /root/software/php-5.1.0RC1/ext/pdo_mysql/mysql_statement.c:45
#2  0x40724819 in free_statement (stmt=0x83bbe94, tsrm_ls=0x817ecf8) at /root/software/php-5.1.0RC1/ext/pdo/pdo_stmt.c:1977
#3  0x40896654 in zend_objects_store_del_ref (zobject=0x836b474, tsrm_ls=0x817ecf8) at /root/software/php-5.1.0RC1/Zend/zend_objects_API.c:161
#4  0x4087bb74 in _zval_dtor_func (zvalue=0x836b474) at /root/software/php-5.1.0RC1/Zend/zend_variables.c:52
#5  0x407202d5 in zif_PDO_query (ht=1, return_value=0x836b474, return_value_ptr=0x0, this_ptr=0x409070eb, return_value_used=0,
    tsrm_ls=0x817ecf8) at zend_variables.h:35
#6  0x408a4446 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfffbe60, tsrm_ls=0x817ecf8) at zend_vm_execute.h:184
#7  0x408a3b4c in execute (op_array=0x83a550c, tsrm_ls=0x817ecf8) at zend_vm_execute.h:87
#8  0x408a416b in zend_do_fcall_common_helper_SPEC (execute_data=0xbfffc060, tsrm_ls=0x817ecf8) at zend_vm_execute.h:219
#9  0x408a3b4c in execute (op_array=0x834c694, tsrm_ls=0x817ecf8) at zend_vm_execute.h:87
#10 0x408a416b in zend_do_fcall_common_helper_SPEC (execute_data=0xbfffc2b0, tsrm_ls=0x817ecf8) at zend_vm_execute.h:219
#11 0x408a3b4c in execute (op_array=0x83234f4, tsrm_ls=0x817ecf8) at zend_vm_execute.h:87
#12 0x408a416b in zend_do_fcall_common_helper_SPEC (execute_data=0xbfffc640, tsrm_ls=0x817ecf8) at zend_vm_execute.h:219
#13 0x408a3b4c in execute (op_array=0x8352ac4, tsrm_ls=0x817ecf8) at zend_vm_execute.h:87
#14 0x408a416b in zend_do_fcall_common_helper_SPEC (execute_data=0xbfffccf0, tsrm_ls=0x817ecf8) at zend_vm_execute.h:219
#15 0x408a3b4c in execute (op_array=0x83283fc, tsrm_ls=0x817ecf8) at zend_vm_execute.h:87
#16 0x408a416b in zend_do_fcall_common_helper_SPEC (execute_data=0xbfffcf30, tsrm_ls=0x817ecf8) at zend_vm_execute.h:219
#17 0x408a3b4c in execute (op_array=0x832929c, tsrm_ls=0x817ecf8) at zend_vm_execute.h:87
#18 0x408a416b in zend_do_fcall_common_helper_SPEC (execute_data=0xbfffd410, tsrm_ls=0x817ecf8) at zend_vm_execute.h:219
#19 0x408a3b4c in execute (op_array=0x832130c, tsrm_ls=0x817ecf8) at zend_vm_execute.h:87
#20 0x4087e1fc in zend_execute_scripts (type=8, tsrm_ls=0x817ecf8, retval=0x0, file_count=3) at /root/software/php-5.1.0RC1/Zend/zend.c:1078
#21 0x4083d534 in php_execute_script (primary_file=0xbffff7a0, tsrm_ls=0x817ecf8) at /root/software/php-5.1.0RC1/main/main.c:1672
#22 0x408fa0e7 in php_handler (r=0x83133d0) at /root/software/php-5.1.0RC1/sapi/apache2handler/sapi_apache2.c:562
#23 0x080783a5 in ap_run_handler ()
#24 0x080789b0 in ap_invoke_handler ()
#25 0x08069c9a in ap_process_request ()
#26 0x0806512d in _start ()
#27 0x083133d0 in ?? ()
#28 0x00000004 in ?? ()
#29 0x083133d0 in ?? ()
#30 0x0808373c in ap_run_pre_connection ()
#31 0x080835f5 in ap_run_process_connection ()
#32 0x080769a4 in ap_graceful_stop_signalled ()
#33 0x08076bbb in ap_graceful_stop_signalled ()
#34 0x08076c18 in ap_graceful_stop_signalled ()
#35 0x0807748a in ap_mpm_run ()
#36 0x0807dabd in main ()

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-08-29 23:34 UTC] sniper@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc.

If possible, make the script source available online and provide
an URL to it here. Try to avoid embedding huge scripts into the report.


 [2005-09-06 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2005-09-10 23:56 UTC] sergei at numeri dot net
I have the same bug on Windows XP SP2, Apache 2.0.54, PHP 5.1RC1, and also the same on 5.0.5 and on 5.1-latest (snapshot generated 10 Sep 2005 18:57:10). PECL for 5.1.RC1 was installed from zip on the downloads page. The same was done for 'latest'. Therefore versions of extension and php are the same.

PHP was installed and as module, and as CGI binary. When PHP is installed as module, GPF says there is error in appname 'apache.exe', modname 'php5ts.dll' at offset 0012ad01, ModVer: 5.1.0.0. When install as CGI, GPF says the same appname, but modname is unknown. This GPF occurs until I stop apache service at all, even there is no more request to buggy page.

Apache errors.log says sometime '[notice] Parent: child process exited with status 3221225477 -- Restarting.'.

libmysql.dll was of the correct version with server (the same dll was used in other application on delphi7 with the same sql server, and it worked).

Code is very simple:

<?php

try {
  $x = new PDO("mysql:host=10.10.7.10;dbname=www-database", "www-login", "******");
  $s = $x->prepare("select 1"); // or 'select * from some_table'
} catch (PDOException $e) {
   echo 'Connection failed: ' . $e->getMessage();
}

When there is no prepare(), everything is ok, and firewall says there is connection to server, and no error happens. It happens only when there is perpare() or query().

Adding { $s = null; $x = null; } to the end does not help.

I found the same simptoms in the beginning of http://bugs.php.net/bug.php?id=33283 but it is marked 'bogus' somewhy.
 [2005-09-11 01:37 UTC] sergei at numeri dot net
PS: MySQL server 4.1.8, client library (libmysql.dll) 4.1.8.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 23 17:01:58 2014 UTC