php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #34953 Segfault when doing weird MySQL query
Submitted: 2005-10-22 03:01 UTC Modified: 2005-10-23 17:22 UTC
From: juraj dot nospam at bednar dot sk Assigned:
Status: Not a bug Package: MySQL related
PHP Version: 5CVS-2005-10-22 (snap) OS: Debian Sarge
Private report: No CVE-ID: None
 [2005-10-22 03:01 UTC] juraj dot nospam at bednar dot sk
Description:
------------
When doing an SQL query (which had errors), I get segfault 
with apache 2.0.55 prefork, mysql 5.0.5 from debian testing 
(ldd shows it's linked with correct library) using legacy code 
(old version of drupal). While legacy code does not have to 
work, segfault when running it is not expected

Reproduce code:
---------------
INSERT INTO watchdog (uid, type, message, location, hostname, timestamp) VALUES (\'\', \'error\', \'warning: array_merge() [<a href=\\\'function.array-merge\\\'>function.array-merge</a>]: Argument #1 is not an array in /home/juraj/www/includes/common.inc on line 710.\', \'?\', \'82.100.100.200\', \'1129942132\')

causes php child to segfault

Expected result:
----------------
i did not expect it to actually execute, but the segfault is 
wrong behaviour.


Actual result:
--------------
This is a part of strace, which shows the problem. 28 is 
mysql socket.

Another queries work well.

[pid  3442] time(NULL)                  = 1129942132
[pid  3442] fcntl64(28, F_SETFL, O_RDWR|O_NONBLOCK) = 0
[pid  3442] read(28, 0x83b47c8, 8192)   = -1 EAGAIN 
(Resource temporarily unavailable)
[pid  3442] fcntl64(28, F_SETFL, O_RDWR) = 0
[pid  3442] write(28, ":\1\0\0\3INSERT INTO watchdog (uid, 
type, message, location, hostname, timestamp) VALUES (\'\', 
\'error\', \'warning: array_merge() [<a href=\\
\'function.array-merge\\\'>function.array-merge</a>]: 
Argument #1 is not an array in /home/juraj/www/includes/
common.inc on line 710.\', \'?\', \'82.100.100.200\', 
\'1129942132\')", 318) = 318
[pid  3442] read(28, "\7\0\0\1\0\1\33\2\0\1\0", 16384) = 11
[pid  3442] --- SIGSEGV (Segmentation fault) @ 0 (0) ---
[pid  3442] chdir("/usr/local/apache2") = 0
[pid  3442] rt_sigaction(SIGSEGV, {SIG_DFL}, {SIG_DFL}, 8) = 
0
[pid  3442] getpid()                    = 3442
[pid  3442] getpid()                    = 3442
[pid  3442] kill(3442, SIGSEGV)         = 0
[pid  3442] sigreturn()                 = ? (mask now 
[RTMIN])
[pid  3442] --- SIGSEGV (Segmentation fault) @ 0 (0) ---

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-10-22 11:48 UTC] tony2001@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc.

If possible, make the script source available online and provide
an URL to it here. Try to avoid embedding huge scripts into the report.


 [2005-10-23 17:20 UTC] juraj dot nospam at bednar dot sk
related to Zend Optimizer, please close.
 [2005-10-23 17:22 UTC] iliaa@php.net
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.

related to Zend Optimizer
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 12:01:27 2024 UTC