|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #44333 SEGFAULT when using mysql_pconnect() with client_flags
Submitted: 2008-03-04 21:03 UTC Modified: 2008-03-04 22:32 UTC
From: drake at oomkill dot net Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 5.2.6RC1 OS: Hardened Gentoo Linux (amd64)
Private report: No CVE-ID: None
 [2008-03-04 21:03 UTC] drake at oomkill dot net
Segfaults appear when using:
mysql_pconnect('localhost', 'foo', 'bar', 0);
but runs fine when using:
mysql_pconnect('localhost', 'foo', 'bar');

The bug is most likely caused by trying to store a 'long' value in an 'int' on the stack.

At the beginning of php_mysql_do_connect() in ext/mysql/php_mysql.c there is the following declaration:
int client_flags = 0;

Later in that function zend_parse_parameters() stores a long at &client_flags, which can also overwrite another variable on the stack.

Changing the client_flags to unsigned long (like it is defined in mysql's headers) solved my segfault problem.

Reproduce code:
// the user/pass don't have to be valid.
mysql_pconnect('localhost', 'foo', 'bar', 0);

Expected result:
No segfault.

Actual result:
Segfault. No php/zend error message in logs.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2008-03-04 22:32 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Mon Apr 22 22:01:27 2019 UTC