php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #47367 segfault when connecting while unbuffered query is running
Submitted: 2009-02-12 10:10 UTC Modified: 2009-04-28 08:05 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: Sjon at react dot nl Assigned:
Status: Closed Package: MySQL related
PHP Version: 5.2.9RC1 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: Sjon at react dot nl
New email:
PHP Version: OS:

 

 [2009-02-12 10:10 UTC] Sjon at react dot nl 
Description:
------------
PHP Segfaults when establishing a second connection when an unbuffered query is running

Since I cannot report a bug in 5.2.8; I compiled php5.2-200902120730 and reproduced the bug with that version

$ ./configure --with-mysql=shared
$ make
$ ./sapi/cli/php -v

PHP 5.2.9RC2-dev (cli) (built: Feb 12 2009 10:52:08) 
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies

$ ./sapi/cli/php -n -d extension_dir=./modules/ -d extension=mysql.so mysql-unbuffered-crash.php

Reproduce code:
---------------
<?PHP

$rl1 = mysql_connect('localhost','Sjon','test') or die (mysql_error());
mysql_query("DROP DATABASE IF EXISTS mysql_unbuffered_crash");
mysql_query("CREATE DATABASE mysql_unbuffered_crash");
mysql_select_db('mysql_unbuffered_crash') or die (mysql_error());
mysql_query("CREATE TABLE test (`data` VARCHAR( 256 ) NOT NULL) ENGINE = innodb;");
mysql_query("INSERT INTO test VALUES ('asdf');");

$rs = mysql_unbuffered_query("SELECT data FROM test"); # passing $rl1 will fix it
while ($r = mysql_fetch_assoc($rs))
{
	// Setup another connection so we don't disturb the unbuffered_query
	$rl2 = mysql_connect('localhost','Sjon','test', TRUE) or die (mysql_error($rl2));
	mysql_select_db('mysql_unbuffered_crash', $rl2) or die (mysql_error($rl2));

	var_dump($r);
}

echo 'SUCCESS';

Expected result:
----------------
array(1) {
  ["data"]=>
  string(4) "asdf"
}
SUCCESS

Actual result:
--------------
array(1) {
  ["data"]=>
  string(4) "asdf"
}
SUCCESS

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb7d4f6c0 (LWP 21345)]
zend_mm_add_to_free_list (heap=<value optimized out>, mm_block=0x9ee4e30)
    at /tmp/php5.2-200902120730/Zend/zend_alloc.c:747
747					if (ZEND_MM_FREE_BLOCK_SIZE(prev) != size) {
(gdb) bt
#0  zend_mm_add_to_free_list (heap=<value optimized out>, mm_block=0x9ee4e30)
    at /tmp/php5.2-200902120730/Zend/zend_alloc.c:747
#1  0x0826790b in _zend_mm_free_int (heap=0x9e2c1e8, p=<value optimized out>)
    at /tmp/php5.2-200902120730/Zend/zend_alloc.c:1987
#2  0x08277445 in shutdown_executor ()
    at /tmp/php5.2-200902120730/Zend/zend_execute_API.c:283
#3  0x08281aa3 in zend_deactivate ()
    at /tmp/php5.2-200902120730/Zend/zend.c:860
#4  0x08240857 in php_request_shutdown (dummy=0x0)
    at /tmp/php5.2-200902120730/main/main.c:1492
#5  0x082ecd71 in main (argc=7, argv=0xbf9c1a44)
    at /tmp/php5.2-200902120730/sapi/cli/php_cli.c:1314

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-04-27 20:46 UTC] jani@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/
 [2009-04-28 08:05 UTC] Sjon at react dot nl 
This bug is no longer reproducible in 5.2.9 or PHP 5.2.10-dev; so I assume it is fixed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri May 17 02:01:32 2024 UTC