php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #48821 mysql_fetch_array segfaults on second parameter
Submitted: 2009-07-06 16:59 UTC Modified: 2009-08-09 14:54 UTC
From: margus at zone dot ee Assigned:
Status: Not a bug Package: MySQL related
PHP Version: 5.3.0 OS: CentOS 4.7/x86_64
Private report: No CVE-ID: None
View Developer Edit
 [2009-07-06 16:59 UTC] margus at zone dot ee 
Description:
------------
mysql_fetch_assoc/mysql_fetch_array will segfault PHP if second parameter (MYSQL_BOTH, MYSQL_ASSOC or MYSQL_NUM) is specified.

The value of parameter does'nt make any difference.

This happens only for PHP-CGI and Apache module and strangely not to CLI.

Reproduce code:
---------------
<?php

mysql_connect ("localhost", "user", "password");
mysql_select_db ("test");

$r = mysql_query ("SELECT * FROM users");

print_r (mysql_fetch_assoc ($r, MYSQL_BOTH));

?>

Expected result:
----------------
Array
(
    [id] => 1
    [username] => asd1
    [email] => asd2
    [asd] => 2000
)

Actual result:
--------------
Segmentation fault

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-07-06 17:19 UTC] jani@php.net 
What was the full configure line used to compile PHP?
 [2009-07-06 18:41 UTC] margus at zone dot ee 
Configure line is quite traditional:

'./configure' '--prefix=/opt/zone' '--with-config-file-path=/etc/opt/zone/php53-module' '--with-apxs2=/opt/zone/sbin/apxs' '--with-mysql=/opt/zone/x86_64/configure-for-mysql51' '--with-pdo-mysql=/opt/zone/x86_64/configure-for-mysql51' '--with-pdo-sqlite' '--disable-cli' '--with-openssl=/usr/x86_64' '--enable-mbstring' '--with-curl=/usr/x86_64' '--with-gd' '--enable-exif' '--with-zlib-dir=/usr/x86_64' '--with-png-dir=/usr/x86_64' '--with-jpeg-dir=/usr/x86_64' '--with-freetype-dir=/usr/x86_64' '--disable-sockets' '--with-iconv=/opt/zone/x86_64' '--without-pear' '--with-libxml-dir=/opt/zone/x86_64' '--disable-phar'
 [2009-07-16 08:18 UTC] margus at zone dot ee 
Configure line for SAPI:

'./configure' '--prefix=/opt/zone'
'--with-config-file-path=/etc/opt/zone/php53-module'
'--with-apxs2=/opt/zone/sbin/apxs'
'--with-mysql=/opt/zone/x86_64/configure-for-mysql51'
'--with-pdo-mysql=/opt/zone/x86_64/configure-for-mysql51'
'--with-pdo-sqlite' '--disable-cli' '--with-openssl=/usr/x86_64'
'--enable-mbstring' '--with-curl=/usr/x86_64' '--with-gd'
'--enable-exif' '--with-zlib-dir=/usr/x86_64'
'--with-png-dir=/usr/x86_64' '--with-jpeg-dir=/usr/x86_64'
'--with-freetype-dir=/usr/x86_64' '--disable-sockets'
'--with-iconv=/opt/zone/x86_64' '--without-pear'
'--with-libxml-dir=/opt/zone/x86_64' '--disable-phar'
 [2009-07-21 22:08 UTC] jani@php.net 
Neither of the provided configure lines produce CLI binary, so how can 
it crash?
 [2009-07-22 15:30 UTC] erki at zone dot ee 
Hello.

Actually, Margus was saying that CLI does not crash, that's why he disabled CLI.

I tested this case a little further and discovered, that CLI also crashes and this bug appears on x86_64 systems using GCC 3 and with GCC optimization enabled.
Using GCC 4 or disabling GCC optimization fixes this bug.

These are my results on Debian (squeeze):

Configure lines:
---------------
CC=gcc-3.4 ./configure --disable-all --with-mysql               [DOES NOT WORK]
CC=gcc-3.4 CFLAGS=-O1 ./configure --disable-all --with-mysql    [DOES NOT WORK]
CC=gcc-3.4 CFLAGS=-O0 ./configure --disable-all --with-mysql    [WORKS]
CC=gcc-4.0 ./configure --disable-all --with-mysql               [WORKS]


Reproduce code:
---------------
sapi/cli/php -r "mysql_fetch_array (fopen ('php://stdin', 'r'), MYSQL_BOTH);"
(I'm using fopen, because the first parameter must be some kind of resource, but the actual value makes no difference)


Expected result:
----------------
Warning: mysql_fetch_array(): supplied resource is not a valid MySQL result resource in Command line code on line 1


Actual result:
--------------
Segmentation fault
 [2009-08-09 14:54 UTC] jani@php.net 
GCC bugs are not PHP bugs.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Dec 26 22:01:28 2024 UTC