|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #48821 mysql_fetch_array segfaults on second parameter
Submitted: 2009-07-06 16:59 UTC Modified: 2009-08-09 14:54 UTC
From: margus at zone dot ee Assigned:
Status: Not a bug Package: MySQL related
PHP Version: 5.3.0 OS: CentOS 4.7/x86_64
Private report: No CVE-ID: None
 [2009-07-06 16:59 UTC] margus at zone dot ee
mysql_fetch_assoc/mysql_fetch_array will segfault PHP if second parameter (MYSQL_BOTH, MYSQL_ASSOC or MYSQL_NUM) is specified.

The value of parameter does'nt make any difference.

This happens only for PHP-CGI and Apache module and strangely not to CLI.

Reproduce code:

mysql_connect ("localhost", "user", "password");
mysql_select_db ("test");

$r = mysql_query ("SELECT * FROM users");

print_r (mysql_fetch_assoc ($r, MYSQL_BOTH));


Expected result:
    [id] => 1
    [username] => asd1
    [email] => asd2
    [asd] => 2000

Actual result:
Segmentation fault


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2009-07-06 17:19 UTC]
What was the full configure line used to compile PHP?
 [2009-07-06 18:41 UTC] margus at zone dot ee
Configure line is quite traditional:

'./configure' '--prefix=/opt/zone' '--with-config-file-path=/etc/opt/zone/php53-module' '--with-apxs2=/opt/zone/sbin/apxs' '--with-mysql=/opt/zone/x86_64/configure-for-mysql51' '--with-pdo-mysql=/opt/zone/x86_64/configure-for-mysql51' '--with-pdo-sqlite' '--disable-cli' '--with-openssl=/usr/x86_64' '--enable-mbstring' '--with-curl=/usr/x86_64' '--with-gd' '--enable-exif' '--with-zlib-dir=/usr/x86_64' '--with-png-dir=/usr/x86_64' '--with-jpeg-dir=/usr/x86_64' '--with-freetype-dir=/usr/x86_64' '--disable-sockets' '--with-iconv=/opt/zone/x86_64' '--without-pear' '--with-libxml-dir=/opt/zone/x86_64' '--disable-phar'
 [2009-07-16 08:18 UTC] margus at zone dot ee
Configure line for SAPI:

'./configure' '--prefix=/opt/zone'
'--with-pdo-sqlite' '--disable-cli' '--with-openssl=/usr/x86_64'
'--enable-mbstring' '--with-curl=/usr/x86_64' '--with-gd'
'--enable-exif' '--with-zlib-dir=/usr/x86_64'
'--with-png-dir=/usr/x86_64' '--with-jpeg-dir=/usr/x86_64'
'--with-freetype-dir=/usr/x86_64' '--disable-sockets'
'--with-iconv=/opt/zone/x86_64' '--without-pear'
'--with-libxml-dir=/opt/zone/x86_64' '--disable-phar'
 [2009-07-21 22:08 UTC]
Neither of the provided configure lines produce CLI binary, so how can 
it crash?
 [2009-07-22 15:30 UTC] erki at zone dot ee

Actually, Margus was saying that CLI does not crash, that's why he disabled CLI.

I tested this case a little further and discovered, that CLI also crashes and this bug appears on x86_64 systems using GCC 3 and with GCC optimization enabled.
Using GCC 4 or disabling GCC optimization fixes this bug.

These are my results on Debian (squeeze):

Configure lines:
CC=gcc-3.4 ./configure --disable-all --with-mysql               [DOES NOT WORK]
CC=gcc-3.4 CFLAGS=-O1 ./configure --disable-all --with-mysql    [DOES NOT WORK]
CC=gcc-3.4 CFLAGS=-O0 ./configure --disable-all --with-mysql    [WORKS]
CC=gcc-4.0 ./configure --disable-all --with-mysql               [WORKS]

Reproduce code:
sapi/cli/php -r "mysql_fetch_array (fopen ('php://stdin', 'r'), MYSQL_BOTH);"
(I'm using fopen, because the first parameter must be some kind of resource, but the actual value makes no difference)

Expected result:
Warning: mysql_fetch_array(): supplied resource is not a valid MySQL result resource in Command line code on line 1

Actual result:
Segmentation fault
 [2009-08-09 14:54 UTC]
GCC bugs are not PHP bugs.
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Thu Mar 30 23:03:38 2023 UTC