php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #50727 Accesing mysqli->affected_rows on no connection causes segfault
Submitted: 2010-01-12 00:11 UTC Modified: 2010-02-01 11:48 UTC
From: lodeclaassen at gmail dot com Assigned: mysql
Status: Closed Package: Reproducible crash
PHP Version: 5.2.12 OS: Debian Linux
Private report: No CVE-ID:
 [2010-01-12 00:11 UTC] lodeclaassen at gmail dot com
Description:
------------
I open a mysqli connection that failes (in the tested case wrong password). After that when I try to get the affected rows (mysqli->affected_rows) PHP exits and I only get a blank screen.

The configure command from phpinfo:
'./configure' '--with-apxs2' '--with-curl=/usr/local/lib' '--with-gd' '--enable-gd-native-ttf' '--with-ttf' '--with-gettext' '--with-jpeg-dir=/usr/local/lib' '--with-freetype-dir=/usr/local/lib' '--with-kerberos' '--with-openssl' '--with-mcrypt' '--with-mhash' '--with-mysql=/usr/local/mysql' '--with-mysqli=/usr/local/mysql/bin/mysql_config' '--with-pdo-mysql=/usr/local/mysql' '--with-pear' '--with-png-dir=/usr/local/lib' '--with-zlib' '--with-zlib-dir=/usr/local/lib' '--enable-zip' '--with-iconv=/usr/local' '--enable-bcmath' '--enable-calendar' '--enable-ftp' '--enable-magic-quotes' '--enable-sockets' '--enable-mbstring'

Other settings I don't know, I don't operate the host.

Reproduce code:
---------------
<?php
echo 'startup<br />';

if (isset($_GET['try']) && $_GET['try'] == 1) {
	$connection = new mysqli('localhost', 'user', 'wrong password', 'SomeExistingTable');
	$connection->query("SELECT `id` FROM `SomeExistingTable` LIMIT 1");
	echo 'affected rows: '.$connection->affected_rows.'<br />';
}

echo 'ending<br />';
?>

Expected result:
----------------
If I request the file with ?try=0 I expect:

startup
ending

When I request ?try=1 I get nothing, a blank screen.

Actual result:
--------------
With ?try=1 I expect to see:

startup
affected rows: 
ending

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-01-12 00:40 UTC] johannes@php.net
Fixed in 5.3. Can reproduce in 5.2.

A simple fix for this might be

Index: ext/mysqli/mysqli_prop.c
===================================================================
--- ext/mysqli/mysqli_prop.c	(revision 293046)
+++ ext/mysqli/mysqli_prop.c	(working copy)
@@ -162,7 +162,7 @@
 
  	mysql = (MY_MYSQL *)((MYSQLI_RESOURCE *)(obj->ptr))->ptr;
 	
-	if (!mysql) {
+	if (!mysql || !mysql->mysql) {
 		ZVAL_NULL(*retval);
 	} else {
 		CHECK_STATUS(MYSQLI_STATUS_VALID);


Untested and other properties might be affected - might be better to backport the fix from 5.3.
 [2010-01-12 01:28 UTC] lodeclaassen at gmail dot com
Thanks!
Do you know what properties/functions are affected apart from affected_rows? Or is that the only one?

My current fix/workaround was to test isset(affected_rows), but I've noticed that isset(insert_id) fails even if it has a number.
 [2010-02-01 11:37 UTC] svn@php.net
Automatic comment from SVN on behalf of andrey
Revision: http://svn.php.net/viewvc/?view=revision&revision=294298
Log: backport checks from 5.3 which fix one known segfault,
and maybe others unknown.
Bug #50727 	Accesing mysqli->affected_rows on no connection causes segfault
 [2010-02-01 12:18 UTC] svn@php.net
Automatic comment from SVN on behalf of uw
Revision: http://svn.php.net/viewvc/?view=revision&revision=294302
Log: Tests related to #50727
 [2010-02-04 20:28 UTC] svn@php.net
Automatic comment from SVN on behalf of johannes
Revision: http://svn.php.net/viewvc/?view=revision&revision=294543
Log: Merge mysql changes

293815 Add possibility to restrain the number of levels (andrey)
293816 decrement correctly! (andrey)
293976 Fix for bug#50772  (andrey)
294302 Tests related to #50727 (uw)
294313 Fix a bug in mysqlnd where a pointer was not incremented (andrey)
294317 Fix second bug in that code, + instead of += thus not increasing (andrey)
294337 No idea which recent change has cause this little API change, however it is not (uw)
294421 Pass tsrmls to all functions, which might need it in the future. (andrey)
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sun Apr 20 15:01:54 2014 UTC