php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #55414 Segmentation fault with MySQLi_Result::fetch_fields()
Submitted: 2011-08-13 00:37 UTC Modified: 2013-02-18 00:34 UTC
Votes:5
Avg. Score:4.4 ± 0.8
Reproduced:4 of 4 (100.0%)
Same Version:2 (50.0%)
Same OS:2 (50.0%)
From: jbboehr at gmail dot com Assigned:
Status: No Feedback Package: MySQLi related
PHP Version: 5.3.6 OS: CentOS release 5.6 (Final)
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2011-08-13 00:37 UTC] jbboehr at gmail dot com
Description:
------------
A segmentation fault is occurring for us when the following is done:
-Run SHOW ENGINES as a prepared statement
-Call MySQLi_STMT::fetch_metadata()
-Call MySQLi_Result::fetch_fields() on the result.

This is using the Zend Framework (Zend_Db_Adapter_Mysql), however the test 
script below successfully replicated the segfault.

We have had at least 30 people with the issue (we sell a PHP script), out of 
maybe a thousand or so.

Unfortunately, this isn't my server, so I can't include a backtrace. Here is 
someone else having a similar problem with SHOW CREATE TABLE:
http://stackoverflow.com/questions/6769515/php-programming-seg-fault




PHP Version => 5.3.6

Configure Command =>  './configure'  '--disable-fileinfo' '--enable-bcmath' '--
enable-calendar' '--enable-exif' '--enable-ftp' '--enable-gd-native-ttf' '--
enable-libxml' '--enable-magic-quotes' '--enable-mbstring' '--enable-pdo=shared' 
'--enable-sockets' '--enable-zend-multibyte' '--enable-zip' '--
prefix=/usr/local' '--with-apxs2=/usr/local/apache/bin/apxs' '--with-bz2' '--
with-curl=/opt/curlssl/' '--with-curlwrappers' '--with-freetype-dir=/usr' '--
with-gd' '--with-gettext' '--with-imap=/opt/php_with_imap_client/' '--with-imap-
ssl=/usr' '--with-jpeg-dir=/usr' '--with-kerberos' '--with-libdir=lib64' '--
with-libexpat-dir=/usr' '--with-libxml-dir=/opt/xml2/' '--with-
mcrypt=/opt/libmcrypt/' '--with-mm=/opt/mm/' '--with-mysql=/usr' '--with-mysql-
sock=/var/lib/mysql/mysql.sock' '--with-mysqli=/usr/bin/mysql_config' '--with-
openssl=/usr' '--with-openssl-dir=/usr' '--with-pcre-regex=/opt/pcre' '--with-
pdo-mysql=shared' '--with-pdo-sqlite=shared' '--with-pic' '--with-png-dir=/usr' 
'--with-pspell' '--with-sqlite=shared' '--with-tidy=/opt/tidy/' '--with-xmlrpc' 
'--with-xpm-dir=/usr' '--with-xsl=/opt/xslt/' '--with-zlib' '--with-zlib-
dir=/usr'


mysqli

MysqlI Support => enabled
Client API library version => 5.0.92
Active Persistent Links => 0
Inactive Persistent Links => 0
Active Links => 0
Client API header version => 5.0.92
MYSQLI_SOCKET => /var/lib/mysql/mysql.sock

Directive => Local Value => Master Value
mysqli.allow_local_infile => On => On
mysqli.allow_persistent => On => On
mysqli.default_host => no value => no value
mysqli.default_port => 3306 => 3306
mysqli.default_pw => no value => no value
mysqli.default_socket => /var/lib/mysql/mysql.sock => /var/lib/mysql/mysql.sock
mysqli.default_user => no value => no value
mysqli.max_links => Unlimited => Unlimited
mysqli.max_persistent => Unlimited => Unlimited
mysqli.reconnect => Off => Off


+-----------------------------------------+-------------------------------------
-------------+
| Variable_name                           | Value                                            
|
+-----------------------------------------+-------------------------------------
-------------+
| version                                 | 5.0.92-community                                 
|
| version_comment                         | MySQL Community Edition (GPL)                    
|
+-----------------------------------------+-------------------------------------
-------------+


Linux ***** 2.6.18-***** #1 SMP Wed Jan 5 17:52:25 EST 2011 x86_64 x86_64 x86_64 
GNU/Linux



Test script:
---------------
$mysqli = new mysqli($host, $username, $password, $dbname);

$stmt = $mysqli->prepare('SHOW ENGINES');
$stmt->execute();
$stmt->bind_result($engine, $support, $comment);
$meta = $stmt->result_metadata();
$meta->fetch_fields();

$stmt->close();

$mysqli->close();


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-08-13 01:00 UTC] jbboehr at gmail dot com
Ok, so gdb was not installed on the server (sigh), however here's part of the 
strace, maybe that will help.

connect(4, {sa_family=AF_FILE, path="/var/lib/mysql/mysql.sock"...}, 110) = 0
setsockopt(4, SOL_SOCKET, SO_RCVTIMEO, "\2003\341\1\0\0\0\0\0\0\0\0\0\0\0\0", 
16) = 0
setsockopt(4, SOL_SOCKET, SO_SNDTIMEO, "\2003\341\1\0\0\0\0\0\0\0\0\0\0\0\0", 
16) = 0
setsockopt(4, SOL_IP, IP_TOS, [8], 4)   = -1 EOPNOTSUPP (Operation not 
supported)
setsockopt(4, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0
read(4, ">\0\0\0\n5.0.92-community\0\350\352^\0@Dp,%u"..., 16384) = 66
stat("/usr/share/mysql/charsets/Index.xml", {st_mode=S_IFREG|0755, 
st_size=18173, ...}) = 0
open("/usr/share/mysql/charsets/Index.xml", O_RDONLY) = 5
read(5, "<?xml version='1.0' encoding=\"ut"..., 18173) = 18173
close(5)                                = 0
write(4, 
"Y\0\0\1\215\242\2\0\0\0\0@\10\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 93) = 
93
read(4, "\7\0\0\2\0\0\0\2\0\0\0", 16384) = 11
poll([{fd=4, events=POLLIN|POLLPRI}], 1, 0) = 0 (Timeout)
write(4, "\r\0\0\0\26SHOW ENGINES", 17) = 17
read(4, "\f\0\0\1\0\1\0\0\0\0\0\0\0\0\0\0", 16384) = 16
poll([{fd=4, events=POLLIN|POLLPRI}], 1, 0) = 0 (Timeout)
write(4, "\n\0\0\0\27\1\0\0\0\0\1\0\0\0", 14) = 14
read(4, "\1\0\0\1\3\34\0\0\2\3def\0\0\0\6Engine\0\f\10\0\n\0\0\0\375"..., 16384) 
= 826
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
 [2011-08-16 01:33 UTC] lgandras at gmail dot com
Hi,

Thank you so much. I was just posting my bug without a reproducible script https://bugs.php.net/bug.php?id=55431. Here's your gdb =)

#0  0x0841f2e8 in add_property_string_ex (arg=0x907af64, key=0x87ad4cc "catalog", key_len=8, str=0x31313230 <Address 0x31313230 out of bounds>, duplicate=1)
    at /home/cpeasyapache/src/php-5.3.6/Zend/zend_API.c:1524
#1  0x081d7628 in php_add_field_properties (value=0x907af64, field=0x90fc6e0) at /home/cpeasyapache/src/php-5.3.6/ext/mysqli/mysqli_api.c:1056
#2  0x081d79b7 in zif_mysqli_fetch_fields (ht=0, return_value=0x907ae80, return_value_ptr=0x0, this_ptr=0x907a9e8, return_value_used=0)
    at /home/cpeasyapache/src/php-5.3.6/ext/mysqli/mysqli_api.c:1114
#3  0x0844632f in zend_do_fcall_common_helper_SPEC (execute_data=0x90a6e50) at /home/cpeasyapache/src/php-5.3.6/Zend/zend_vm_execute.h:316
#4  0x08446f6b in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x90a6e50) at /home/cpeasyapache/src/php-5.3.6/Zend/zend_vm_execute.h:421
#5  0x084456fe in execute (op_array=0x90783f0) at /home/cpeasyapache/src/php-5.3.6/Zend/zend_vm_execute.h:107
#6  0x08419b44 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/cpeasyapache/src/php-5.3.6/Zend/zend.c:1194
#7  0x083ad584 in php_execute_script (primary_file=0xbf8cbb04) at /home/cpeasyapache/src/php-5.3.6/main/main.c:2268
#8  0x084e6f64 in main (argc=2, argv=0xbf8cbc64) at /home/cpeasyapache/src/php-5.3.6/sapi/cli/php_cli.c:1193

I'm exactly in the same situation as you. I can't use PHP 5.3.6. This doesn't seem to happen in PHP 5.3.5.
 [2011-08-16 01:48 UTC] jbboehr at gmail dot com
@lgandras For now, we're just using a work-around case for MySQLi, maybe it'll 
help you:

    if( $adapter instanceof Zend_Db_Adapter_Mysqli ) {
      // Fixes MySQLI segfault in fetch_fields() with SHOW ENGINES
      $connection = $adapter->getConnection();
      $result = mysqli_query($connection, 'SHOW ENGINES');
      if ( !$result instanceof MySQLi_STMT ){
        return $this->_error('badAdapter');
      }
      
      $data = array();
      while ( $row = $result->fetch_array() ){
        $data[] = $row;
      } 
    } else {
      try {
        $data = $adapter->query('SHOW ENGINES')->fetchAll();
      } catch( Exception $e ) {
        return $this->_error('badAdapter');
      }
    }
 [2011-08-16 01:48 UTC] jbboehr at gmail dot com
PS Thanks for the gdb
 [2011-08-22 14:32 UTC] kalle@php.net
-Status: Open +Status: Feedback
 [2011-08-22 14:32 UTC] kalle@php.net
Hi

Does this happen with PHP 5.3.7, what MySQL server version are you using and what MySQL client library is PHP linked against (libmysql or mysqlnd)?
 [2011-08-22 18:17 UTC] lgandras at gmail dot com
Hi,

sorry. We're not able to install till cpanel upgrades it's packages. This usually takes a few weeks. I'm subscribed anyway and will update you as soon as cpanel gets us a newer release.
 [2011-08-22 22:34 UTC] lgandras at gmail dot com
Mysql Server 5.1.56-log
Linked against libmysql
 [2011-08-27 22:10 UTC] lgandras at gmail dot com
It's still reproducible in PHP 5.3.8.
 [2013-02-18 00:34 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.
 [2013-03-19 20:43 UTC] jbboehr at gmail dot com
I'm getting this now instead in latest everything in Ubuntu 12.04 (PHP 5.3.10-
1ubuntu3.6 with Suhosin-Patch) and Client API library version 5.5.29

PHP Warning:  mysqli_stmt::bind_result(): Number of bind variables doesn't match 
number of fields in prepared statement in - on line 6
PHP Stack trace:
PHP   1. {main}() -:0
PHP   2. mysqli_stmt->bind_result() -:6
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Sun Mar 29 23:01:24 2020 UTC