php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #55431 SIGSEV11 mysqli_result::fetch_fields
Submitted: 2011-08-16 01:12 UTC Modified: 2011-08-17 12:52 UTC
From: lgandras at gmail dot com Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 5.3.6 OS: Cent OS 5.6
Private report: No CVE-ID: None
 [2011-08-16 01:12 UTC] lgandras at gmail dot com
Description:
------------
Hi,

I was using phpunit 3.5.13 during this crash. I'm executing a query of type "SHOW CREATE TABLE `name`". I'm also using Zend framework 1.11.6. This means the query es being executed using prepare. I believe this has something to do with the fact that the field returned by mysql has a space in between "Create table". I've got to have a crash executing the same query in other environment, but without being able to reproduce. That time the error came up executing mysqli_result::fetch_fields. This time i don't really know.

'./configure' '--disable-fileinfo' '--disable-pdo' '--disable-phar' '--enable-bcmath' '--enable-calendar' '--enable-ftp' '--enable-libxml' '--enable-magic-quotes' '--enable-mbstring' '--enable-pcntl' '--enable-shmop' '--enable-soap' '--enable-sockets' '--enable-sysvmsg' '--enable-sysvsem' '--enable-sysvshm' '--enable-zip' '--prefix=/usr' '--with-curl=/opt/curlssl/' '--with-gd' '--with-imap=/opt/php_with_imap_client/' '--with-imap-ssl=/usr' '--with-jpeg-dir=/usr' '--with-kerberos' '--with-libxml-dir=/opt/xml2' '--with-libxml-dir=/opt/xml2/' '--with-mcrypt=/opt/libmcrypt/' '--with-mysql=/usr' '--with-mysql-sock=/var/lib/mysql/mysql.sock' '--with-mysqli=/usr/bin/mysql_config' '--with-openssl=/usr' '--with-openssl-dir=/usr' '--with-pcre-regex=/opt/pcre' '--with-png-dir=/usr' '--with-xpm-dir=/usr' '--with-zlib' '--with-zlib-dir=/usr' '--without-sqlite3' 



#0  0x0841f2e8 in add_property_string_ex (arg=0xa2cce98, key=0x87ad4cc "catalog", key_len=8, str=0x79726100 <Address 0x79726100 out of bounds>, duplicate=1)
    at /home/cpeasyapache/src/php-5.3.6/Zend/zend_API.c:1524
#1  0x081d7628 in php_add_field_properties (value=0xa2cce98, field=0x9c65874) at /home/cpeasyapache/src/php-5.3.6/ext/mysqli/mysqli_api.c:1056
#2  0x081d79b7 in zif_mysqli_fetch_fields (ht=0, return_value=0xa2ea190, return_value_ptr=0x0, this_ptr=0xa2ea310, return_value_used=1)
    at /home/cpeasyapache/src/php-5.3.6/ext/mysqli/mysqli_api.c:1114
#3  0x0844632f in zend_do_fcall_common_helper_SPEC (execute_data=0x9c16e40) at /home/cpeasyapache/src/php-5.3.6/Zend/zend_vm_execute.h:316
#4  0x08446f6b in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x9c16e40) at /home/cpeasyapache/src/php-5.3.6/Zend/zend_vm_execute.h:421
#5  0x084456fe in execute (op_array=0xa022ae8) at /home/cpeasyapache/src/php-5.3.6/Zend/zend_vm_execute.h:107
#6  0x0840b5a3 in zend_call_function (fci=0xbf80a798, fci_cache=0xbf80a784) at /home/cpeasyapache/src/php-5.3.6/Zend/zend_execute_API.c:964
#7  0x081ed8f6 in zim_reflection_method_invokeArgs (ht=2, return_value=0xa2eb2fc, return_value_ptr=0x0, this_ptr=0xa2eb450, return_value_used=1)
    at /home/cpeasyapache/src/php-5.3.6/ext/reflection/php_reflection.c:2745
#8  0x0844632f in zend_do_fcall_common_helper_SPEC (execute_data=0x9c15a18) at /home/cpeasyapache/src/php-5.3.6/Zend/zend_vm_execute.h:316
#9  0x08446f6b in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x9c15a18) at /home/cpeasyapache/src/php-5.3.6/Zend/zend_vm_execute.h:421
#10 0x084456fe in execute (op_array=0xa18b944) at /home/cpeasyapache/src/php-5.3.6/Zend/zend_vm_execute.h:107
#11 0x08419b44 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/cpeasyapache/src/php-5.3.6/Zend/zend.c:1194
#12 0x083ad584 in php_execute_script (primary_file=0xbf80cc94) at /home/cpeasyapache/src/php-5.3.6/main/main.c:2268
#13 0x084e6f64 in main (argc=2, argv=0xbf80cdf4) at /home/cpeasyapache/src/php-5.3.6/sapi/cli/php_cli.c:1193


The same executed again

#0  0x0841f2e8 in add_property_string_ex (arg=0x9bd0ae4, key=0x87ad4cc "catalog", key_len=8, str=0x3c202000 <Address 0x3c202000 out of bounds>, duplicate=1)
    at /home/cpeasyapache/src/php-5.3.6/Zend/zend_API.c:1524
#1  0x081d7628 in php_add_field_properties (value=0x9bd0ae4, field=0x955aae4) at /home/cpeasyapache/src/php-5.3.6/ext/mysqli/mysqli_api.c:1056
#2  0x081d79b7 in zif_mysqli_fetch_fields (ht=0, return_value=0x9bd11e4, return_value_ptr=0x0, this_ptr=0x9bd1364, return_value_used=1)
    at /home/cpeasyapache/src/php-5.3.6/ext/mysqli/mysqli_api.c:1114
#3  0x0844632f in zend_do_fcall_common_helper_SPEC (execute_data=0x95040f8) at /home/cpeasyapache/src/php-5.3.6/Zend/zend_vm_execute.h:316
#4  0x08446f6b in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x95040f8) at /home/cpeasyapache/src/php-5.3.6/Zend/zend_vm_execute.h:421
#5  0x084456fe in execute (op_array=0x9910360) at /home/cpeasyapache/src/php-5.3.6/Zend/zend_vm_execute.h:107
#6  0x0840b5a3 in zend_call_function (fci=0xbf8d91f8, fci_cache=0xbf8d91e4) at /home/cpeasyapache/src/php-5.3.6/Zend/zend_execute_API.c:964
#7  0x081ed8f6 in zim_reflection_method_invokeArgs (ht=2, return_value=0x9bd2344, return_value_ptr=0x0, this_ptr=0x9bd2444, return_value_used=1)
    at /home/cpeasyapache/src/php-5.3.6/ext/reflection/php_reflection.c:2745
#8  0x0844632f in zend_do_fcall_common_helper_SPEC (execute_data=0x9502a18) at /home/cpeasyapache/src/php-5.3.6/Zend/zend_vm_execute.h:316
#9  0x08446f6b in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x9502a18) at /home/cpeasyapache/src/php-5.3.6/Zend/zend_vm_execute.h:421
#10 0x084456fe in execute (op_array=0x9a7aa7c) at /home/cpeasyapache/src/php-5.3.6/Zend/zend_vm_execute.h:107
#11 0x08419b44 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/cpeasyapache/src/php-5.3.6/Zend/zend.c:1194
#12 0x083ad584 in php_execute_script (primary_file=0xbf8db6f4) at /home/cpeasyapache/src/php-5.3.6/main/main.c:2268
#13 0x084e6f64 in main (argc=2, argv=0xbf8db854) at /home/cpeasyapache/src/php-5.3.6/sapi/cli/php_cli.c:1193

The thing is when i get to write many echos, the segfault stops appearing. This is really frustrating. Right now i can't provide anything more. Any recommendations?


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-08-16 01:21 UTC] lgandras at gmail dot com
-Summary: SIGSEV11 phpunit 3.5.13 +Summary: SIGSEV11 mysqli_result::fetch_fields
 [2011-08-16 01:21 UTC] lgandras at gmail dot com
Definitively the problematic function is mysqli_result::fetch_fields
 [2011-08-16 03:57 UTC] laruence@php.net
-Status: Open +Status: Feedback
 [2011-08-16 03:57 UTC] laruence@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.


 [2011-08-17 12:52 UTC] lgandras at gmail dot com
-Status: Feedback +Status: Closed
 [2011-08-17 12:52 UTC] lgandras at gmail dot com
This is a duplicate of https://bugs.php.net/bug.php?id=55414
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Fri Aug 07 21:01:25 2020 UTC