PHP :: Bug #60715 :: Segfault

Bug #60715

Segfault

Submitted:

2012-01-11 15:44 UTC

Modified:

2012-01-28 00:44 UTC

Votes:	8
Avg. Score:	4.6 ± 0.7
Reproduced:	8 of 8 (100.0%)
Same Version:	8 (100.0%)
Same OS:	5 (62.5%)

From:

martin at martins-creations dot co dot uk

Assigned:

Status:

Not a bug

Package:

Reproducible crash

PHP Version:

5.4.0RC5

OS:

Debian

Private report:

CVE-ID:

None

View Add Comment Developer Edit

[2012-01-11 15:44 UTC] martin at martins-creations dot co dot uk

Description:
------------
I can fix this segfault by either removing the ATTR_PERSISTENT option, or by 
assigning parent::prepare to a local variable (i.e. $stmt = 
parent::prepare('...'))

Also worth nothing I had to compile PHP as shared due to a bug when trying to 
compile the extension with mysqlnd which is filed in a separate report.

Linux localdev 3.1.0-1-amd64 #1 SMP Fri Dec 23 16:37:11 UTC 2011 x86_64 GNU/Linux

$ php -v
PHP 5.4.0RC5 (cli) (built: Jan 10 2012 19:42:22) 
Copyright (c) 1997-2012 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2012 Zend Technologies

$ phpize -v
Configuring for:
PHP Api Version:         20100412
Zend Module Api No:      20100525
Zend Extension Api No:   220100525

$ cat /etc/issue
Debian GNU/Linux wheezy/sid \n \l

$ mysql --version
mysql  Ver 14.14 Distrib 5.1.58, for debian-linux-gnu (x86_64) using readline 6.2



Test script:
---------------
<?php

class BuggedPDO extends PDO {

  protected $stmt = null;

  public function __construct() {
    $options = array(
      \PDO::ATTR_PERSISTENT => true, 
      \PDO::ATTR_ERRMODE => \PDO::ERRMODE_EXCEPTION,
    );

    try {
      parent::__construct('mysql:dbname=testdb;host=localhost', 'testuser', 'testpass', $options);
      $this->stmt = parent::prepare('select * from table');
    } catch (\Exception $ex) {
      var_dump($ex);
    }
  }
}

$test = new BuggedPDO();

Expected result:
----------------
A proper resource in $this->stmt

Actual result:
--------------
Jan 11 10:26:00 kernel: [  956.330577] php-fpm[2255]: segfault at 0 ip 
0000000000729beb sp 00007fffad56c8e0 error 4 in php-fpm[400000+76d000]

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2012-01-11 15:57 UTC] pajoye@php.net

-Package: Reproducible crash +Package: MySQL related

[2012-01-11 16:04 UTC] martin at martins-creations dot co dot uk

I meant I had to compile pdo-mysql as shared


./configure --with-pdo-mysql=shared --enable-fpm --enable-inline-optimization

[2012-01-13 17:37 UTC] martin at martins-creations dot co dot uk

-Package: MySQL related +Package: Reproducible crash

[2012-01-13 17:37 UTC] martin at martins-creations dot co dot uk

Incorrectly diagnosed as a MySQL fault with no comment, so I changed it back.

[2012-01-19 22:18 UTC] martin at martins-creations dot co dot uk

Program received signal SIGSEGV, Segmentation fault.
0x000000000072893b in zend_std_write_property (object=0x7ffff7fd6070, 
member=0x7ffff7fda308, value=0x7ffff7fd7cf8, key=<optimized out>)
    at /usr/local/src/php-5.4.0RC5/Zend/zend_object_handlers.c:526
526                ((variable_ptr = (zval**)zobj->properties_table[property_info-
>offset]) != NULL) :
(gdb) bt
#0  0x000000000072893b in zend_std_write_property (object=0x7ffff7fd6070, 
member=0x7ffff7fda308, value=0x7ffff7fd7cf8, key=<optimized out>)
    at /usr/local/src/php-5.4.0RC5/Zend/zend_object_handlers.c:526
#1  0x0000000000775f07 in zend_assign_to_object (retval=0x0, object_ptr=0xe257c0, 
property_name=0x7ffff7fda308, value_type=4, value_op=<optimized out>, Ts=
<optimized out>, 
    opcode=136, key=0x7ffff7fda308) at /usr/local/src/php-
5.4.0RC5/Zend/zend_execute.c:738
#2  0x0000000000776934 in ZEND_ASSIGN_OBJ_SPEC_UNUSED_CONST_HANDLER 
(execute_data=0x7ffff7fa41c0) at /usr/local/src/php-
5.4.0RC5/Zend/zend_vm_execute.h:22003
#3  0x00000000007642df in execute (op_array=0x7ffff7fd8d60) at 
/usr/local/src/php-5.4.0RC5/Zend/zend_vm_execute.h:410
#4  0x0000000000704db9 in zend_execute_scripts (type=8, retval=0x0, file_count=3) 
at /usr/local/src/php-5.4.0RC5/Zend/zend.c:1272
#5  0x00000000006a557c in php_execute_script (primary_file=0x7fffffffe890) at 
/usr/local/src/php-5.4.0RC5/main/main.c:2476
#6  0x00000000007ac401 in do_cli (argc=2, argv=0x7fffffffec68) at 
/usr/local/src/php-5.4.0RC5/sapi/cli/php_cli.c:983
#7  0x000000000042ed5c in main (argc=2, argv=0x7fffffffec68) at 
/usr/local/src/php-5.4.0RC5/sapi/cli/php_cli.c:1356

[2012-01-28 00:44 UTC] rasmus@php.net

I am not able to reproduce this. Your test script works fine from php cli for me. 
but I also don't have any issues compiling on my Debian box, so I am not sure 
what you are doing wrong. I think you need to take a few steps back and try again 
with a fresh checkout.

[2012-01-28 00:44 UTC] rasmus@php.net

-Status: Open +Status: Not a bug

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Apr 25 16:01:28 2024 UTC