php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #61079 mysqli crashes when var_dump'ed while not connected
Submitted: 2012-02-13 22:50 UTC Modified: 2012-02-15 12:01 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: derick@php.net Assigned:
Status: Duplicate Package: MySQLi related
PHP Version: 5.3SVN-2012-02-13 (SVN) OS: Linux
Private report: No CVE-ID: None
 [2012-02-13 22:50 UTC] derick@php.net
Description:
------------
This creates a segfault:

export USE_ZEND_ALLOC=0

php -n -r '$c = mysqli_init(); var_dump($c);'

Backtrace:

0x00007ffff6b0303e in mysql_stat () from /usr/lib/libmysqlclient.so.16
(gdb) bt
#0  0x00007ffff6b0303e in mysql_stat () from /usr/lib/libmysqlclient.so.16
#1  0x00000000006a78a4 in link_stat_read (obj=0x148fc80, retval=0x7fffffffda98) at /home/derick/dev/php/php-src/branches/PHP_5_3/ext/mysqli/mysqli_prop.c:226
#2  0x000000000069567c in mysqli_read_property (object=0x148cf30, member=0x7fffffffdb30, type=3) at /home/derick/dev/php/php-src/branches/PHP_5_3/ext/mysqli/mysqli.c:339
#3  0x0000000000695be6 in mysqli_object_get_debug_info (object=0x148cf30, is_temp=0x7fffffffdbc0) at /home/derick/dev/php/php-src/branches/PHP_5_3/ext/mysqli/mysqli.c:468
#4  0x000000000088f895 in php_var_dump (struc=0x7ffff7ea6148, level=1) at /home/derick/dev/php/php-src/branches/PHP_5_3/ext/standard/var.c:129
#5  0x000000000088fc32 in zif_var_dump (ht=1, return_value=0x148fcb0, return_value_ptr=0x0, this_ptr=0x0, return_value_used=0)
    at /home/derick/dev/php/php-src/branches/PHP_5_3/ext/standard/var.c:181
#6  0x000000000099a026 in zend_do_fcall_common_helper_SPEC (execute_data=0x7ffff7ea6030) at /home/derick/dev/php/php-src/branches/PHP_5_3/Zend/zend_vm_execute.h:320
#7  0x000000000099e4cf in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0x7ffff7ea6030) at /home/derick/dev/php/php-src/branches/PHP_5_3/Zend/zend_vm_execute.h:1640
#8  0x00000000009994ff in execute (op_array=0x148d8c0) at /home/derick/dev/php/php-src/branches/PHP_5_3/Zend/zend_vm_execute.h:107
#9  0x0000000000956e22 in zend_eval_stringl (str=0x7fffffffe643 "$c = mysqli_init(); var_dump($c);", str_len=33, retval_ptr=0x0, string_name=0xf62b34 "Command line code")
    at /home/derick/dev/php/php-src/branches/PHP_5_3/Zend/zend_execute_API.c:1198
#10 0x0000000000957060 in zend_eval_stringl_ex (str=0x7fffffffe643 "$c = mysqli_init(); var_dump($c);", str_len=33, retval_ptr=0x0, string_name=0xf62b34 "Command line code", 
    handle_exceptions=1) at /home/derick/dev/php/php-src/branches/PHP_5_3/Zend/zend_execute_API.c:1240
#11 0x00000000009570ef in zend_eval_string_ex (str=0x7fffffffe643 "$c = mysqli_init(); var_dump($c);", retval_ptr=0x0, string_name=0xf62b34 "Command line code", 
    handle_exceptions=1) at /home/derick/dev/php/php-src/branches/PHP_5_3/Zend/zend_execute_API.c:1251
#12 0x0000000000a48018 in main (argc=4, argv=0x7fffffffe358) at /home/derick/dev/php/php-src/branches/PHP_5_3/sapi/cli/php_cli.c:1223

Valgrind tracE:

derick@whisky:~/dev/php/xdebug$ valgrind php -n -r '$c = mysqli_init(); var_dump($c);'
==26602== Memcheck, a memory error detector
==26602== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==26602== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==26602== Command: php -n -r $c\ =\ mysqli_init();\ var_dump($c);
==26602== 

Warning: var_dump(): Property access is not allowed yet in Command line code on line 1

Warning: var_dump(): Property access is not allowed yet in Command line code on line 1

Warning: var_dump(): Property access is not allowed yet in Command line code on line 1

Warning: var_dump(): Property access is not allowed yet in Command line code on line 1

Warning: var_dump(): Property access is not allowed yet in Command line code on line 1

Warning: var_dump(): Property access is not allowed yet in Command line code on line 1

Warning: var_dump(): Property access is not allowed yet in Command line code on line 1
==26602== Invalid read of size 8
==26602==    at 0x5DA603E: mysql_stat (in /usr/lib/libmysqlclient.so.16.0.0)
==26602==    by 0x6A78A3: link_stat_read (mysqli_prop.c:226)
==26602==    by 0x69567B: mysqli_read_property (mysqli.c:339)
==26602==    by 0x695BE5: mysqli_object_get_debug_info (mysqli.c:468)
==26602==    by 0x88F894: php_var_dump (var.c:129)
==26602==    by 0x88FC31: zif_var_dump (var.c:181)
==26602==    by 0x99A025: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:320)
==26602==    by 0x99E4CE: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:1640)
==26602==    by 0x9994FE: execute (zend_vm_execute.h:107)
==26602==    by 0x956E21: zend_eval_stringl (zend_execute_API.c:1198)
==26602==    by 0x95705F: zend_eval_stringl_ex (zend_execute_API.c:1240)
==26602==    by 0x9570EE: zend_eval_string_ex (zend_execute_API.c:1251)
==26602==  Address 0x8 is not stack'd, malloc'd or (recently) free'd
==26602== 
==26602== 
==26602== Process terminating with default action of signal 11 (SIGSEGV)
==26602==  Access not within mapped region at address 0x8
==26602==    at 0x5DA603E: mysql_stat (in /usr/lib/libmysqlclient.so.16.0.0)
==26602==    by 0x6A78A3: link_stat_read (mysqli_prop.c:226)
==26602==    by 0x69567B: mysqli_read_property (mysqli.c:339)
==26602==    by 0x695BE5: mysqli_object_get_debug_info (mysqli.c:468)
==26602==    by 0x88F894: php_var_dump (var.c:129)
==26602==    by 0x88FC31: zif_var_dump (var.c:181)
==26602==    by 0x99A025: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:320)
==26602==    by 0x99E4CE: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:1640)
==26602==    by 0x9994FE: execute (zend_vm_execute.h:107)
==26602==    by 0x956E21: zend_eval_stringl (zend_execute_API.c:1198)
==26602==    by 0x95705F: zend_eval_stringl_ex (zend_execute_API.c:1240)
==26602==    by 0x9570EE: zend_eval_string_ex (zend_execute_API.c:1251)


Test script:
---------------
$c = mysqli_init(); var_dump($c);

Expected result:
----------------
No crash


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-02-15 12:01 UTC] johannes@php.net
-Status: Open +Status: Duplicate
 [2012-02-15 12:01 UTC] johannes@php.net
See bug #61003
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Thu Sep 19 08:01:26 2019 UTC