php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #63398 Segfault when polling closed link
Submitted: 2012-10-30 13:40 UTC Modified: 2012-11-30 06:52 UTC
From: aeryaguzov at gmail dot com Assigned: laruence
Status: Closed Package: MySQLi related
PHP Version: 5.4.8 OS: Ubuntu 12.04
Private report: No CVE-ID:
 [2012-10-30 13:40 UTC] aeryaguzov at gmail dot com
Description:
------------
Try to poll already closed connection caused segfault

Test script:
---------------
$link = new mysqli('host', 'user', 'password', 'db', 'port');

mysqli_close($link);

$read = $error = $reject = array();
$read[] = $error[] = $reject[] = $link;

mysqli_poll($read, $error, $reject, 1);


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-10-30 15:01 UTC] laruence@php.net
a quick fix is:

diff --git a/ext/mysqli/mysqli_nonapi.c b/ext/mysqli/mysqli_nonapi.c
index 2b6a1af..c51fadd 100644
--- a/ext/mysqli/mysqli_nonapi.c
+++ b/ext/mysqli/mysqli_nonapi.c
@@ -695,6 +695,9 @@ static int mysqlnd_zval_array_from_mysqlnd_array(MYSQLND 
**in_array, zval *out_a
 		{
 			MY_MYSQL *mysql;
 			mysqli_object *intern = (mysqli_object 
*)zend_object_store_get_object(*elem TSRMLS_CC);
+			if (!intern->ptr) {
+				continue;
+			}
 			mysql = (MY_MYSQL *) ((MYSQLI_RESOURCE *)intern->ptr)-
>ptr;
 			if (mysql->mysql == *p) {
 				zend_hash_next_index_insert(new_hash, (void 
*)elem, sizeof(zval *), (void **)&dest_elem);
 [2012-10-30 15:01 UTC] laruence@php.net
-Assigned To: +Assigned To: mysql
 [2012-11-30 06:28 UTC] laruence@php.net
-Status: Assigned +Status: Closed
 [2012-11-30 06:28 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=40fabf68edd5524b9ce0cda925d6c7888d8441c3
Log: Fixed bug #63398 (Segfault when polling closed link)
 [2012-11-30 06:29 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=40fabf68edd5524b9ce0cda925d6c7888d8441c3
Log: Fixed bug #63398 (Segfault when polling closed link)
 [2012-11-30 06:30 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=40fabf68edd5524b9ce0cda925d6c7888d8441c3
Log: Fixed bug #63398 (Segfault when polling closed link)
 [2012-11-30 06:31 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=40fabf68edd5524b9ce0cda925d6c7888d8441c3
Log: Fixed bug #63398 (Segfault when polling closed link)
 [2012-11-30 06:52 UTC] laruence@php.net
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.


 [2012-11-30 06:52 UTC] laruence@php.net
-Assigned To: mysql +Assigned To: laruence
 [2012-12-19 17:55 UTC] derick@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=40fabf68edd5524b9ce0cda925d6c7888d8441c3
Log: Fixed bug #63398 (Segfault when polling closed link)
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sat Apr 19 09:02:28 2014 UTC