php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70073 mysqlnd crashes on stored procedure call execution
Submitted: 2015-07-14 16:32 UTC Modified: 2020-10-29 15:48 UTC
Votes:3
Avg. Score:4.3 ± 0.9
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (50.0%)
From: johntiror at gmail dot com Assigned:
Status: Duplicate Package: MySQL related
PHP Version: 5.6Git-2015-07-14 (snap) OS: Winows/Linux
Private report: No CVE-ID: None
 [2015-07-14 16:32 UTC] johntiror at gmail dot com
Description:
------------
Apache is crashing systematically with error:
AH00428: Parent: child process 9628 exited with status 255 -- Restarting.

APACHE error log:

[Tue Jul 14 15:02:13.038276 2015] [mpm_winnt:notice] [pid 7044:tid 404] AH00428: Parent: child process 9448 exited with status 255 -- Restarting.
[Tue Jul 14 15:02:13.324305 2015] [mpm_winnt:notice] [pid 7044:tid 404] AH00455: Apache/2.4.9 (Win32) PHP/5.5.12 configured -- resuming normal operations
[Tue Jul 14 15:02:13.329306 2015] [mpm_winnt:notice] [pid 7044:tid 404] AH00456: Apache Lounge VC11 Server built: Mar 16 2014 12:13:13
[Tue Jul 14 15:02:13.329306 2015] [core:notice] [pid 7044:tid 404] AH00094: Command line: 'C:\\Program Files\\wamp\\bin\\apache\\apache2.4.9\\bin\\httpd.exe -d C:/Program Files/wamp/bin/apache/apache2.4.9'
[Tue Jul 14 15:02:13.352308 2015] [mpm_winnt:notice] [pid 7044:tid 404] AH00418: Parent: Created child process 3140
[Tue Jul 14 15:02:14.528388 2015] [mpm_winnt:notice] [pid 3140:tid 332] AH00354: Child: Starting 64 worker threads.

I checked windows event and I found httpd.exe is crashing caused by php5ts.dll

Test script:
---------------
HOW TO REPRODUCE:

PHP code:

$mysqli=new mysqli(DB_HOST, DB_USERNAME, DB_PASSWORD, DB_NAME);

if (!($stmt = $mysqli->prepare("CALL test()"))) {
    echo "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error;
}

if (!$stmt->execute()) {
    echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
}

do {
    if ($res = $stmt->get_result()) { //Apache crash on this call
        printf("---\n");
        var_dump($res->fetch_assoc());
        mysqli_free_result($res);
    } else {
        if ($stmt->errno) {
            echo "Store failed: (" . $stmt->errno . ") " . $stmt->error;
        }
    }
} while ($stmt->more_results() && $stmt->next_result());

Store procedure code:

CREATE DEFINER=`root`@`localhost` PROCEDURE `test`()
BEGIN
declare test_var varchar(100) default "ciao";
declare bNoMoreRows bool default false;
declare test_cursor cursor for
    select id from tmp_folder;
declare continue handler for not found set bNoMoreRows := true;
create temporary table tmp_folder select "test" as id;
open test_cursor;
fetch test_cursor into test_var;
close test_cursor;
select test_var;
drop temporary table if exists tmp_folder;
END

Expected result:
----------------
I expect to read "test" in the browser

Actual result:
--------------
Apache is crashing

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-07-15 16:02 UTC] ab@php.net
-Summary: Apache crash +Summary: mysqlnd crashes on -Status: Open +Status: Verified -Operating System: Win 7 +Operating System: Winows/Linux
 [2015-07-15 16:02 UTC] ab@php.net
I reproduce this with the same backtrace on Linux/Windows in 5.6 and 7.0.0beta1

mysqlnd_fetch_stmt_row_cursor (result=0x7ffff685d780, param=0x7ffff6814210, flags=<optimized out>, fetched_anything=0x7fffffffac5f "") at /home/anatol/tmp/php-7.0.0beta1/ext/mysqlnd/mysqlnd_ps.c:1045
1045                    SET_CLIENT_ERROR(*stmt->conn->error_info, CR_COMMANDS_OUT_OF_SYNC, UNKNOWN_SQLSTATE,
(gdb) bt
#0  mysqlnd_fetch_stmt_row_cursor (result=0x7ffff685d780, param=0x7ffff6814210, flags=<optimized out>, fetched_anything=0x7fffffffac5f "") at /home/anatol/tmp/php-7.0.0beta1/ext/mysqlnd/mysqlnd_ps.c:1045
#1  0x0000000000693a15 in php_mysqlnd_res_fetch_into_pub (result=0x7ffff685d780, flags=1, return_value=0x7ffff6814210, extension=MYSQLND_MYSQLI)
    at /home/anatol/tmp/php-7.0.0beta1/ext/mysqlnd/mysqlnd_result.c:1728
#2  0x000000000057c513 in php_mysqli_fetch_into_hash_aux (fetchtype=<optimized out>, result=<optimized out>, return_value=0x7ffff6814210) at /home/anatol/tmp/php-7.0.0beta1/ext/mysqli/mysqli.c:1216
#3  php_mysqli_fetch_into_hash (execute_data=<optimized out>, return_value=0x7ffff6814210, override_flags=<optimized out>, into_object=0) at /home/anatol/tmp/php-7.0.0beta1/ext/mysqli/mysqli.c:1267

What seems to go wrong is a "CALL test()" which mysqlnd internally thinks should deliver some data. Tested with MySQL 5.6.14. So the actual error must somewhere earlier in stmt::execute(). I'm not sure it should actually deliver some data at all, as that's a stored procedure. And this bug is kinda too MySQL specific me to decide about the correct behavior.

Thanks.
 [2015-07-15 16:02 UTC] ab@php.net
-Summary: mysqlnd crashes on +Summary: mysqlnd crashes on stored procedure call execution
 [2015-07-15 16:02 UTC] ab@php.net
fix the summary :)
 [2015-07-15 16:03 UTC] ab@php.net
-Assigned To: +Assigned To: mysql
 [2015-07-27 15:55 UTC] mrf174 at gmail dot com
Reproducing this is so easy. Why don't you fix it. Right now if you do
prepare("CALL `my_stored_procedure`");
execute() and do a get_result(); and try to fetch_all(); on it, PHP will make Apache exit with code 255. Tested on WAMP. Tested on IIS with PHP which made "C:\Program Files (x86)\php-5.3.28-nts-Win32-VC9-x86\php-cgi.exe - The FastCGI process exited unexpectedly".

This happens only IF you do an 'OPEN my_cursor' inside `my_stored_procedure`. Basically you can't use cursors inside MySql Stored Procedures called in mysqli prepare() (as in http://php.net/manual/en/mysqli.prepare.php). When you try to fetch data, t crashes the server and makes the http connection reset.
 [2015-07-27 16:06 UTC] mrf174 at gmail dot com
Related bug -> https://bugs.php.net/bug.php?id=64638 in case it helps finding the issue.
 [2016-08-15 17:25 UTC] stas@php.net
-Assigned To: mysql +Assigned To: andrey
 [2017-10-24 05:46 UTC] kalle@php.net
-Status: Verified +Status: Assigned
 [2017-10-24 07:21 UTC] kalle@php.net
-Status: Assigned +Status: Open -Assigned To: andrey +Assigned To:
 [2020-10-29 15:48 UTC] nikic@php.net
-Status: Open +Status: Duplicate
 [2020-10-29 15:48 UTC] nikic@php.net
Same issue as bug #72413, which is now fixed in that get_result() with cursors is now explicitly forbidden.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 12:01:29 2024 UTC