php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70572 segfault in mysqlnd_connect
Submitted: 2015-09-24 12:10 UTC Modified: 2015-09-24 12:19 UTC
From: remi@php.net Assigned: andrey (profile)
Status: Closed Package: MySQL related
PHP Version: 5.6.13 OS: GNU/LInux
Private report: No CVE-ID: None
 [2015-09-24 12:10 UTC] remi@php.net
Description:
------------
Downstream bug report https://bugzilla.redhat.com/1266024



Actual result:
--------------
Truncated backtrace:
Thread no. 1 (10 frames)
 #0 php_strlcpy at /usr/src/debug/php-5.6.13/main/strlcpy.c:78
 #1 php_mysqlnd_net_open_tcp_or_unix_pub at /usr/src/debug/php-5.6.13/ext/mysqlnd/mysqlnd_net.c:189
 #2 php_mysqlnd_net_connect_ex_pub at /usr/src/debug/php-5.6.13/ext/mysqlnd/mysqlnd_net.c:304
 #3 php_mysqlnd_conn_data_connect_handshake_pub at /usr/src/debug/php-5.6.13/ext/mysqlnd/mysqlnd.c:806
 #4 php_mysqlnd_conn_data_connect_pub at /usr/src/debug/php-5.6.13/ext/mysqlnd/mysqlnd.c:998
 #5 php_mysqlnd_conn_connect_pub at /usr/src/debug/php-5.6.13/ext/mysqlnd/mysqlnd.c:1138
 #6 mysqlnd_connect at /usr/src/debug/php-5.6.13/ext/mysqlnd/mysqlnd.c:1172
 #7 php_mysql_do_connect at /usr/src/debug/php-5.6.13/ext/mysql/php_mysql.c:1016
 #8 dtrace_execute_internal at /usr/src/debug/php-5.6.13/Zend/zend_dtrace.c:97
 #9 xdebug_execute_internal at /home/shevchenko/temp/xdebug-2.3.3/xdebug.c:1767

Patches

0001-Fix-bug-70572-segfault-in-mysqlnd_connect.patch (last revision 2015-09-24 12:12 UTC by remi@php.net)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-09-24 12:12 UTC] remi@php.net
The following patch has been added/updated:

Patch Name: 0001-Fix-bug-70572-segfault-in-mysqlnd_connect.patch
Revision:   1443096752
URL:        https://bugs.php.net/patch-display.php?bug=70572&patch=0001-Fix-bug-70572-segfault-in-mysqlnd_connect.patch&revision=1443096752
 [2015-09-24 12:15 UTC] remi@php.net
Sorry, I have no reproducer, but looking at code, as we have a test for "errstr" (before the free), this probably mean it can be null, so cannot be used for SET_CLIENT_ERROR (which use it for strlcpy, probably raising segfault).

So I prefer a patch review, instead of a direct commit.
(patch can be apply using "git am")
 [2015-09-24 12:19 UTC] remi@php.net
-Assigned To: +Assigned To: andrey
 [2015-09-24 12:19 UTC] remi@php.net
@Andrey, can you please have a look ?
 [2015-09-25 12:30 UTC] andrey@php.net
Automatic comment on behalf of andrey
Revision: http://git.php.net/?p=php-src.git;a=commit;h=59de2c037c4c946fc43478edc154d89dda95873d
Log: Fixed bug #70572 segfault in mysqlnd_connect
 [2015-09-25 12:30 UTC] andrey@php.net
-Status: Assigned +Status: Closed
 [2015-09-25 12:30 UTC] andrey@php.net
Automatic comment on behalf of andrey
Revision: http://git.php.net/?p=php-src.git;a=commit;h=59de2c037c4c946fc43478edc154d89dda95873d
Log: Fixed bug #70572 segfault in mysqlnd_connect
 [2015-09-25 12:30 UTC] andrey@php.net
Automatic comment on behalf of andrey
Revision: http://git.php.net/?p=php-src.git;a=commit;h=59de2c037c4c946fc43478edc154d89dda95873d
Log: Fixed bug #70572 segfault in mysqlnd_connect
 [2015-09-29 13:10 UTC] ab@php.net
Automatic comment on behalf of andrey
Revision: http://git.php.net/?p=php-src.git;a=commit;h=59de2c037c4c946fc43478edc154d89dda95873d
Log: Fixed bug #70572 segfault in mysqlnd_connect
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Oct 12 13:01:27 2024 UTC