|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #72413 mysqlnd segfault (fetch_row second parameter typemismatch)
Submitted: 2016-06-15 14:47 UTC Modified: 2020-11-05 15:55 UTC
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: martin dot koegler at brz dot gv dot at Assigned: mysql (profile)
Status: Closed Package: *General Issues
PHP Version: 5.6.22 OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: martin dot koegler at brz dot gv dot at
New email:
PHP Version: OS:


 [2016-06-15 14:47 UTC] martin dot koegler at brz dot gv dot at
If the MYSQLI_CURSOR_TYPE_READ_ONLY option is active on a mysqli statement, mysqlnd_fetch_stmt_row_cursor is selected as row fetch method.

mysqlnd_fetch_stmt_row_cursor expects a MYSQLND_STMT passed as "param" parameter.  mysqlnd_res::fetch_into passes a zval as this parameter, which yields to a crash.

Test script:
$res = $stmt->get_result();

Expected result:
No segfault

Actual result:
Segfault in
1022                    SET_CLIENT_ERROR(*stmt->conn->error_info, CR_COMMANDS_OUT_OF_SYNC, UNKNOWN_SQLSTATE,

mysqlnd_fetch_stmt_row_cursor at ext/mysqlnd/mysqlnd_ps.c:1022
php_mysqlnd_res_fetch_into_pub at ext/mysqlnd/mysqlnd_result.c:1823


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2016-06-19 13:22 UTC]
-Status: Open +Status: Verified -Package: mysqlnd_uh +Package: *General Issues -Assigned To: +Assigned To: mysql
 [2017-10-24 05:17 UTC]
-Status: Verified +Status: Assigned
 [2020-10-29 15:44 UTC]
Automatic comment on behalf of
Log: Fix bug #72413: Segfault with get_result and PS cursors
 [2020-10-29 15:44 UTC]
-Status: Assigned +Status: Closed
 [2020-11-05 15:55 UTC]
Related To: Bug #68768
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Wed Sep 27 09:01:24 2023 UTC