php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #74046 Segfault mysqli + libymsql + MySQL < 5.6 prepared statement fetch
Submitted: 2017-02-05 17:15 UTC Modified: 2017-02-05 17:19 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: deeky666 at googlemail dot com Assigned:
Status: Open Package: MySQLi related
PHP Version: 7.1.1 OS: Ubuntu 16.04
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: deeky666 at googlemail dot com
New email:
PHP Version: OS:

 

 [2017-02-05 17:15 UTC] deeky666 at googlemail dot com 
Description:
------------
Environment:
- Ubuntu 16.04
- PHP 5.6 / 7.0 / 7.1 (all affected)
- mysqli (compiled against libmysql, error does not occur with mysqlnd)
- MySQL server < 5.6 (error does not occur since 5.6)

Trying to fetch the value of an expression like "DATE_ADD(NOW(), INTERVAL 1 SECOND)" using mysqli prepared statement results in a segmentation fault.

The "NOW()" expression part can be substituted by any other date related function or a datetime type column name, same result.

Using a string literal like "2017-01-01" for example does not result in an error.

Using "mysqli_query()" instead of a prepared statement works. Using "pdo_mysql" (libmysql) also works.

Test script:
---------------
$conn = new mysqli("host", "user", "password", "");
$query = "SELECT DATE_ADD(STR_TO_DATE('2017-01-01', '%Y-%m-%d'), INTERVAL 1 SECOND)";
$stmt = $conn->prepare($query);
$stmt->execute();
$stmt->bind_result($value);
var_dump($stmt->fetch());

Expected result:
----------------
string(19) "2017-01-01 00:00:01"

Actual result:
--------------
gdb backtrace:

#0  0x00007ffff3a0290d in ?? () from /usr/lib/x86_64-linux-gnu/libmysqlclient.so.20
#1  0x00007ffff39f18bf in ?? () from /usr/lib/x86_64-linux-gnu/libmysqlclient.so.20
#2  0x00007ffff39f1b28 in ?? () from /usr/lib/x86_64-linux-gnu/libmysqlclient.so.20
#3  0x00007ffff39f631e in mysql_stmt_fetch () from /usr/lib/x86_64-linux-gnu/libmysqlclient.so.20
#4  0x00007ffff359cf60 in mysqli_stmt_fetch_libmysql (execute_data=<optimized out>, return_value=0x7ffff4413140) at /tmp/php-7.1.0/ext/mysqli/mysqli_api.c:960
#5  0x00000000006e8efc in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER () at /tmp/php-7.1.0/Zend/zend_vm_execute.h:1097
#6  0x0000000000690abb in execute_ex (ex=<optimized out>) at /tmp/php-7.1.0/Zend/zend_vm_execute.h:429
#7  0x00000000006eb340 in zend_execute (op_array=0x7ffff447f000, op_array@entry=0x7ffff4486260, return_value=return_value@entry=0x7ffff4413030)
    at /tmp/php-7.1.0/Zend/zend_vm_execute.h:474
#8  0x00000000006474e3 in zend_execute_scripts (type=type@entry=8, retval=0x7ffff4413030, retval@entry=0x0, file_count=file_count@entry=3) at /tmp/php-7.1.0/Zend/zend.c:1474
#9  0x00000000005e4470 in php_execute_script (primary_file=primary_file@entry=0x7fffffffd190) at /tmp/php-7.1.0/main/main.c:2533
#10 0x00000000006ed5c6 in do_cli (argc=9, argv=0xe3b680) at /tmp/php-7.1.0/sapi/cli/php_cli.c:990
#11 0x0000000000428fec in main (argc=9, argv=0xe3b680) at /tmp/php-7.1.0/sapi/cli/php_cli.c:1378

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-02-05 17:19 UTC] deeky666 at googlemail dot com
-Package: Reproducible crash +Package: MySQLi related
 [2017-02-05 17:19 UTC] deeky666 at googlemail dot com 
Sorry the test script is wrong. The correct one should be:

$conn = new mysqli("host", "user", "password", "");
$query = "SELECT DATE_ADD(STR_TO_DATE('2017-01-01', '%Y-%m-%d'), INTERVAL 1 SECOND)";
$stmt = $conn->prepare($query);
$stmt->execute();
$stmt->bind_result($value);
$stmt->fetch();
var_dump($value);
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved. 		Last updated: Fri Oct 30 20:01:24 2020 UTC