|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74046 Segfault mysqli + libymsql + MySQL < 5.6 prepared statement fetch
Submitted: 2017-02-05 17:15 UTC Modified: 2021-05-31 21:04 UTC
Avg. Score:4.0 ± 1.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: deeky666 at googlemail dot com Assigned: cmb (profile)
Status: Wont fix Package: MySQLi related
PHP Version: 7.1.1 OS: Ubuntu 16.04
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: deeky666 at googlemail dot com
New email:
PHP Version: OS:


 [2017-02-05 17:15 UTC] deeky666 at googlemail dot com
- Ubuntu 16.04
- PHP 5.6 / 7.0 / 7.1 (all affected)
- mysqli (compiled against libmysql, error does not occur with mysqlnd)
- MySQL server < 5.6 (error does not occur since 5.6)

Trying to fetch the value of an expression like "DATE_ADD(NOW(), INTERVAL 1 SECOND)" using mysqli prepared statement results in a segmentation fault.

The "NOW()" expression part can be substituted by any other date related function or a datetime type column name, same result.

Using a string literal like "2017-01-01" for example does not result in an error.

Using "mysqli_query()" instead of a prepared statement works. Using "pdo_mysql" (libmysql) also works.

Test script:
$conn = new mysqli("host", "user", "password", "");
$query = "SELECT DATE_ADD(STR_TO_DATE('2017-01-01', '%Y-%m-%d'), INTERVAL 1 SECOND)";
$stmt = $conn->prepare($query);

Expected result:
string(19) "2017-01-01 00:00:01"

Actual result:
gdb backtrace:

#0  0x00007ffff3a0290d in ?? () from /usr/lib/x86_64-linux-gnu/
#1  0x00007ffff39f18bf in ?? () from /usr/lib/x86_64-linux-gnu/
#2  0x00007ffff39f1b28 in ?? () from /usr/lib/x86_64-linux-gnu/
#3  0x00007ffff39f631e in mysql_stmt_fetch () from /usr/lib/x86_64-linux-gnu/
#4  0x00007ffff359cf60 in mysqli_stmt_fetch_libmysql (execute_data=<optimized out>, return_value=0x7ffff4413140) at /tmp/php-7.1.0/ext/mysqli/mysqli_api.c:960
#5  0x00000000006e8efc in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER () at /tmp/php-7.1.0/Zend/zend_vm_execute.h:1097
#6  0x0000000000690abb in execute_ex (ex=<optimized out>) at /tmp/php-7.1.0/Zend/zend_vm_execute.h:429
#7  0x00000000006eb340 in zend_execute (op_array=0x7ffff447f000, op_array@entry=0x7ffff4486260, return_value=return_value@entry=0x7ffff4413030)
    at /tmp/php-7.1.0/Zend/zend_vm_execute.h:474
#8  0x00000000006474e3 in zend_execute_scripts (type=type@entry=8, retval=0x7ffff4413030, retval@entry=0x0, file_count=file_count@entry=3) at /tmp/php-7.1.0/Zend/zend.c:1474
#9  0x00000000005e4470 in php_execute_script (primary_file=primary_file@entry=0x7fffffffd190) at /tmp/php-7.1.0/main/main.c:2533
#10 0x00000000006ed5c6 in do_cli (argc=9, argv=0xe3b680) at /tmp/php-7.1.0/sapi/cli/php_cli.c:990
#11 0x0000000000428fec in main (argc=9, argv=0xe3b680) at /tmp/php-7.1.0/sapi/cli/php_cli.c:1378


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2017-02-05 17:19 UTC] deeky666 at googlemail dot com
-Package: Reproducible crash +Package: MySQLi related
 [2017-02-05 17:19 UTC] deeky666 at googlemail dot com
Sorry the test script is wrong. The correct one should be:

$conn = new mysqli("host", "user", "password", "");
$query = "SELECT DATE_ADD(STR_TO_DATE('2017-01-01', '%Y-%m-%d'), INTERVAL 1 SECOND)";
$stmt = $conn->prepare($query);
 [2021-05-31 21:04 UTC]
-Status: Open +Status: Wont fix -Assigned To: +Assigned To: cmb
 [2021-05-31 21:04 UTC]
This is likely an issue with the old MySQL version, and even if
not, won't be addressed by us.  Either use a somewhat recent MySQL
server, or mysqlnd, or avoid such problematic constructs.
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Wed Jul 06 01:05:44 2022 UTC