php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74247 Mysql Blob field data gets corrupted after 16MB
Submitted: 2017-03-14 21:57 UTC Modified: 2017-03-14 22:53 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: support at dsolutions dot lv Assigned:
Status: Duplicate Package: MySQLi related
PHP Version: 7.1.2 OS: Linux
Private report: No CVE-ID:
 [2017-03-14 21:57 UTC] support at dsolutions dot lv
Description:
------------
Since PHP version 7.1.15 when reading a longblob field from MySQL, mysqlnd driver inserts a 0x00 byte at position 16777204 ( or 2^24-12). Therefore all data following said zero is shifted 1 byte to the right.
However the total length of the data is unchanged, as the last byte of the blob is not returned.
Test script is for mysqli, however I was able to reproduce the same behaviour with pdo.

I have some suspicion that the problem resides within the file  "ext/mysqlnd/mysqlnd_wireprotocol.c" as it was modified for version 7.0.15.

Test script:
---------------
echo "\nPHP version:".phpversion();
$mysqli = new mysqli('localhost', 'root', '', 'test');
$mysqli->query("DROP TABLE IF EXISTS `blob_tb`;");
$mysqli->query("CREATE TABLE `blob_tb` (`bdata` longblob);");
$sql = "INSERT INTO blob_tb (bdata) VALUES(?)";
$insertStm = $mysqli->prepare($sql);
$blob = NULL;
$insertStm->bind_param('b', $blob);
$crypto_strong=false;
$blob = (binary) openssl_random_pseudo_bytes (20*1024*1024,$crypto_strong);
$insertStm->send_long_data(0, $blob);
$insertStm->execute();
$insertStm->close();
echo "\nInserted data md5: ".md5($blob).", len ".strlen($blob);
$selectStm = $mysqli->prepare("SELECT bdata FROM blob_tb LIMIT 1");
$selectStm->execute();
$selectStm->bind_result($savedBlob);
$selectStm->fetch();
$selectStm->close();
echo "\nAre the blobs equal?: " . ((int) ($blob == $savedBlob));
echo "\nSelected data: md5: ".md5($savedBlob);
echo "\nSQL md5(): ".$mysqli->query("select md5(bdata) as database_md5 from blob_tb;")->fetch_assoc()['database_md5'];
$mysqli->close();

Expected result:
----------------
PHP version:7.0.14
Inserted data md5: 7792a7fd3351033132f991e7a8e939f3, len 20971520
Are the blobs equal?: 1
Selected data: md5: 7792a7fd3351033132f991e7a8e939f3
SQL md5(): 7792a7fd3351033132f991e7a8e939f3


PHP version:7.0.13-1+deb.sury.org~trusty+1
Inserted data md5: b6130b103663d6facbcba10301dd23e1, len 20971520
Are the blobs equal?: 1
Selected data: md5: b6130b103663d6facbcba10301dd23e1
SQL md5(): b6130b103663d6facbcba10301dd23e1

Actual result:
--------------
On Centos 7:
PHP version:7.0.16
Inserted data md5: 7354bdcb5ee180e069fb686bd289242c, len 20971520
Are the blobs equal?: 0
Selected data: md5: 887f9bbf56e7ad378e8672277d07c267
SQL md5(): 7354bdcb5ee180e069fb686bd289242c

PHP version:7.0.15
Inserted data md5: e13724a895dc46e073c4c7ddb005d09d, len 20971520
Are the blobs equal?: 0
Selected data: md5: aa68f482f6a75ae77027728a09485da0
SQL md5(): e13724a895dc46e073c4c7ddb005d09d

On Ubuntu:
PHP version:7.0.16-4+deb.sury.org~trusty+1
Inserted data md5: 5ab7bb3d517fbfbbd21ec02c48da2d88, len 20971520
Are the blobs equal?: 0
Selected data: md5: 9eb90f968797d617b7385fd166f34067
SQL md5(): 5ab7bb3d517fbfbbd21ec02c48da2d88


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-03-14 22:06 UTC] support at dsolutions dot lv
-Summary: Blob +Summary: Mysql Blob field data gets corrupted after 16MB
 [2017-03-14 22:06 UTC] support at dsolutions dot lv
Correction: Since PHP version *7.0.15*
 [2017-03-14 22:06 UTC] spam2 at rhsoft dot net
here you go: https://bugs.php.net/bug.php?id=74021

7.0.17 and 7.1.3 are your friends - you really should look at http://qa.php.net/ before claim something is "new"

[root@buildserver:~]$ php -v
PHP 7.0.17 (cli) (built: Mar 14 2017 21:04:22) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies

[harry@srv-rhsoft:~]$ php -v
PHP 7.1.3 (cli) (built: Mar 14 2017 20:37:55) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.1.0, Copyright (c) 1998-2017 Zend Technologies
 [2017-03-14 22:16 UTC] support at dsolutions dot lv
-PHP Version: 7.1.3RC1 +PHP Version: 7.1.2
 [2017-03-14 22:16 UTC] support at dsolutions dot lv
Indeed the latest version I can install from a package in Linux PHP is either 7.0.16 or 7.1.2, and both of those have the issue.

PHP version:7.1.2
Inserted data md5: a62027f751aaf95638fea4f427883310, len 20971520
Are the blobs equal?: 0
Selected data: md5: 70f2d10002fb8982c0c7a8317e344518
SQL md5(): a62027f751aaf95638fea4f427883310
 [2017-03-14 22:53 UTC] nikic@php.net
-Status: Open +Status: Duplicate
 [2017-03-14 22:53 UTC] nikic@php.net
Marking as duplicate of bug #74021. The fix is in 7.0.17 and 7.1.3, which have been tagged today, so should be released on Thursday.
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Fri Jun 23 10:01:44 2017 UTC