|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2018-02-06 15:29 UTC] s dot pfalz at webcookies dot de
Description:
------------
When executing the code below PHP-FPM interpreter crashes with sigsegv and dumps core.
The problem is related to the subquery, which should normally return only 1 row, but in my case it would return 2 rows, which of course cannot work and I expected an error code: "Error Code: 1242. Subquery returns more than 1 row".
However i got a crash (503 Service unavailable) and a coredump was written.
Test script:
---------------
<?php
$mysqli = new mysqli("localhost","xyz","xyz_2k17","xyz");
if($mysqli->connect_errno)
{
die("Cannot connect: ".$mysqli->connect_error);
}
$SQL=<<<EOM
SELECT bc.ID AS BOOKING_CUSTOMER_ID,
bc.REF_ORDER_ID,
bc.BOOKING_NUMBER,
bc.STATUS,
UNIX_TIMESTAMP(bc.PAYMENT_DATE) AS BOOKING_PAYMENT_DATE,
bc.PAYMENT_SUM,
bc.BOOKING_STATUS,
bc.BOOKING_STATUS_CODE,
bc.BOOKING_MESSAGE,
bc.TRANSACTION_ID,
UNIX_TIMESTAMP(bc.BOOKING_DATE) AS BC_BOOKING_DATE,
UNIX_TIMESTAMP(EXECUTION_DATE) AS BC_EXECUTION_DATE,
UNIX_TIMESTAMP(bc.CDATE) AS BOOKING_CUSTOMER_CDATE,
UNIX_TIMESTAMP(bc.MDATE) AS BOOKING_CUSTOMER_MDATE,
(SELECT PAYMENT_SUM+PENALTY_FEE+PROCESSING_FEE+LAWYER_FEE FROM xyz_failed_payments fp WHERE fp.REF_BOOKING_ID=bc.ID) AS PAYMENT_FEE
FROM xyz_order_booking_customer bc
WHERE bc.REF_ORDER_ID=?
ORDER BY bc.BOOKING_NUMBER
EOM;
if(!($stmt = $mysqli->prepare($SQL)))
{
die("PREPARE FAILED: ".$mysqli->error);
}
$id = 9;
if(!$stmt->bind_param("i",$id))
{
die("Binding failed: ".$stmt->error);
}
if(!$stmt->execute())
{
die("Execute failed! ".$stmt->error);
}
Expected result:
----------------
Execute should give an error:
Error Code: 1242. Subquery returns more than 1 row
Actual result:
--------------
Segmentation fault (core dumped)
Backtrace:
#0 0x00000000008ebdd0 in php_mysqlnd_stmt_fetch_pub ()
#1 0x00007fb77d479188 in ?? ()
#2 0x00007ffc0bbbd71f in ?? ()
#3 0x0000000001329e60 in m_sbox ()
#4 0x0000000000000001 in ?? ()
#5 0x00007fb77d487008 in ?? ()
#6 0x00007ffc0bbbda00 in ?? ()
#7 0x00000000008e47c4 in php_mysqlnd_result_buffered_num_rows_pub ()
#8 0x00007fb77d46c248 in ?? ()
#9 0x00007fb77d487008 in ?? ()
#10 0x00007fb77d472148 in ?? ()
#11 0x00007fb77d487008 in ?? ()
#12 0x00007fb77d46d008 in ?? ()
#13 0x00000000008ea263 in php_mysqlnd_debug_set_mode_pub ()
#14 0x18ac670d3c77163f in ?? ()
#15 0x0000000000000000 in ?? ()
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||
Copyright © 2001-2021 The PHP GroupAll rights reserved. |
Last updated: Mon Jan 18 02:01:23 2021 UTC |
Just tested against php 7.0.28, still the same. To make it easier to reproduce, a stripped down script including table structure and testdata is provided. Tescript: <?php /* CREATE TABLE t1 ( ID BIGINT NOT NULL AUTO_INCREMENT, VAL VARCHAR(100) NOT NULL, PRIMARY KEY(ID) ) ENGINE=InnoDB CHARACTER SET utf8; CREATE TABLE t2 ( ID BIGINT NOT NULL AUTO_INCREMENT, REF_T1_ID BIGINT NOT NULL, VAL_T2 VARCHAR(100), PRIMARY KEY(ID) ) ENGINE=InnoDB CHARACTER SET utf8; INSERT INTO t1 VALUES(1,'TEST1'); INSERT INTO t1 VALUES(2,'TEST2'); INSERT INTO t2 VALUES(1,1,'REF_TEST1.1'); INSERT INTO t2 VALUES(2,1,'REF_TEST1.2'); */ $mysqli = new mysqli("localhost","siegel","siegel","siegel"); if($mysqli->connect_errno) { die("Cannot connect: ".$mysqli->connect_error); } $SQL=<<<EOM SELECT t1.ID, t1.VAL, (SELECT t2.VAL_T2 FROM t2 WHERE REF_T1_ID=t1.ID) AS VAL2 FROM t1 WHERE t1.ID=? EOM; if(!($stmt = $mysqli->prepare($SQL))) { die("PREPARE FAILED: ".$mysqli->error); } $id = 1; if(!$stmt->bind_param("i",$id)) { die("Binding failed: ".$stmt->error); } if(!$stmt->execute()) { die("Execute failed! ".$stmt->error); } Backtrace after Core Dump: Core was generated by `php mysqli_bug_75927.php'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00000000008ebce0 in mysqlnd_stmt_fetch_row_unbuffered () (gdb) bt #0 0x00000000008ebce0 in mysqlnd_stmt_fetch_row_unbuffered () #1 0x00000000008e46d4 in php_mysqlnd_res_skip_result_pub () #2 0x00000000008ea173 in php_mysqlnd_stmt_net_close_priv () #3 0x00000000008e96ce in php_mysqlnd_stmt_dtor_pub () #4 0x0000000000720b3f in mysqli_stmt_free_storage () #5 0x000000000099deaa in zend_objects_store_del () #6 0x000000000096fff1 in zend_hash_reverse_apply () #7 0x000000000094d6fd in shutdown_destructors () #8 0x000000000095e6a4 in zend_call_destructors () #9 0x00000000008f2f1d in php_request_shutdown () #10 0x0000000000a0647a in do_cli () #11 0x000000000045001b in main ()