PHP :: Bug #81539 :: Segmentation fault in pdo

Bug #81539	Segmentation fault in pdo_mysql
Submitted:	2021-10-18 19:13 UTC	Modified:	2021-10-19 08:44 UTC
From:	mira at mirawaneko dot net	Assigned:
Status:	Open	Package:	PDO MySQL
PHP Version:	8.0.11	OS:	Debian 10 (Buster)
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	mira at mirawaneko dot net
New email:
PHP Version:		OS:

New/Additional Comment:

[2021-10-18 19:13 UTC] mira at mirawaneko dot net

Description:
------------
PHP installed via Sury
Version 8.0.11

I haven't been able to pinpoint the cause of the issue, therefore no test script, I am simply posting it here in hopes that the cause may be found.

It happened continuously randomly on requests.
This only happens on my live server and haven't been able to replicate it locally so I only have debug symbols on pdo_mysql.

I have downgraded the website to run on PHP 7.4.24 a few days ago and haven't been able to replicate the issue since.

------------------------------------------------------------
dmesg:

php-fpm8.0[29878]: segfault at 4 ip 00007f3c42776ee3 sp 00007fff18c9fd70 error 4 in pdo_mysql.so[7f3c42774000+4000]

------------------------------------------------------------
gdb:

Program terminated with signal SIGSEGV, Segmentation fault.
#0  zend_string_copy (s=0x0) at ./Zend/zend_types.h:628
628     ./Zend/zend_types.h: No such file or directory.
(gdb) bt
#0  zend_string_copy (s=0x0) at ./Zend/zend_types.h:628
#1  pdo_mysql_stmt_describe (stmt=0x7f3c45a69980, colno=<optimized out>) at ./ext/pdo_mysql/mysql_statement.c:637
#2  0x00007f3c45c1d5c5 in pdo_stmt_describe_columns (stmt=stmt@entry=0x7f3c45a69980) at ./ext/pdo/pdo_stmt.c:135
#3  0x00007f3c45c1da96 in zim_PDOStatement_execute (execute_data=<optimized out>, return_value=0x7fff18c9fee0) at ./ext/pdo/pdo_stmt.c:473
#4  0x000055da99d14a44 in ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER () at ./Zend/zend_vm_execute.h:1755
#5  execute_ex (ex=0x7f3c45a69980) at ./Zend/zend_vm_execute.h:54180
#6  0x000055da99d1646c in zend_execute (op_array=0x7f3c45a6e000, return_value=0x0) at ./Zend/zend_vm_execute.h:58499
#7  0x000055da99cad44d in zend_execute_scripts (type=1168200976, type@entry=8, retval=retval@entry=0x0, file_count=file_count@entry=3) at ./Zend/zend.c:1680
#8  0x000055da99c4a15b in php_execute_script (primary_file=<optimized out>) at ./main/main.c:2524
#9  0x000055da99b02fa9 in main (argc=<optimized out>, argv=<optimized out>) at ./sapi/fpm/fpm/fpm_main.c:1914

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2021-10-19 08:44 UTC] nikic@php.net

Based on the stack trace sname from the field metadata is NULL, but I don't immediately see how that could happen.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2021 The PHP Group All rights reserved.	Last updated: Sun Dec 05 08:03:35 2021 UTC