Bug #51248 [Com]: Segmentation fault in mysql_fetch_array

chris at chrischarlton dot us Tue, 24 Aug 2010 11:14:58 -0700

Edit report at http://bugs.php.net/bug.php?id=51248&edit=1


 ID:                 51248
 Comment by:         chris at chrischarlton dot us
 Reported by:        mbecc...@php.net
 Summary:            Segmentation fault in mysql_fetch_array
 Status:             Feedback
 Type:               Bug
 Package:            MySQL related
 Operating System:   FreeBSD 6.2
 PHP Version:        5.3.2
 Assigned To:        mysql
 Block user comment: N

 New Comment:

Drupal 6.14 was the first 6.x to start supporting PHP 5.3, but mileage
will vary. 

It is highly recommended to run Drupal on a PHP 5.2.x server. Of course
Drupal will 

natively support PHP 5.3, there are just a few kinks being worked out.


Previous Comments:
------------------------------------------------------------------------
[2010-04-09 09:27:41] mbecc...@php.net

I've been able to test the drush script with a newly compiled 5.3.2 w/
mysqlnd and it appears that the segmentation fault is gone. Is there any
way I can trace what happens with libmysql?



i.e.



libmysql:

$ /usr/local/bin/php ~/bin/drush/drush.php dis twitter

The following projects will be disabled: twitter

Do you really want to continue? (y/n): y

Segmentation fault: 11 (core dumped)



mysqlnd:

$ /array1/compile/php-5.3.2-apache/sapi/cli/php -d
mysqlnd.debug="t:o,/tmp/mysqlnd.trace" ~/bin/drush/drush.php dis
twitter

The following projects will be disabled: twitter

Do you really want to continue? (y/n): y

twitter was disabled successfully.                                  
[ok]

------------------------------------------------------------------------
[2010-04-08 16:57:29] mbecc...@php.net

I've been using libmysql, but IIRC I've also tried mysqlnd and had the
same result. As soon as I have time, I'll try to make a test build with
mysqlnd and generate the trace file.

------------------------------------------------------------------------
[2010-04-08 16:50:54] and...@php.net

Do you use libmysql or mysqlnd as the underlying library? if mysqlnd
then can you try a debug build and put into your php.ini :
mysqlnd.debug="t:o,/tmp/mysqlnd.trace" . Then please mail me the trace
file because it won't be small.

Thanks!



Andrey

------------------------------------------------------------------------
[2010-03-29 21:03:43] mgarrison at alienz dot net

I'm also able to reproduce this but with custom code, replicated with
5.3.2 and 

php5.3-201003291630 on a CentOS 4.8 box. Doesn't happen in php 5.2.12.



(gdb) bt

#0  0x00007fdcc37cdac3 in zend_fetch_resource (passed_id=0x7fffd484e6a0,


default_id=-1, resource_type_name=0x7fdcc3a8ce08 "MySQL result", 

found_resource_type=0x0, num_resource_types=1)

    at /usr/src/php-5.3.2/Zend/zend_list.c:127

#1  0x00007fdcc3651846 in php_mysql_fetch_hash (ht=2, 

return_value=0x7fdcbf0e2970, return_value_ptr=Variable
"return_value_ptr" is not 

available.

) at /usr/src/php-5.3.2/ext/mysql/php_mysql.c:1944

#2  0x00007fdcc3651dcb in zif_mysql_fetch_array (ht=-729487712, 

return_value=0xffffffff, return_value_ptr=0x7fdcc37cd9cf, this_ptr=0x0,


return_value_used=1)

    at /usr/src/php-5.3.2/ext/mysql/php_mysql.c:2105

#3  0x00007fdcc37e2c62 in zend_do_fcall_common_helper_SPEC 

(execute_data=0x7fdcc2b34310) at
/usr/src/php-5.3.2/Zend/zend_vm_execute.h:313

#4  0x00007fdcc37e2089 in execute (op_array=0x7fdcbf4841c8) at
/usr/src/php-

5.3.2/Zend/zend_vm_execute.h:104

#5  0x00007fdcc37c0345 in zend_execute_scripts (type=8, retval=0x0, 

file_count=3) at /usr/src/php-5.3.2/Zend/zend.c:1194

#6  0x00007fdcc376e67d in php_execute_script
(primary_file=0x7fffd4850da0) at 

/usr/src/php-5.3.2/main/main.c:2260

#7  0x00007fdcc3845d12 in apache_php_module_main (r=Variable "r" is not


available.

) at /usr/src/php-5.3.2/sapi/apache/sapi_apache.c:53

#8  0x00007fdcc38468ce in send_php (r=0xcec3d0, display_source_mode=0, 

filename=0x0) at /usr/src/php-5.3.2/sapi/apache/mod_php5.c:682

#9  0x00007fdcc3846ac3 in send_parsed_php (r=0x7fffd484e6a0) at
/usr/src/php-

5.3.2/sapi/apache/mod_php5.c:697

#10 0x00000000004428e4 in ap_invoke_handler ()

#11 0x000000000045a74e in process_request_internal ()

#12 0x000000000045ac19 in ap_internal_redirect ()

#13 0x00007fdcc3ee7f7c in mod_gzip_redir1_handler () from 

/var/www/libexec/mod_gzip.so

#14 0x00007fdcc3ee61eb in mod_gzip_handler () from
/var/www/libexec/mod_gzip.so

#15 0x00000000004428e4 in ap_invoke_handler ()

#16 0x000000000045a74e in process_request_internal ()

#17 0x000000000045a7a3 in ap_process_request ()

#18 0x0000000000450a06 in child_main ()

#19 0x0000000000450cf1 in make_child ()

#20 0x000000000045109e in perform_idle_server_maintenance ()

#21 0x00000000004516c3 in standalone_main ()

#22 0x0000000000451cb7 in main ()

------------------------------------------------------------------------
[2010-03-09 20:20:13] mbecc...@php.net

Description:
------------
I've been asked to publish a Drupal based website on my 5.3.2 box, but
every page call triggers a segmentation fault. Replicated with 5.3.1 as
well.



I've been able to test an old 5.2.8 and the issue is gone.



I can't attach a reproduce code, but I will try to gather more
information in the next few days. For now I'm attaching the backtrace.

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.

0x000000008518a7c3 in zend_fetch_resource (passed_id=0x7fffffffcc50,
default_id=-1, resource_type_name=0x855c3d6f "MySQL result",
found_resource_type=0x0, num_resource_types=1) at
/root/compile/php-5.3.2-apache/Zend/zend_list.c:127

127                   } else if ((*passed_id)->type != IS_RESOURCE) {

(gdb) bt full

#0  0x000000008518a7c3 in zend_fetch_resource (passed_id=0x7fffffffcc50,
default_id=-1, resource_type_name=0x855c3d6f "MySQL result",
found_resource_type=0x0, num_resource_types=1) at
/root/compile/php-5.3.2-apache/Zend/zend_list.c:127

        id = -1

        actual_resource_type = 0

        resource = (void *) 0x10

        resource_types = {{gp_offset = 5, fp_offset = 0,
overflow_arg_area = 0x861c775b, reg_save_area = 0x3000000020}}

        i = -1

        space = 0x85185062 "H\201ÃÃ¨"

        class_name = 0x1 <Address 0x1 out of bounds>

#1  0x0000000084fabcc6 in php_mysql_fetch_hash (ht=2,
return_value=0xb04ae0, return_value_ptr=0x8518a6cf, this_ptr=0x0,
return_value_used=1, result_type=1, expected_args=2, into_object=0)

    at /root/compile/php-5.3.2-apache/ext/mysql/php_mysql.c:1944

        class_name = 0x7fffffffcd40 "ÃÃ®Â©"

        class_name_len = 32767

        mysql_result = (MYSQL_RES *) 0x2

        res = (zval *) 0x0

        ctor_params = (zval *) 0x0

        ce = (zend_class_entry *) 0x0

        i = 17

        mysql_field = (MYSQL_FIELD *) 0x0

        mysql_row = (MYSQL_ROW) 0xa9eed0

        mysql_row_lengths = (long unsigned int *) 0x1

#2  0x0000000084fac24b in zif_mysql_fetch_array (ht=-13232,
return_value=0xffffffff, return_value_ptr=0x8518a6cf, this_ptr=0x0,
return_value_used=1) at
/root/compile/php-5.3.2-apache/ext/mysql/php_mysql.c:2105

No locals.

#3  0x000000008519fa82 in zend_do_fcall_common_helper_SPEC
(execute_data=0x9cef80) at
/root/compile/php-5.3.2-apache/Zend/zend_vm_execute.h:313

        i = 0

        p = (zval **) 0x9cef70

        arg_count = 2

        opline = (zend_op *) 0xa9eed0

        should_change_scope = 0 '\0'

#4  0x000000008519eea9 in execute (op_array=0xa94e00) at
/root/compile/php-5.3.2-apache/Zend/zend_vm_execute.h:104

        ret = 0

        execute_data = (zend_execute_data *) 0x9cef80

        nested = 1 '\001'

        original_in_execution = 0 '\0'

#5  0x000000008517d055 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /root/compile/php-5.3.2-apache/Zend/zend.c:1194

        files = {{gp_offset = 40, fp_offset = 48, overflow_arg_area =
0x7fffffffd000, reg_save_area = 0x7fffffffcf10}}

        i = 1

        file_handle = (zend_file_handle *) 0x7fffffffe640

        orig_op_array = (zend_op_array *) 0x0

        orig_retval_ptr_ptr = (zval **) 0x0

#6  0x000000008512a7db in php_execute_script
(primary_file=0x7fffffffe640) at
/root/compile/php-5.3.2-apache/main/main.c:2260

        realfile = "\000\000\000\000\000\000\000\000Ã\204{\200", '\0'
<repeats 16 times>,
"Ã¿\177\000\000\002\000\000\000\002\000\000\000Ã\217\233\000\000\000\000\000\v\000\000\000\000\000\000\000>\020V\200\000\000\000\000
Ã¤W\200\000\000\000\000ÃÃ£Ã¿Ã¿Ã¿\177\000\000\000\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000ÃI<\a\000\000\000\000Ã©\rV\200\000\000\000\000(p\233\000\000\000\000\000\0006X\200\000\000\000\000Â¸Ã£Ã¿Ã¿Ã¿\177",
'\0' <repeats 11 times>, "Ã¤Ã¿Ã¿Ã¿\177\000\000{", '\0' <repeats 15
times>,
"\001\000\000\000\000\000\000\000ÃI<\a\000\000\000\000\001\fV\200\000\000\000\000\000Ã°W\200\000\000\000\000\000Ã²W\200\000\000\000\000\000Ã´W\200"...

        prepend_file_p = (zend_file_handle *) 0x0

        append_file_p = (zend_file_handle *) 0x0

        prepend_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0,
opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0,
isatty = 0, mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, old_handle =
0x0, old_closer = 0},

      reader = 0, fsizer = 0, closer = 0}}, free_filename = 0 '\0'}

        append_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0,
opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0,
isatty = 0, mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, old_handle =
0x0, old_closer = 0},

      reader = 0, fsizer = 0, closer = 0}}, free_filename = 0 '\0'}

        old_cwd = 0x7fffffffd010 "/array1/compile"

        retval = 0

#7  0x0000000085203a20 in php_handler (r=0x9cb3a0) at
/root/compile/php-5.3.2-apache/sapi/apache2handler/sapi_apache2.c:655

        zfd = {type = ZEND_HANDLE_MAPPED, filename = 0x9cc678
"/usr/local/www/vhosts/grusp.org/www/index.php", opened_path = 0x0,
handle = {fd = 7419736, fp = 0x713758, stream = {handle = 0x713758,
isatty = 0, mmap = {len = 980,

        pos = 0, map = 0x0, buf = 0x80585000 <Address 0x80585000 out of
bounds>, old_handle = 0x0, old_closer = 0}, reader = 0x8513cad0
<_php_stream_read>, fsizer = 0x85128cf0 <php_zend_stream_fsizer>,

      closer = 0x85128ce0 <php_zend_stream_mmap_closer>}}, free_filename
= 0 '\0'}

        __bailout = {{_sjb = {2233481406, 2239891776, 140737488348616,
7131832, 10269600, 0, 4500992, 4501016, 10224511, 4461031, 10270232,
0}}}

        ctx = (php_struct * volatile) 0x9cca28

        conf = (void *) 0x9cab88

        brigade = (apr_bucket_brigade * volatile) 0x9cd770

        bucket = (apr_bucket *) 0x0

        rv = 0

        parent_req = (request_rec * volatile) 0x0

#8  0x0000000000436c8e in ap_run_handler ()

No symbol table info available.

#9  0x00000000004372ae in ap_invoke_handler ()

No symbol table info available.

#10 0x0000000000444734 in ap_internal_redirect ()

No symbol table info available.

#11 0x0000000084c1486c in handler_redirect () from
/usr/local/libexec/apache22/mod_rewrite.so

No symbol table info available.

---Type <return> to continue, or q <return> to quit---

#12 0x0000000000436c8e in ap_run_handler ()

No symbol table info available.

#13 0x00000000004372ae in ap_invoke_handler ()

No symbol table info available.

#14 0x000000000044408c in ap_process_request ()

No symbol table info available.

#15 0x0000000000441a14 in ap_process_http_connection ()

No symbol table info available.

#16 0x000000000043dd1e in ap_run_process_connection ()

No symbol table info available.

#17 0x000000000043e0b8 in ap_process_connection ()

No symbol table info available.

#18 0x0000000000448c9e in child_main ()

No symbol table info available.

#19 0x0000000000448d8a in make_child ()

No symbol table info available.

#20 0x0000000000449266 in ap_mpm_run ()

No symbol table info available.

#21 0x0000000000423754 in main ()

No symbol table info available.




------------------------------------------------------------------------



-- 
Edit this bug report at http://bugs.php.net/bug.php?id=51248&edit=1

Bug #51248 [Com]: Segmentation fault in mysql_fetch_array

Reply via email to