From: wcshields at gmail dot com
Operating system: Ubuntu 8.04 LTS x86 32 bit
PHP version: 5.2.8
PHP Bug Type: Reproducible crash
Bug description: Mysqli predictably crashes (segmentation fault) on LONGTEXT
columns
Description:
------------
Mysqli restores garbage from longtext columns in mysql 5.0.51a connected
over TCP (also happens with Unix domain sockets) and, after a random number
of rows, seg faults. The number of rows is unpredictable but consistent.
If you find something that crashes after 11 rows, it will crash after 11
rows every time. Change the order by clause and it might crash every time
after 3 rows.
As per bugs #44867 and several others I've found, people have been
reporting this issue since as early as 2005 and it still hasn't been
addressed. Can someone PLEASE actually look into it?
Reproduce code:
---------------
<?
$conn = new mysqli('localhost', 'user', 'password', 'db');
$stmt = $conn->prepare("SELECT name, longtext1 FROM sampletable");
$stmt->execute();
$stmt->bind_result($name, $value);
$count = 1;
while ($stmt->fetch()) {
$size = sizeof($value);
echo "$name $size\n";
$count++;
}
$stmt->close();
?>
Expected result:
----------------
To retrieve the exact contents of all longtext values without crashing.
Actual result:
--------------
Segmentation fault.
$ gdb php core
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show
copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...
warning: Can't read pathname for load map: Input/output error.
Reading symbols from /lib/tls/i686/cmov/libcrypt.so.1...done.
Loaded symbols for /lib/tls/i686/cmov/libcrypt.so.1
Reading symbols from /lib/tls/i686/cmov/librt.so.1...done.
Loaded symbols for /lib/tls/i686/cmov/librt.so.1
Reading symbols from /lib/tls/i686/cmov/libresolv.so.2...done.
Loaded symbols for /lib/tls/i686/cmov/libresolv.so.2
Reading symbols from /lib/tls/i686/cmov/libdl.so.2...done.
Loaded symbols for /lib/tls/i686/cmov/libdl.so.2
Reading symbols from /usr/lib/libmysqlclient.so.15...done.
Loaded symbols for /usr/lib/libmysqlclient.so.15
Reading symbols from /lib/tls/i686/cmov/libpthread.so.0...done.
Loaded symbols for /lib/tls/i686/cmov/libpthread.so.0
Reading symbols from /lib/tls/i686/cmov/libnsl.so.1...done.
Loaded symbols for /lib/tls/i686/cmov/libnsl.so.1
Reading symbols from /lib/tls/i686/cmov/libm.so.6...done.
Loaded symbols for /lib/tls/i686/cmov/libm.so.6
Reading symbols from /usr/lib/libz.so.1...done.
Loaded symbols for /usr/lib/libz.so.1
Reading symbols from /usr/lib/libxml2.so.2...done.
Loaded symbols for /usr/lib/libxml2.so.2
Reading symbols from /lib/tls/i686/cmov/libc.so.6...done.
Loaded symbols for /lib/tls/i686/cmov/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/tls/i686/cmov/libnss_files.so.2...done.
Loaded symbols for /lib/tls/i686/cmov/libnss_files.so.2
Core was generated by `./php'.
Program terminated with signal 11, Segmentation fault.
[New process 5006]
#0 0x08130eda in zif_mysqli_stmt_fetch (ht=0, return_value=0x856e20c,
return_value_ptr=0x0, this_ptr=0x856e0b8, return_value_used=1)
at /home/wshields/php-5.2.8/ext/mysqli/mysqli_api.c:665
665 if (Z_TYPE_P(stmt->result.vars[i]) ==
IS_STRING) {
(gdb) bt
#0 0x08130eda in zif_mysqli_stmt_fetch (ht=0, return_value=0x856e20c,
return_value_ptr=0x0, this_ptr=0x856e0b8, return_value_used=1)
at /home/wshields/php-5.2.8/ext/mysqli/mysqli_api.c:665
#1 0x083515e5 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfb073e4)
at /home/wshields/php-5.2.8/Zend/zend_vm_execute.h:200
#2 0x08352239 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0xbfb073e4)
at /home/wshields/php-5.2.8/Zend/zend_vm_execute.h:322
#3 0x08351138 in execute (op_array=0x856d144)
at /home/wshields/php-5.2.8/Zend/zend_vm_execute.h:92
#4 0x0832c76c in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at /home/wshields/php-5.2.8/Zend/zend.c:1134
#5 0x082d91d9 in php_execute_script (primary_file=0xbfb0972c)
at /home/wshields/php-5.2.8/main/main.c:2023
#6 0x083a8de5 in main (argc=1, argv=0xbfb09884)
at /home/wshields/php-5.2.8/sapi/cli/php_cli.c:1133
--
Edit bug report at http://bugs.php.net/?id=46808&edit=1
--
Try a CVS snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=46808&r=trysnapshot52
Try a CVS snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=46808&r=trysnapshot53
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=46808&r=trysnapshot60
Fixed in CVS:
http://bugs.php.net/fix.php?id=46808&r=fixedcvs
Fixed in CVS and need be documented:
http://bugs.php.net/fix.php?id=46808&r=needdocs
Fixed in release:
http://bugs.php.net/fix.php?id=46808&r=alreadyfixed
Need backtrace:
http://bugs.php.net/fix.php?id=46808&r=needtrace
Need Reproduce Script:
http://bugs.php.net/fix.php?id=46808&r=needscript
Try newer version:
http://bugs.php.net/fix.php?id=46808&r=oldversion
Not developer issue:
http://bugs.php.net/fix.php?id=46808&r=support
Expected behavior:
http://bugs.php.net/fix.php?id=46808&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=46808&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=46808&r=submittedtwice
register_globals:
http://bugs.php.net/fix.php?id=46808&r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=46808&r=php4
Daylight Savings: http://bugs.php.net/fix.php?id=46808&r=dst
IIS Stability:
http://bugs.php.net/fix.php?id=46808&r=isapi
Install GNU Sed:
http://bugs.php.net/fix.php?id=46808&r=gnused
Floating point limitations:
http://bugs.php.net/fix.php?id=46808&r=float
No Zend Extensions:
http://bugs.php.net/fix.php?id=46808&r=nozend
MySQL Configuration Error:
http://bugs.php.net/fix.php?id=46808&r=mysqlcfg
