#47367 [NEW]: segfault when connecting while unbuffered query is running

[Sjon at react dot nl]

From:             Sjon at react dot nl
Operating system: Linux
PHP version:      5.2.9RC1
PHP Bug Type:     *General Issues
Bug description:  segfault when connecting while unbuffered query is running

Description:
------------
PHP Segfaults when establishing a second connection when an unbuffered
query is running

Since I cannot report a bug in 5.2.8; I compiled php5.2-200902120730 and
reproduced the bug with that version

$ ./configure --with-mysql=shared
$ make
$ ./sapi/cli/php -v

PHP 5.2.9RC2-dev (cli) (built: Feb 12 2009 10:52:08) 
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies

$ ./sapi/cli/php -n -d extension_dir=./modules/ -d extension=mysql.so
mysql-unbuffered-crash.php

Reproduce code:
---------------
<?PHP

$rl1 = mysql_connect('localhost','Sjon','test') or die (mysql_error());
mysql_query("DROP DATABASE IF EXISTS mysql_unbuffered_crash");
mysql_query("CREATE DATABASE mysql_unbuffered_crash");
mysql_select_db('mysql_unbuffered_crash') or die (mysql_error());
mysql_query("CREATE TABLE test (`data` VARCHAR( 256 ) NOT NULL) ENGINE =
innodb;");
mysql_query("INSERT INTO test VALUES ('asdf');");

$rs = mysql_unbuffered_query("SELECT data FROM test"); # passing $rl1 will
fix it
while ($r = mysql_fetch_assoc($rs))
{
        // Setup another connection so we don't disturb the unbuffered_query
        $rl2 = mysql_connect('localhost','Sjon','test', TRUE) or die
(mysql_error($rl2));
        mysql_select_db('mysql_unbuffered_crash', $rl2) or die
(mysql_error($rl2));

        var_dump($r);
}

echo 'SUCCESS';

Expected result:
----------------
array(1) {
  ["data"]=>
  string(4) "asdf"
}
SUCCESS

Actual result:
--------------
array(1) {
  ["data"]=>
  string(4) "asdf"
}
SUCCESS

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb7d4f6c0 (LWP 21345)]
zend_mm_add_to_free_list (heap=<value optimized out>, mm_block=0x9ee4e30)
    at /tmp/php5.2-200902120730/Zend/zend_alloc.c:747
747                                     if (ZEND_MM_FREE_BLOCK_SIZE(prev) != 
size) {
(gdb) bt
#0  zend_mm_add_to_free_list (heap=<value optimized out>,
mm_block=0x9ee4e30)
    at /tmp/php5.2-200902120730/Zend/zend_alloc.c:747
#1  0x0826790b in _zend_mm_free_int (heap=0x9e2c1e8, p=<value optimized
out>)
    at /tmp/php5.2-200902120730/Zend/zend_alloc.c:1987
#2  0x08277445 in shutdown_executor ()
    at /tmp/php5.2-200902120730/Zend/zend_execute_API.c:283
#3  0x08281aa3 in zend_deactivate ()
    at /tmp/php5.2-200902120730/Zend/zend.c:860
#4  0x08240857 in php_request_shutdown (dummy=0x0)
    at /tmp/php5.2-200902120730/main/main.c:1492
#5  0x082ecd71 in main (argc=7, argv=0xbf9c1a44)
    at /tmp/php5.2-200902120730/sapi/cli/php_cli.c:1314

-- 
Edit bug report at http://bugs.php.net/?id=47367&edit=1
-- 
Try a CVS snapshot (PHP 5.2):        
http://bugs.php.net/fix.php?id=47367&r=trysnapshot52
Try a CVS snapshot (PHP 5.3):        
http://bugs.php.net/fix.php?id=47367&r=trysnapshot53
Try a CVS snapshot (PHP 6.0):        
http://bugs.php.net/fix.php?id=47367&r=trysnapshot60
Fixed in CVS:                        
http://bugs.php.net/fix.php?id=47367&r=fixedcvs
Fixed in CVS and need be documented: 
http://bugs.php.net/fix.php?id=47367&r=needdocs
Fixed in release:                    
http://bugs.php.net/fix.php?id=47367&r=alreadyfixed
Need backtrace:                      
http://bugs.php.net/fix.php?id=47367&r=needtrace
Need Reproduce Script:               
http://bugs.php.net/fix.php?id=47367&r=needscript
Try newer version:                   
http://bugs.php.net/fix.php?id=47367&r=oldversion
Not developer issue:                 
http://bugs.php.net/fix.php?id=47367&r=support
Expected behavior:                   
http://bugs.php.net/fix.php?id=47367&r=notwrong
Not enough info:                     
http://bugs.php.net/fix.php?id=47367&r=notenoughinfo
Submitted twice:                     
http://bugs.php.net/fix.php?id=47367&r=submittedtwice
register_globals:                    
http://bugs.php.net/fix.php?id=47367&r=globals
PHP 4 support discontinued:          http://bugs.php.net/fix.php?id=47367&r=php4
Daylight Savings:                    http://bugs.php.net/fix.php?id=47367&r=dst
IIS Stability:                       
http://bugs.php.net/fix.php?id=47367&r=isapi
Install GNU Sed:                     
http://bugs.php.net/fix.php?id=47367&r=gnused
Floating point limitations:          
http://bugs.php.net/fix.php?id=47367&r=float
No Zend Extensions:                  
http://bugs.php.net/fix.php?id=47367&r=nozend
MySQL Configuration Error:           
http://bugs.php.net/fix.php?id=47367&r=mysqlcfg