From: mbeccati
Operating system: FreeBSD 6.2
PHP version: 5.3.2
Package: MySQL related
Bug Type: Bug
Bug description:Segmentation fault in mysql_fetch_array
Description:
------------
I've been asked to publish a Drupal based website on my 5.3.2 box, but
every page call triggers a segmentation fault. Replicated with 5.3.1 as
well.
I've been able to test an old 5.2.8 and the issue is gone.
I can't attach a reproduce code, but I will try to gather more information
in the next few days. For now I'm attaching the backtrace.
Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
0x000000008518a7c3 in zend_fetch_resource (passed_id=0x7fffffffcc50,
default_id=-1, resource_type_name=0x855c3d6f "MySQL result",
found_resource_type=0x0, num_resource_types=1) at
/root/compile/php-5.3.2-apache/Zend/zend_list.c:127
127 } else if ((*passed_id)->type != IS_RESOURCE) {
(gdb) bt full
#0 0x000000008518a7c3 in zend_fetch_resource (passed_id=0x7fffffffcc50,
default_id=-1, resource_type_name=0x855c3d6f "MySQL result",
found_resource_type=0x0, num_resource_types=1) at
/root/compile/php-5.3.2-apache/Zend/zend_list.c:127
id = -1
actual_resource_type = 0
resource = (void *) 0x10
resource_types = {{gp_offset = 5, fp_offset = 0, overflow_arg_area
= 0x861c775b, reg_save_area = 0x3000000020}}
i = -1
space = 0x85185062 "H\201Ãè"
class_name = 0x1 <Address 0x1 out of bounds>
#1 0x0000000084fabcc6 in php_mysql_fetch_hash (ht=2,
return_value=0xb04ae0, return_value_ptr=0x8518a6cf, this_ptr=0x0,
return_value_used=1, result_type=1, expected_args=2, into_object=0)
at /root/compile/php-5.3.2-apache/ext/mysql/php_mysql.c:1944
class_name = 0x7fffffffcd40 "Ãî©"
class_name_len = 32767
mysql_result = (MYSQL_RES *) 0x2
res = (zval *) 0x0
ctor_params = (zval *) 0x0
ce = (zend_class_entry *) 0x0
i = 17
mysql_field = (MYSQL_FIELD *) 0x0
mysql_row = (MYSQL_ROW) 0xa9eed0
mysql_row_lengths = (long unsigned int *) 0x1
#2 0x0000000084fac24b in zif_mysql_fetch_array (ht=-13232,
return_value=0xffffffff, return_value_ptr=0x8518a6cf, this_ptr=0x0,
return_value_used=1) at
/root/compile/php-5.3.2-apache/ext/mysql/php_mysql.c:2105
No locals.
#3 0x000000008519fa82 in zend_do_fcall_common_helper_SPEC
(execute_data=0x9cef80) at
/root/compile/php-5.3.2-apache/Zend/zend_vm_execute.h:313
i = 0
p = (zval **) 0x9cef70
arg_count = 2
opline = (zend_op *) 0xa9eed0
should_change_scope = 0 '\0'
#4 0x000000008519eea9 in execute (op_array=0xa94e00) at
/root/compile/php-5.3.2-apache/Zend/zend_vm_execute.h:104
ret = 0
execute_data = (zend_execute_data *) 0x9cef80
nested = 1 '\001'
original_in_execution = 0 '\0'
#5 0x000000008517d055 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /root/compile/php-5.3.2-apache/Zend/zend.c:1194
files = {{gp_offset = 40, fp_offset = 48, overflow_arg_area =
0x7fffffffd000, reg_save_area = 0x7fffffffcf10}}
i = 1
file_handle = (zend_file_handle *) 0x7fffffffe640
orig_op_array = (zend_op_array *) 0x0
orig_retval_ptr_ptr = (zval **) 0x0
#6 0x000000008512a7db in php_execute_script (primary_file=0x7fffffffe640)
at /root/compile/php-5.3.2-apache/main/main.c:2260
realfile = "\000\000\000\000\000\000\000\000Ã\204{\200", '\0'
<repeats 16 times>,
"ÿ\177\000\000\002\000\000\000\002\000\000\000Ã\217\233\000\000\000\000\000\v\000\000\000\000\000\000\000>\020V\200\000\000\000\000
äW\200\000\000\000\000Ããÿÿÿ\177\000\000\000\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000ÃI<\a\000\000\000\000é\rV\200\000\000\000\000(p\233\000\000\000\000\000\0006X\200\000\000\000\000¸ãÿÿÿ\177",
'\0' <repeats 11 times>, "äÿÿÿ\177\000\000{", '\0' <repeats 15 times>,
"\001\000\000\000\000\000\000\000ÃI<\a\000\000\000\000\001\fV\200\000\000\000\000\000ðW\200\000\000\000\000\000òW\200\000\000\000\000\000ôW\200"...
prepend_file_p = (zend_file_handle *) 0x0
append_file_p = (zend_file_handle *) 0x0
prepend_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0,
opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0,
isatty = 0, mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, old_handle =
0x0, old_closer = 0},
reader = 0, fsizer = 0, closer = 0}}, free_filename = 0 '\0'}
append_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0,
opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0,
isatty = 0, mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, old_handle =
0x0, old_closer = 0},
reader = 0, fsizer = 0, closer = 0}}, free_filename = 0 '\0'}
old_cwd = 0x7fffffffd010 "/array1/compile"
retval = 0
#7 0x0000000085203a20 in php_handler (r=0x9cb3a0) at
/root/compile/php-5.3.2-apache/sapi/apache2handler/sapi_apache2.c:655
zfd = {type = ZEND_HANDLE_MAPPED, filename = 0x9cc678
"/usr/local/www/vhosts/grusp.org/www/index.php", opened_path = 0x0, handle
= {fd = 7419736, fp = 0x713758, stream = {handle = 0x713758, isatty = 0,
mmap = {len = 980,
pos = 0, map = 0x0, buf = 0x80585000 <Address 0x80585000 out of
bounds>, old_handle = 0x0, old_closer = 0}, reader = 0x8513cad0
<_php_stream_read>, fsizer = 0x85128cf0 <php_zend_stream_fsizer>,
closer = 0x85128ce0 <php_zend_stream_mmap_closer>}}, free_filename =
0 '\0'}
__bailout = {{_sjb = {2233481406, 2239891776, 140737488348616,
7131832, 10269600, 0, 4500992, 4501016, 10224511, 4461031, 10270232, 0}}}
ctx = (php_struct * volatile) 0x9cca28
conf = (void *) 0x9cab88
brigade = (apr_bucket_brigade * volatile) 0x9cd770
bucket = (apr_bucket *) 0x0
rv = 0
parent_req = (request_rec * volatile) 0x0
#8 0x0000000000436c8e in ap_run_handler ()
No symbol table info available.
#9 0x00000000004372ae in ap_invoke_handler ()
No symbol table info available.
#10 0x0000000000444734 in ap_internal_redirect ()
No symbol table info available.
#11 0x0000000084c1486c in handler_redirect () from
/usr/local/libexec/apache22/mod_rewrite.so
No symbol table info available.
---Type <return> to continue, or q <return> to quit---
#12 0x0000000000436c8e in ap_run_handler ()
No symbol table info available.
#13 0x00000000004372ae in ap_invoke_handler ()
No symbol table info available.
#14 0x000000000044408c in ap_process_request ()
No symbol table info available.
#15 0x0000000000441a14 in ap_process_http_connection ()
No symbol table info available.
#16 0x000000000043dd1e in ap_run_process_connection ()
No symbol table info available.
#17 0x000000000043e0b8 in ap_process_connection ()
No symbol table info available.
#18 0x0000000000448c9e in child_main ()
No symbol table info available.
#19 0x0000000000448d8a in make_child ()
No symbol table info available.
#20 0x0000000000449266 in ap_mpm_run ()
No symbol table info available.
#21 0x0000000000423754 in main ()
No symbol table info available.
--
Edit bug report at http://bugs.php.net/bug.php?id=51248&edit=1
--
Try a snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=51248&r=trysnapshot52
Try a snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=51248&r=trysnapshot53
Try a snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=51248&r=trysnapshot60
Fixed in SVN:
http://bugs.php.net/fix.php?id=51248&r=fixed
Fixed in SVN and need be documented:
http://bugs.php.net/fix.php?id=51248&r=needdocs
Fixed in release:
http://bugs.php.net/fix.php?id=51248&r=alreadyfixed
Need backtrace:
http://bugs.php.net/fix.php?id=51248&r=needtrace
Need Reproduce Script:
http://bugs.php.net/fix.php?id=51248&r=needscript
Try newer version:
http://bugs.php.net/fix.php?id=51248&r=oldversion
Not developer issue:
http://bugs.php.net/fix.php?id=51248&r=support
Expected behavior:
http://bugs.php.net/fix.php?id=51248&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=51248&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=51248&r=submittedtwice
register_globals:
http://bugs.php.net/fix.php?id=51248&r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=51248&r=php4
Daylight Savings: http://bugs.php.net/fix.php?id=51248&r=dst
IIS Stability:
http://bugs.php.net/fix.php?id=51248&r=isapi
Install GNU Sed:
http://bugs.php.net/fix.php?id=51248&r=gnused
Floating point limitations:
http://bugs.php.net/fix.php?id=51248&r=float
No Zend Extensions:
http://bugs.php.net/fix.php?id=51248&r=nozend
MySQL Configuration Error:
http://bugs.php.net/fix.php?id=51248&r=mysqlcfg
