[PHP-BUG] Bug #61079 [NEW]: mysqli crashes when var_dump'ed while not connected

[der...@php.net]

From:             
Operating system: Linux
PHP version:      5.3SVN-2012-02-13 (SVN)
Package:          MySQLi related
Bug Type:         Bug
Bug description:mysqli crashes when var_dump'ed while not connected

Description:
------------
This creates a segfault:

export USE_ZEND_ALLOC=0

php -n -r '$c = mysqli_init(); var_dump($c);'

Backtrace:

0x00007ffff6b0303e in mysql_stat () from /usr/lib/libmysqlclient.so.16
(gdb) bt
#0  0x00007ffff6b0303e in mysql_stat () from /usr/lib/libmysqlclient.so.16
#1  0x00000000006a78a4 in link_stat_read (obj=0x148fc80,
retval=0x7fffffffda98) at
/home/derick/dev/php/php-src/branches/PHP_5_3/ext/mysqli/mysqli_prop.c:226
#2  0x000000000069567c in mysqli_read_property (object=0x148cf30,
member=0x7fffffffdb30, type=3) at
/home/derick/dev/php/php-src/branches/PHP_5_3/ext/mysqli/mysqli.c:339
#3  0x0000000000695be6 in mysqli_object_get_debug_info (object=0x148cf30,
is_temp=0x7fffffffdbc0) at
/home/derick/dev/php/php-src/branches/PHP_5_3/ext/mysqli/mysqli.c:468
#4  0x000000000088f895 in php_var_dump (struc=0x7ffff7ea6148, level=1) at
/home/derick/dev/php/php-src/branches/PHP_5_3/ext/standard/var.c:129
#5  0x000000000088fc32 in zif_var_dump (ht=1, return_value=0x148fcb0,
return_value_ptr=0x0, this_ptr=0x0, return_value_used=0)
    at
/home/derick/dev/php/php-src/branches/PHP_5_3/ext/standard/var.c:181
#6  0x000000000099a026 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7ffff7ea6030) at
/home/derick/dev/php/php-src/branches/PHP_5_3/Zend/zend_vm_execute.h:320
#7  0x000000000099e4cf in ZEND_DO_FCALL_SPEC_CONST_HANDLER
(execute_data=0x7ffff7ea6030) at
/home/derick/dev/php/php-src/branches/PHP_5_3/Zend/zend_vm_execute.h:1640
#8  0x00000000009994ff in execute (op_array=0x148d8c0) at
/home/derick/dev/php/php-src/branches/PHP_5_3/Zend/zend_vm_execute.h:107
#9  0x0000000000956e22 in zend_eval_stringl (str=0x7fffffffe643 "$c =
mysqli_init(); var_dump($c);", str_len=33, retval_ptr=0x0,
string_name=0xf62b34 "Command line code")
    at
/home/derick/dev/php/php-src/branches/PHP_5_3/Zend/zend_execute_API.c:1198
#10 0x0000000000957060 in zend_eval_stringl_ex (str=0x7fffffffe643 "$c =
mysqli_init(); var_dump($c);", str_len=33, retval_ptr=0x0,
string_name=0xf62b34 "Command line code", 
    handle_exceptions=1) at
/home/derick/dev/php/php-src/branches/PHP_5_3/Zend/zend_execute_API.c:1240
#11 0x00000000009570ef in zend_eval_string_ex (str=0x7fffffffe643 "$c =
mysqli_init(); var_dump($c);", retval_ptr=0x0, string_name=0xf62b34
"Command line code", 
    handle_exceptions=1) at
/home/derick/dev/php/php-src/branches/PHP_5_3/Zend/zend_execute_API.c:1251
#12 0x0000000000a48018 in main (argc=4, argv=0x7fffffffe358) at
/home/derick/dev/php/php-src/branches/PHP_5_3/sapi/cli/php_cli.c:1223

Valgrind tracE:

derick@whisky:~/dev/php/xdebug$ valgrind php -n -r '$c = mysqli_init();
var_dump($c);'
==26602== Memcheck, a memory error detector
==26602== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==26602== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright
info
==26602== Command: php -n -r $c\ =\ mysqli_init();\ var_dump($c);
==26602== 

Warning: var_dump(): Property access is not allowed yet in Command line
code on line 1

Warning: var_dump(): Property access is not allowed yet in Command line
code on line 1

Warning: var_dump(): Property access is not allowed yet in Command line
code on line 1

Warning: var_dump(): Property access is not allowed yet in Command line
code on line 1

Warning: var_dump(): Property access is not allowed yet in Command line
code on line 1

Warning: var_dump(): Property access is not allowed yet in Command line
code on line 1

Warning: var_dump(): Property access is not allowed yet in Command line
code on line 1
==26602== Invalid read of size 8
==26602==    at 0x5DA603E: mysql_stat (in
/usr/lib/libmysqlclient.so.16.0.0)
==26602==    by 0x6A78A3: link_stat_read (mysqli_prop.c:226)
==26602==    by 0x69567B: mysqli_read_property (mysqli.c:339)
==26602==    by 0x695BE5: mysqli_object_get_debug_info (mysqli.c:468)
==26602==    by 0x88F894: php_var_dump (var.c:129)
==26602==    by 0x88FC31: zif_var_dump (var.c:181)
==26602==    by 0x99A025: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:320)
==26602==    by 0x99E4CE: ZEND_DO_FCALL_SPEC_CONST_HANDLER
(zend_vm_execute.h:1640)
==26602==    by 0x9994FE: execute (zend_vm_execute.h:107)
==26602==    by 0x956E21: zend_eval_stringl (zend_execute_API.c:1198)
==26602==    by 0x95705F: zend_eval_stringl_ex (zend_execute_API.c:1240)
==26602==    by 0x9570EE: zend_eval_string_ex (zend_execute_API.c:1251)
==26602==  Address 0x8 is not stack'd, malloc'd or (recently) free'd
==26602== 
==26602== 
==26602== Process terminating with default action of signal 11 (SIGSEGV)
==26602==  Access not within mapped region at address 0x8
==26602==    at 0x5DA603E: mysql_stat (in
/usr/lib/libmysqlclient.so.16.0.0)
==26602==    by 0x6A78A3: link_stat_read (mysqli_prop.c:226)
==26602==    by 0x69567B: mysqli_read_property (mysqli.c:339)
==26602==    by 0x695BE5: mysqli_object_get_debug_info (mysqli.c:468)
==26602==    by 0x88F894: php_var_dump (var.c:129)
==26602==    by 0x88FC31: zif_var_dump (var.c:181)
==26602==    by 0x99A025: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:320)
==26602==    by 0x99E4CE: ZEND_DO_FCALL_SPEC_CONST_HANDLER
(zend_vm_execute.h:1640)
==26602==    by 0x9994FE: execute (zend_vm_execute.h:107)
==26602==    by 0x956E21: zend_eval_stringl (zend_execute_API.c:1198)
==26602==    by 0x95705F: zend_eval_stringl_ex (zend_execute_API.c:1240)
==26602==    by 0x9570EE: zend_eval_string_ex (zend_execute_API.c:1251)


Test script:
---------------
$c = mysqli_init(); var_dump($c);

Expected result:
----------------
No crash


-- 
Edit bug report at https://bugs.php.net/bug.php?id=61079&edit=1
-- 
Try a snapshot (PHP 5.4):            
https://bugs.php.net/fix.php?id=61079&r=trysnapshot54
Try a snapshot (PHP 5.3):            
https://bugs.php.net/fix.php?id=61079&r=trysnapshot53
Try a snapshot (trunk):              
https://bugs.php.net/fix.php?id=61079&r=trysnapshottrunk
Fixed in SVN:                        
https://bugs.php.net/fix.php?id=61079&r=fixed
Fixed in SVN and need be documented: 
https://bugs.php.net/fix.php?id=61079&r=needdocs
Fixed in release:                    
https://bugs.php.net/fix.php?id=61079&r=alreadyfixed
Need backtrace:                      
https://bugs.php.net/fix.php?id=61079&r=needtrace
Need Reproduce Script:               
https://bugs.php.net/fix.php?id=61079&r=needscript
Try newer version:                   
https://bugs.php.net/fix.php?id=61079&r=oldversion
Not developer issue:                 
https://bugs.php.net/fix.php?id=61079&r=support
Expected behavior:                   
https://bugs.php.net/fix.php?id=61079&r=notwrong
Not enough info:                     
https://bugs.php.net/fix.php?id=61079&r=notenoughinfo
Submitted twice:                     
https://bugs.php.net/fix.php?id=61079&r=submittedtwice
register_globals:                    
https://bugs.php.net/fix.php?id=61079&r=globals
PHP 4 support discontinued:          
https://bugs.php.net/fix.php?id=61079&r=php4
Daylight Savings:                    https://bugs.php.net/fix.php?id=61079&r=dst
IIS Stability:                       
https://bugs.php.net/fix.php?id=61079&r=isapi
Install GNU Sed:                     
https://bugs.php.net/fix.php?id=61079&r=gnused
Floating point limitations:          
https://bugs.php.net/fix.php?id=61079&r=float
No Zend Extensions:                  
https://bugs.php.net/fix.php?id=61079&r=nozend
MySQL Configuration Error:           
https://bugs.php.net/fix.php?id=61079&r=mysqlcfg