From: david dot danier at team23 dot de
Operating system: Gentoo Linux 1.4
PHP version: 5CVS-2004-03-15 (dev)
PHP Bug Type: Reproducible crash
Bug description: mysql_free_result causes segfault with invalid result and
exceptionerrorhandler
Description:
------------
We have a class that catches the result of mysql_query (this here in the
example is minimal). In the __descruct()-method it should do an
mysql_free_result(). The errorhandler
throws an exception. Now, if we do an INSERT the
mysql_free_result()-function gives an error (it MUST give an error,
because mysql_query() gives us no valid result if we use INSERT), this
error is passed to error() whith should throw an exception. But it creates
a segmentation fault. :-(
Other exceptions thrown by the error()-function are working perfectly.
SELECT-statements are working. (like they should do)
PHP-Version:
CVS 2004-03-07
(reproduced with CVS 2004-03-15)
Configured with (taken from the PHP4-ebuild, but modified):
./configure --prefix=/usr --host=i686-pc-linux-gnu --mandir=/usr/share/man
--infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc
--localstatedir=/var/lib --with-apxs2=/usr/sbin/apxs2 --with-ndbm=/usr
--with-db4=/usr --with-mcrypt=/usr --with-mhash=/usr --without-interbase
--without-ming --without-swf --without-sybase --with-gdbm=/usr
--with-java=/opt/blackdown-jdk-1.4.1 --without-mcal --without-unixODBC
--without-pgsql --without-snmp --with-xpm-dir=/usr/X11R6
--with-pdflib=/usr --with-gd --enable-gd-native-ttf --with-png=/usr
--with-png-dir=/usr --with-jpeg=/usr --with-jpeg-dir=/usr --enable-exif
--with-tiff=/usr --with-tiff-dir=/usr --with-mysql=/usr
--with-mysql-sock=/var/run/mysqld/mysqld.sock --with-freetype-dir=/usr
--with-ttf=/usr --with-t1lib=/usr --with-gettext --with-qtdom=/usr/qt/3
--with-pspell=/usr --with-openssl=/usr --with-imap=/usr --without-ldap
--with-dom=/usr --with-dom-xslt=/usr --with-dom-exslt=/usr
--without-kerberos --with-pam --disable-memory-limit --disable-ipv6
--without-yaz --without-curl --enable-dbx --with-imap-ssl --with-zlib=/usr
--with-zlib-dir=/usr --with-sablot=/usr --enable-xslt --with-xslt-sablot
--with-xmlrpc --enable-wddx --with-xml --enable-mbstring=all
--enable-mbregex --with-bz2=/usr --with-crack=/usr --with-cdb
--enable-pcntl --enable-bcmath --enable-calendar --enable-dbase
--enable-filepro --enable-ftp --with-mime-magic --enable-sockets
--enable-sysvsem --enable-sysvshm --enable-sysvipc --with-iconv
--enable-shmop --enable-dio --enable-yp --without-ncurses
--without-readline --enable-inline-optimization --enable-track-vars
--enable-trans-sid --enable-versioning
--with-config-file-path=/etc/php/apache2-php5
php.ini:
not changed
Reproduce code:
---------------
<?php
class result
{
var $result;
public function __construct($result)
{
if (!$result)
{
die(mysql_error());
}
echo 'GO ';
$this->result = $result;
}
public function __destruct()
{
echo 'OK ';
mysql_free_result($this->result);
}
}
function error($errno, $errstr, $errfile, $errline)
{
throw new Exception();
}
set_error_handler('error', E_ALL);
$db = mysql_connect('localhost', 'default');
mysql_select_db('test', $db);
echo '1 '; // only to get the position the error happens
$test = new result(mysql_query('INSERT INTO blafasl SET text="segfault!"',
$db));
echo '2 ';
unset($test); // if we don't unset $test PHP gives an exception error
echo '3 ';
?>
Expected result:
----------------
Errormessage about uncought exception.....
Actual result:
--------------
(gdb) bt
#0 0x082814dc in _zval_ptr_dtor (zval_ptr=0xbfffd40c)
at /home/goliath/downloads/php/php-src/Zend/zend_execute_API.c:356
#1 0x0828c148 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at /home/goliath/downloads/php/php-src/Zend/zend.c:1082
#2 0x08252b5f in php_execute_script (primary_file=0xbffff760)
at /home/goliath/downloads/php/php-src/main/main.c:1655
#3 0x082b728c in main (argc=2, argv=0xbffff7e4)
at /home/goliath/downloads/php/php-src/sapi/cli/php_cli.c:943
--
Edit bug report at http://bugs.php.net/?id=27608&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=27608&r=trysnapshot4
Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=27608&r=trysnapshot5
Fixed in CVS: http://bugs.php.net/fix.php?id=27608&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=27608&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=27608&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=27608&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=27608&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=27608&r=support
Expected behavior: http://bugs.php.net/fix.php?id=27608&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=27608&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=27608&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=27608&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=27608&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=27608&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=27608&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=27608&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=27608&r=float
