ID: 29252
User updated by: clemens at gutweiler dot net
Reported By: clemens at gutweiler dot net
-Status: Feedback
+Status: Open
Bug Type: Reproducible crash
Operating System: Linux 2.4.19-xfs
PHP Version: 4.3.8
New Comment:
<?php
mysql_connect('localhost','username','password');
mysql_select_db('test');
mysql_query('CREATE TABLE segfault (col VARCHAR(100) NOT
NULL)');
mysql_query('INSERT INTO segfault (col) VALUES ("fooo")');
$q = 'SELECT * FROM segfault';
if($r=mysql_query($q)) {
// crash..
var_dump(mysql_fetch_field($r));
}
?>
Previous Comments:
------------------------------------------------------------------------
[2004-07-20 02:45:18] [EMAIL PROTECTED]
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves.
A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external
resources such as databases, etc.
If possible, make the script source available online and provide
an URL to it here. Try avoid embedding huge scripts into the report.
------------------------------------------------------------------------
[2004-07-19 09:45:11] clemens at gutweiler dot net
Description:
------------
Segfault of php-cli and apache-sapi (apxs).
Reproduce code:
---------------
could not extract the reproduce code
Expected result:
----------------
no segfault
Actual result:
--------------
(gdb) run index.php
Starting program: /usr/local/bin/php index.php
[Thread debugging using libthread_db enabled]
[New Thread 16384 (LWP 11311)]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 11311)]
0x40816a8f in strlen () from /lib/libc.so.6
(gdb) bt
#0 0x40816a8f in strlen () from /lib/libc.so.6
#1 0x081701ba in add_property_string_ex (arg=0x0, key=0x0, key_len=0,
str=0x40 <Address 0x40 out of bounds>, duplicate=1) at
/usr/local/src/php-4.3.8/Zend/zend_API.c:978
#2 0x0809e241 in zif_mysql_fetch_field (ht=0, return_value=0x82ab164,
this_ptr=0x0, return_value_used=1) at
/usr/local/src/php-4.3.8/ext/mysql/php_mysql.c:2165
#3 0x0817c706 in execute (op_array=0x8245b84) at
/usr/local/src/php-4.3.8/Zend/zend_execute.c:1635
#4 0x0817c477 in execute (op_array=0x8256c3c) at
/usr/local/src/php-4.3.8/Zend/zend_execute.c:1679
#5 0x0817c477 in execute (op_array=0x8283c18) at
/usr/local/src/php-4.3.8/Zend/zend_execute.c:1679
#6 0x0817c477 in execute (op_array=0x82837e8) at
/usr/local/src/php-4.3.8/Zend/zend_execute.c:1679
#7 0x0817c477 in execute (op_array=0x82be804) at
/usr/local/src/php-4.3.8/Zend/zend_execute.c:1679
#8 0x0817db12 in execute (op_array=0x822e8a4) at
/usr/local/src/php-4.3.8/Zend/zend_execute.c:2200
#9 0x0817db12 in execute (op_array=0x82370f4) at
/usr/local/src/php-4.3.8/Zend/zend_execute.c:2200
#10 0x0817db12 in execute (op_array=0x822e71c) at
/usr/local/src/php-4.3.8/Zend/zend_execute.c:2200
#11 0x0816debb in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /usr/local/src/php-4.3.8/Zend/zend.c:891
#12 0x08141f2f in php_execute_script (primary_file=0xbffffd10) at
/usr/local/src/php-4.3.8/main/main.c:1734
#13 0x08181a3c in main (argc=2, argv=0xbffffd94) at
/usr/local/src/php-4.3.8/sapi/cli/php_cli.c:822
(gdb) frame 3
#3 0x0817c706 in execute (op_array=0x8245b84) at
/usr/local/src/php-4.3.8/Zend/zend_execute.c:1635
1635
((zend_internal_function *)
EX(function_state).function)->handler(EX(opline)->extended_value,
EX(Ts)[EX(opline)->result.u.var].var.ptr, EX(object).ptr,
return_value_used TSRMLS_CC);
(gdb) print (char
*)(executor_globals.function_state_ptr->function)->common.function_name
$1 = 0x818a859 "mysql_fetch_field"
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=29252&edit=1
