#35563 [NEW]: phpmyadmin make seg fault with sql.php script

edo at edo dot cl Mon, 05 Dec 2005 15:42:19 -0800

From:             edo at edo dot cl
Operating system: solaris 8
PHP version:      4.4.1
PHP Bug Type:     MySQL related
Bug description:  phpmyadmin make seg fault with sql.php script


Description:
------------
I've update phpmyadmin to 2.7.0 and php to 4.4.1 , and the apache  crashes
with follow logs:
[Mon Dec 05 20:27:22 2005] [notice] child pid 19823 exit signal
Segmentation fault (11)
[Mon Dec 05 20:27:23 2005] [notice] child pid 17555 exit signal
Segmentation fault (11)
[Mon Dec 05 20:27:24 2005] [notice] child pid 17553 exit signal
Segmentation fault (11)
(three times per get sql.php script)

Below of gdb core with php-cli, replace the form values with inserted vars
obtain the same error:
                         
GDB debug

#0  0xfeab31b4 in strlen () from /usr/lib/libc.so.1
#1  0x177cc8 in add_property_string_ex (arg=0x747220, key=0x3300b8 "def",
key_len=4, str=0x1 <Address 0x1 out of bounds>, duplicate=1)
    at /export/home/broot/work5/php-4.4.1/Zend/zend_API.c:979
#2  0x9ea60 in zif_mysql_fetch_field (ht=7352416, return_value=0x747220,
this_ptr=0x0, return_value_used=1)
    at /export/home/broot/work5/php-4.4.1/ext/mysql/php_mysql.c:2168
#3  0x1858c8 in execute (op_array=0x5dbec8) at
/export/home/broot/work5/php-4.4.1/Zend/zend_execute.c:1675
#4  0x185650 in execute (op_array=0x46f280) at
/export/home/broot/work5/php-4.4.1/Zend/zend_execute.c:1719
#5  0x175c4c in zend_execute_scripts (type=8, retval=0x0, file_count=3) at
/export/home/broot/work5/php-4.4.1/Zend/zend.c:938
#6  0x146810 in php_execute_script (primary_file=0xffbef740) at
/export/home/broot/work5/php-4.4.1/main/main.c:1743
#7  0x18ab08 in main (argc=2, argv=0xffbef7cc) at
/export/home/broot/work5/php-4.4.1/sapi/cli/php_cli.c:830
(gdb) frame 3
#3  0x1858c8 in execute (op_array=0x5dbec8) at
/export/home/broot/work5/php-4.4.1/Zend/zend_execute.c:1675
1675                                                           
((zend_internal_function *)
EX(function_state).function)->handler(EX(opline)->extended_value,
EX(Ts)[EX(opline)->result.u.var].var.ptr, EX(object).ptr,
return_value_used TSRMLS_CC);
(gdb) frame 4
#4  0x185650 in execute (op_array=0x46f280) at
/export/home/broot/work5/php-4.4.1/Zend/zend_execute.c:1719
1719                                                   
zend_execute(EG(active_op_array) TSRMLS_CC);
(gdb) frame 2
#2  0x9ea60 in zif_mysql_fetch_field (ht=7352416, return_value=0x747220,
this_ptr=0x0, return_value_used=1)
    at /export/home/broot/work5/php-4.4.1/ext/mysql/php_mysql.c:2168
2168            add_property_string(return_value,
"def",(mysql_field->def?mysql_field->def:empty_string), 1);


Reproduce code:
---------------
phpmyadmin-2.7.0/sql.php , 4.1.15-standard-log , libmysql client version
12.

Expected result:
----------------
In normal situation, the problem happens when browse the data of  any
table or only invocate sql.php (any SQL statement) with Zero size reply.
In fact, i did try to send mailformed SQL sintax (bad sql command or
incorrect table/fields name), and the script responses the mailformed sql
send, so the problem happens after the SQL validation.


Actual result:
--------------
[EMAIL PROTECTED]:/usr/local/apache2/holding/php-my-admin#php -e sql2.php       
   
                                                                           
                                
         
Notice: Use of undefined constant web1 - assumed 'web1' in
/usr/local/apache2/holding/php-my-admin/sql2.php on line 13
              
Notice: Use of undefined constant web2 assumed 'web2' in
/usr/local/apache2/holding/php-my-admin/sql2.php on line 14
                                                           
Warning: Cannot modify header information - headers already sent by
(output 
started at /usr/local/apache2/holding/php-my-admin/sql2.php:13) in
/usr/local/apache2/holding/php-my-admin/libraries/ob.lib.php on line 61
Segmentation Fault (core dumped)


-- 
Edit bug report at http://bugs.php.net/?id=35563&edit=1
-- 
Try a CVS snapshot (PHP 4.4): 
http://bugs.php.net/fix.php?id=35563&r=trysnapshot44
Try a CVS snapshot (PHP 5.1): 
http://bugs.php.net/fix.php?id=35563&r=trysnapshot51
Try a CVS snapshot (PHP 6.0): 
http://bugs.php.net/fix.php?id=35563&r=trysnapshot60
Fixed in CVS:                 http://bugs.php.net/fix.php?id=35563&r=fixedcvs
Fixed in release:             
http://bugs.php.net/fix.php?id=35563&r=alreadyfixed
Need backtrace:               http://bugs.php.net/fix.php?id=35563&r=needtrace
Need Reproduce Script:        http://bugs.php.net/fix.php?id=35563&r=needscript
Try newer version:            http://bugs.php.net/fix.php?id=35563&r=oldversion
Not developer issue:          http://bugs.php.net/fix.php?id=35563&r=support
Expected behavior:            http://bugs.php.net/fix.php?id=35563&r=notwrong
Not enough info:              
http://bugs.php.net/fix.php?id=35563&r=notenoughinfo
Submitted twice:              
http://bugs.php.net/fix.php?id=35563&r=submittedtwice
register_globals:             http://bugs.php.net/fix.php?id=35563&r=globals
PHP 3 support discontinued:   http://bugs.php.net/fix.php?id=35563&r=php3
Daylight Savings:             http://bugs.php.net/fix.php?id=35563&r=dst
IIS Stability:                http://bugs.php.net/fix.php?id=35563&r=isapi
Install GNU Sed:              http://bugs.php.net/fix.php?id=35563&r=gnused
Floating point limitations:   http://bugs.php.net/fix.php?id=35563&r=float
No Zend Extensions:           http://bugs.php.net/fix.php?id=35563&r=nozend
MySQL Configuration Error:    http://bugs.php.net/fix.php?id=35563&r=mysqlcfg

#35563 [NEW]: phpmyadmin make seg fault with sql.php script

Reply via email to