ID: 35759
User updated by: squasar at eternalviper dot net
Reported By: squasar at eternalviper dot net
-Status: Closed
+Status: Open
Bug Type: MySQLi related
Operating System: *
-PHP Version: 5.1.1
+PHP Version: 5.1.2-CVS
Assigned To: andrey
New Comment:
I apologize for misunderstanding; this is fixed in 5.1.2-
CVS, but I'm used to there being a "This bug has been fixed
in CVS." message for that. Regardless, the test case in CVS
(ext/mysqli/tests/bug35759.phpt) is non-functional for the
issue; it does not check that memory limits are enabled or
ensure than a memory limit is set if so, and thus does not
necessarily test the problem (The default memory limit if
it's been compiled in is of course 8M, but this can't and
shouldn't be relied upon). Here's the unified diff of my
correction:
Index: ext/mysqli/tests/bug35759.phpt
============================================================
=======
RCS file: /repository/php-src/ext/mysqli/tests/Attic/
bug35759.phpt,v
retrieving revision 1.1.2.1
diff -u -r1.1.2.1 bug35759.phpt
--- ext/mysqli/tests/bug35759.phpt 22 Dec 2005 18:11:39
-0000 1.1.2.1
+++ ext/mysqli/tests/bug35759.phpt 25 Dec 2005 01:51:31
-0000
@@ -1,7 +1,10 @@
--TEST--
bug #35759 : mysqli_stmt_bind_result() makes huge
allocation when column empty
--SKIPIF--
-<?php require_once('skipif.inc'); ?>
+<?php require_once('skipif.inc');
+if ( !function_exists( 'memory_get_usage' ) ) die( 'skip
requires --enable-memory-limit' ); ?>
+--INI--
+memory_limit=1M
--FILE--
<?php
Previous Comments:
------------------------------------------------------------------------
[2005-12-25 00:50:19] [EMAIL PROTECTED]
Please read the previous post.
It's fixed in CVS.
------------------------------------------------------------------------
[2005-12-25 00:42:44] squasar at eternalviper dot net
I don't understand how this is a documentation bug. I can
verify that MySQLi is making gigantic (16M) allocations in the
case of a column with an empty value. This happens EVEN WITH
store_result() being called first!
------------------------------------------------------------------------
[2005-12-22 19:14:50] [EMAIL PROTECTED]
Should be fixed by now.
Thanks for reporting!
------------------------------------------------------------------------
[2005-12-21 09:16:48] [EMAIL PROTECTED]
This sounds more like documentation issue than a real bug, but I let
Georg decide.
------------------------------------------------------------------------
[2005-12-21 07:41:55] squasar at eternalviper dot net
Description:
------------
If a MEDIUMBLOB column has an empty value (length of zero),
mysqli_stmt_bind_result() attempts to allocate a buffer of 16M
for it. The offending code is in mysqli_api.c, line 332:
if (stmt->stmt->fields[ofs].max_length == 0) {
This will be true if the column is empty as well as in the
case where the user has not called store_result(). The result
is the code using the value of length instead of max_length,
which is 16M for a mediumblob.
Reproduce code:
---------------
Assume there exists a table:
CREATE TABLE a_table ( some_blob MEDIUMBLOB NOT NULL );
<?php
$m = new mysqli( MY_DB_HOST, MY_DB_USER, MY_DB_PASS );
$s = new mysqli_stmt( $m, "SELECT some_blob FROM a_table WHERE
some_blob='' LIMIT 1" );
$s->execute();
$s->store_result();
print_r( $s->result_metadata()->fetch_fields() );
$s->bind_result( $data );
$s->fetch();
print_r( $data );
?>
Expected result:
----------------
Array
(
[0] => stdClass Object
(
[name] => some_blob
[orgname] => some_blob
[table] => a_table
[orgtable] => a_table
[def] =>
[max_length] => 0
[length] => 0
[charsetnr] => 63
[flags] => 144
[type] => 252
[decimals] => 0
)
)
Actual result:
--------------
Array
(
[0] => stdClass Object
(
[name] => some_blob
[orgname] => some_blob
[table] => a_table
[orgtable] => a_table
[def] =>
[max_length] => 0
[length] => 16777215
[charsetnr] => 63
[flags] => 144
[type] => 252
[decimals] => 0
)
)
Fatal error: Allowed memory size of 8388608 bytes exhausted
(tried to allocate 16777216 bytes) in test.php on line 8
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=35759&edit=1
