#32287 [NEW]: Segmentation fault in simple PHP script

[john at swartzentruber dot us]

From:             john at swartzentruber dot us
Operating system: Fedora Core3
PHP version:      5CVS-2005-03-12 (dev)
PHP Bug Type:     Reproducible crash
Bug description:  Segmentation fault in simple PHP script

Description:
------------
When I run the example script using my browser, there is a segmentation
fault on the call to $result->fetch_array(MYSQLI_ASSOC) on line 16. When I
run it from the command line, the script appears to work. The segmentation
fault only occurs when fetching the associative array. Using MYSQLI_NUM
works, but MYSQLI_BOTH also crashes.

Reproduce code:
---------------
<?php
include "../../secrets/rootmysqlpass.inc.php"; // only defines $rootpass
$mysqli = new mysqli("localhost", "root", $rootpass, "World");
printf("Host information: %s\n", $mysqli->host_info);
/* check connection */
if (mysqli_connect_errno()) {
   printf("Connect failed: %s\n", mysqli_connect_error());
   exit();
}
$query = "SELECT Name, CountryCode FROM City ORDER by ID LIMIT 3";
$result = $mysqli->query($query);
/* numeric array */
$row = $result->fetch_array(MYSQLI_NUM);
printf ("%s (%s)\n", $row[0], $row[1]);
/* associative array */
$row = $result->fetch_array(MYSQLI_ASSOC);
printf ("%s (%s)\n", $row["Name"], $row["CountryCode"]);
$result->close();
$mysqli->close();
?>


Expected result:
----------------
Kabul (AFG)
Qandahar (AFG)


Actual result:
--------------
#0  0x0018d96b in strlen () from /lib/tls/libc.so.6
#1  0x0231cc70 in php_mysqli_fetch_into_hash (ht=1,
return_value=0x9ed2454, this_ptr=0x9ed16fc, return_value_used=1,
    override_flags=0, into_object=0) at
/usr/local/src/php5-STABLE-200503121930/ext/mysqli/mysqli.c:663
#2  0x02326b79 in zif_mysqli_fetch_array (ht=1, return_value=0x9ed2454,
this_ptr=0x9ed16fc, return_value_used=1)
    at
/usr/local/src/php5-STABLE-200503121930/ext/mysqli/mysqli_nonapi.c:193
#3  0x024c3f31 in zend_do_fcall_common_helper (execute_data=0xbfee64d0,
opline=0x9ed61b8, op_array=0x9e78dd4)
    at /usr/local/src/php5-STABLE-200503121930/Zend/zend_execute.c:2727
#4  0x024c4645 in zend_do_fcall_by_name_handler (execute_data=0xbfee64d0,
opline=0x9ed61b8, op_array=0x9e78dd4)
    at /usr/local/src/php5-STABLE-200503121930/Zend/zend_execute.c:2841
#5  0x024bf0ee in execute (op_array=0x9e78dd4) at
/usr/local/src/php5-STABLE-200503121930/Zend/zend_execute.c:1406
#6  0x0249b364 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /usr/local/src/php5-STABLE-200503121930/Zend/zend.c:1068
#7  0x0245c516 in php_execute_script (primary_file=0xbfee8830) at
/usr/local/src/php5-STABLE-200503121930/main/main.c:1630
#8  0x024c9b29 in php_handler (r=0x9ebf8d8)
    at
/usr/local/src/php5-STABLE-200503121930/sapi/apache2handler/sapi_apache2.c:555
#9  0x007bf9f7 in ap_run_handler () from /usr/sbin/httpd
#10 0x09b83888 in ?? ()
#11 0x007bf9ce in ap_run_handler () from /usr/sbin/httpd
#12 0x09ebf8d8 in ?? ()
#13 0x09ebf8d8 in ?? ()
#14 0xbfee89a8 in ?? ()
#15 0x007bfe63 in ap_invoke_handler () from /usr/sbin/httpd
Previous frame inner to this frame (corrupt stack?)


-- 
Edit bug report at http://bugs.php.net/?id=32287&edit=1
-- 
Try a CVS snapshot (php4):   http://bugs.php.net/fix.php?id=32287&r=trysnapshot4
Try a CVS snapshot (php5.0): 
http://bugs.php.net/fix.php?id=32287&r=trysnapshot50
Try a CVS snapshot (php5.1): 
http://bugs.php.net/fix.php?id=32287&r=trysnapshot51
Fixed in CVS:                http://bugs.php.net/fix.php?id=32287&r=fixedcvs
Fixed in release:            http://bugs.php.net/fix.php?id=32287&r=alreadyfixed
Need backtrace:              http://bugs.php.net/fix.php?id=32287&r=needtrace
Need Reproduce Script:       http://bugs.php.net/fix.php?id=32287&r=needscript
Try newer version:           http://bugs.php.net/fix.php?id=32287&r=oldversion
Not developer issue:         http://bugs.php.net/fix.php?id=32287&r=support
Expected behavior:           http://bugs.php.net/fix.php?id=32287&r=notwrong
Not enough info:             
http://bugs.php.net/fix.php?id=32287&r=notenoughinfo
Submitted twice:             
http://bugs.php.net/fix.php?id=32287&r=submittedtwice
register_globals:            http://bugs.php.net/fix.php?id=32287&r=globals
PHP 3 support discontinued:  http://bugs.php.net/fix.php?id=32287&r=php3
Daylight Savings:            http://bugs.php.net/fix.php?id=32287&r=dst
IIS Stability:               http://bugs.php.net/fix.php?id=32287&r=isapi
Install GNU Sed:             http://bugs.php.net/fix.php?id=32287&r=gnused
Floating point limitations:  http://bugs.php.net/fix.php?id=32287&r=float
No Zend Extensions:          http://bugs.php.net/fix.php?id=32287&r=nozend
MySQL Configuration Error:   http://bugs.php.net/fix.php?id=32287&r=mysqlcfg