from:"wcshields at gmail dot com"

#46808 [Bgs]: Mysqli crashes on LONGTEXT columns

2009-04-28 Thread wcshields at gmail dot com

 ID:   46808
 User updated by:  wcshields at gmail dot com
 Reported By:  wcshields at gmail dot com
 Status:   Bogus
 Bug Type: MySQLi related
 Operating System: Ubuntu 8.04 LTS x86 32 bit
 PHP Version:  5.2.8
 New Comment:

I sure wish I could figure out why someone marked this bug as "Bogus"
rather than, you know, investigating it. Lo and behold it FINALLY is
verified. Sorry but the treatment this issue has got (going on for 2+
years through various bugs) is nothing short of ludicrous.


Previous Comments:


[2009-04-19 14:13:16] j...@php.net

Finally could reproduce this, see bug #47928 (I'm closing this report
as 
the other has short and easy reproduce script now.. :)




[2009-01-11 00:10:22] wcshields at gmail dot com

Isn't the mysqlnd option for PHP 5.3+?  If so, that's hardly a solution
since 5.3 isn't out yet.



[2008-12-11 16:09:15] webmaster at ajeux dot com

Note: No bug when mysqlnd is used. (configure with
--with-mysqli=mysqlnd)



[2008-12-11 11:18:32] webmaster at ajeux dot com

Bug confirmed here on PHP 5.3 with Mysql 5.0.51
SELECT query : 

"SELECT id, UNCOMPRESS(myfield) FROM mytable ORDER BY id LIMIT 8"
myfield is BLOB.

How can we help to get it fixed ?

"Program received signal SIGSEGV, Segmentation fault."

Backtrace:
#0  0xb7aedb00 in mysqli_stmt_fetch_libmysql (ht=0,
return_value=0xb71cbe4c, return_value_ptr=0x0, this_ptr=0xb7265748,
return_value_used=1)
at /usr/src/php5.3-200812091530/ext/mysqli/mysqli_api.c:842
#1  0xb7aedf0d in zif_mysqli_stmt_fetch (ht=0, return_value=0xb71cbe4c,
return_value_ptr=0x0, this_ptr=0xb7265748, return_value_used=1)
at /usr/src/php5.3-200812091530/ext/mysqli/mysqli_api.c:984
#2  0x0827a4b9 in zend_do_fcall_common_helper_SPEC
(execute_data=0xb776af88) at
/usr/src/php5.3-200812091530/Zend/zend_vm_execute.h:313
#3  0x08279a32 in execute (op_array=0xb738bd94) at
/usr/src/php5.3-200812091530/Zend/zend_vm_execute.h:104
#4  0x08253c17 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /usr/src/php5.3-200812091530/Zend/zend.c:1197
#5  0x081faf59 in php_execute_script (primary_file=0xbfb12090) at
/usr/src/php5.3-200812091530/main/main.c:2080
#6  0x082ec5a9 in main (argc=1, argv=0xbfb121e4) at
/usr/src/php5.3-200812091530/sapi/cgi/cgi_main.c:2000

----------------

[2008-12-09 07:31:00] wcshields at gmail dot com

Description:

Mysqli restores garbage from longtext columns in mysql 5.0.51a
connected over TCP (also happens with Unix domain sockets) and, after a
random number of rows, seg faults.  The number of rows is unpredictable
but consistent.  If you find something that crashes after 11 rows, it
will crash after 11 rows every time.  Change the order by clause and it
might crash every time after 3 rows.

As per bugs #44867 and several others I've found, people have been
reporting this issue since as early as 2005 and it still hasn't been
addressed.  Can someone PLEASE actually look into it?

Reproduce code:
---
prepare("SELECT name, longtext1 FROM sampletable");
$stmt->execute();
$stmt->bind_result($name, $value);
$count = 1;
while ($stmt->fetch()) {
$size = sizeof($value);
echo "$name $size\n";
$count++;
}
$stmt->close();
?>

Expected result:

To retrieve the exact contents of all longtext values without crashing.

Actual result:
--
Segmentation fault.
$ gdb php core
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show
copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...

warning: Can't read pathname for load map: Input/output error.
Reading symbols from /lib/tls/i686/cmov/libcrypt.so.1...done.
Loaded symbols for /lib/tls/i686/cmov/libcrypt.so.1
Reading symbols from /lib/tls/i686/cmov/librt.so.1...done.
Loaded symbols for /lib/tls/i686/cmov/librt.so.1
Reading symbols from /lib/tls/i686/cmov/libresolv.so.2...done.
Loaded symbols for /lib/tls/i686/cmov/libresolv.so.2
Reading symbols from /lib/tls/i686/cmov/libdl.so.2...done.
Loaded symbols for /lib/tls/i686/cmov/libdl.so.2
Reading symbols from /usr/lib/libmysqlclient.so.15...done.
Loaded symbols for /usr/lib/libmysqlclient.so.15
Reading symbols from /lib/tls/i686/cmov/libpthread.so.0...done.
Loaded symbols for /lib/tls/i686/cmov/libpthread.so.0
Reading symbo

#44867 [Com]: PHP5 with mysqli fails with a segmentation fault (11)

2008-12-07 Thread wcshields at gmail dot com

 ID:   44867
 Comment by:   wcshields at gmail dot com
 Reported By:  jesuslarag at gmail dot com
 Status:   No Feedback
 Bug Type: MySQLi related
 Operating System: Linux Debian etch
 PHP Version:  5.2.6RC5
 New Comment:

$ mysql --version
mysql  Ver 14.12 Distrib 5.0.51a, for debian-linux-gnu (i486) using
readline 5.2
$ php --version
PHP 5.2.4 (cli) (built: Dec  8 2008 15:08:11) (DEBUG)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
$ uname -a
Linux  2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686
GNU/Linux
$ ./configure --with-mysqli --enable-debug
$ make
$ cd sapi/cli
$ ./php
prepare("SELECT name, longtext1 FROM sampletable");
$stmt->execute();
$stmt->bind_result($name, $value);
$count = 1;
while ($stmt->fetch()) {
$size = sizeof($value);
echo "$name $size\n";
$count++;
}
$stmt->close();
?>
^D
...
Segmentation fault.
$ gdb php core
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show
copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...
Cannot access memory at address 0x104
(gdb) bt
#0  0xb7062945 in ?? ()
#1  0x082f910b in php_tcp_sockop_connect (stream=0xbfa6f894, sock=0x6,
xparam=0xbfa6f860)
at /home/wshields/src/php5-5.2.4/main/streams/xp_socket.c:652
#2  0x082e8b18 in php_stream_fill_read_buffer (stream=0x873dc7c,
size=141810744) at
/home/wshields/src/php5-5.2.4/main/streams/streams.c:532
#3  0x082c7623 in _start_element_handler_ns (user=0x8, name=0x0,
prefix=0x3 , URI=0x0,
nb_namespaces=-1079566612, namespaces=0x0, nb_attributes=2,
nb_defaulted=543584032, attributes=0x2d6c6c00)
at /home/wshields/src/php5-5.2.4/ext/xml/compat.c:107
#4  0x0827d000 in php_implode (delim=0x1, arr=0x0,
return_value=0x5bbef9ee)
at /home/wshields/src/php5-5.2.4/ext/standard/string.c:954
#5  0x0835c044 in ZEND_ADD_ARRAY_ELEMENT_SPEC_TMP_VAR_HANDLER (
execute_data=0xb7fd2ce0)
at /home/wshields/src/php5-5.2.4/Zend/zend_vm_execute.h:6273
#6  0xb79d4450 in ?? ()
#7  0x080982c1 in compile_regex (options=Cannot access memory at
address 0x8
)
at
/home/wshields/src/php5-5.2.4/ext/pcre/pcrelib/pcre_compile.c:5118
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb)

This is repeatable and predicatble.  Longtext columns simply don't work
with PHP/Mysql.  This has been reported going back to at least 2005. 
Can somoene PLEASE actually fix this??


Previous Comments:


[2008-05-08 01:00:00] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".



[2008-04-30 08:47:21] [EMAIL PROTECTED]

Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.





[2008-04-30 08:30:23] jesuslarag at gmail dot com

Description:

i try to compile php 5.2.3, 5.2.5 and 5.2.6rc5

my configure:
./configure \
--prefix=/usr/php --sysconfdir=/etc/php5/apache2
--mandir=/usr/share/man \
--with-apxs2=/usr/sbin/apxs \
--libexecdir=/usr/lib/php5 --bindir=/usr/bin --libdir=/usr/lib/php5 \
--with-config-file-path=/etc/php5/apache2
--with-config-file-scan-dir=/etc/php5/conf.d \
--with-exec-dir=/usr/lib/php5/libexec --with-pear=/usr/share/php \
--enable-shared --with-gnu-ld --disable-inline-optimization \
--with-gd --disable-cgi --disable-ipv6 \
--disable-debug --with-curl --with-curlwrappers \
--enable-zip --with-bz2 --with-zlib \
--enable-bcmath --enable-calendar --enable-mbstring \
--with-libxml-dir=/usr --with-regex \
--with-pcre-regex=/usr --enable-exif --with-t1lib --with-xsl \
--with-mhash --with-mcrypt --enable-zend-multibyte \
--with-pspell --with-openssl --enable-sockets \
--enable-soap --enable-ftp --with-gd --with-ttf \
--enable-json --with-tidy --with-iconv --with-gettext \
--enable-gd-native-ttf --enable-gd-jis-conv --with-xmlrpc \
--enable-sysvmsg --enable-sysvsem --enable-sysvshm -

#46808 [NEW]: Mysqli predictably crashes (segmentation fault) on LONGTEXT columns

2008-12-08 Thread wcshields at gmail dot com

From: wcshields at gmail dot com
Operating system: Ubuntu 8.04 LTS x86 32 bit
PHP version:  5.2.8
PHP Bug Type: Reproducible crash
Bug description:  Mysqli predictably crashes (segmentation fault) on LONGTEXT 
columns

Description:

Mysqli restores garbage from longtext columns in mysql 5.0.51a connected
over TCP (also happens with Unix domain sockets) and, after a random number
of rows, seg faults.  The number of rows is unpredictable but consistent. 
If you find something that crashes after 11 rows, it will crash after 11
rows every time.  Change the order by clause and it might crash every time
after 3 rows.

As per bugs #44867 and several others I've found, people have been
reporting this issue since as early as 2005 and it still hasn't been
addressed.  Can someone PLEASE actually look into it?

Reproduce code:
---
prepare("SELECT name, longtext1 FROM sampletable");
$stmt->execute();
$stmt->bind_result($name, $value);
$count = 1;
while ($stmt->fetch()) {
$size = sizeof($value);
echo "$name $size\n";
$count++;
}
$stmt->close();
?>

Expected result:

To retrieve the exact contents of all longtext values without crashing.

Actual result:
--
Segmentation fault.
$ gdb php core
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show
copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...

warning: Can't read pathname for load map: Input/output error.
Reading symbols from /lib/tls/i686/cmov/libcrypt.so.1...done.
Loaded symbols for /lib/tls/i686/cmov/libcrypt.so.1
Reading symbols from /lib/tls/i686/cmov/librt.so.1...done.
Loaded symbols for /lib/tls/i686/cmov/librt.so.1
Reading symbols from /lib/tls/i686/cmov/libresolv.so.2...done.
Loaded symbols for /lib/tls/i686/cmov/libresolv.so.2
Reading symbols from /lib/tls/i686/cmov/libdl.so.2...done.
Loaded symbols for /lib/tls/i686/cmov/libdl.so.2
Reading symbols from /usr/lib/libmysqlclient.so.15...done.
Loaded symbols for /usr/lib/libmysqlclient.so.15
Reading symbols from /lib/tls/i686/cmov/libpthread.so.0...done.
Loaded symbols for /lib/tls/i686/cmov/libpthread.so.0
Reading symbols from /lib/tls/i686/cmov/libnsl.so.1...done.
Loaded symbols for /lib/tls/i686/cmov/libnsl.so.1
Reading symbols from /lib/tls/i686/cmov/libm.so.6...done.
Loaded symbols for /lib/tls/i686/cmov/libm.so.6
Reading symbols from /usr/lib/libz.so.1...done.
Loaded symbols for /usr/lib/libz.so.1
Reading symbols from /usr/lib/libxml2.so.2...done.
Loaded symbols for /usr/lib/libxml2.so.2
Reading symbols from /lib/tls/i686/cmov/libc.so.6...done.
Loaded symbols for /lib/tls/i686/cmov/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/tls/i686/cmov/libnss_files.so.2...done.
Loaded symbols for /lib/tls/i686/cmov/libnss_files.so.2
Core was generated by `./php'.
Program terminated with signal 11, Segmentation fault.
[New process 5006]
#0  0x08130eda in zif_mysqli_stmt_fetch (ht=0, return_value=0x856e20c,
return_value_ptr=0x0, this_ptr=0x856e0b8, return_value_used=1)
at /home/wshields/php-5.2.8/ext/mysqli/mysqli_api.c:665
665 if (Z_TYPE_P(stmt->result.vars[i]) ==
IS_STRING) {
(gdb) bt
#0  0x08130eda in zif_mysqli_stmt_fetch (ht=0, return_value=0x856e20c,
return_value_ptr=0x0, this_ptr=0x856e0b8, return_value_used=1)
at /home/wshields/php-5.2.8/ext/mysqli/mysqli_api.c:665
#1  0x083515e5 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfb073e4)
at /home/wshields/php-5.2.8/Zend/zend_vm_execute.h:200
#2  0x08352239 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0xbfb073e4)
at /home/wshields/php-5.2.8/Zend/zend_vm_execute.h:322
#3  0x08351138 in execute (op_array=0x856d144)
at /home/wshields/php-5.2.8/Zend/zend_vm_execute.h:92
#4  0x0832c76c in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at /home/wshields/php-5.2.8/Zend/zend.c:1134
#5  0x082d91d9 in php_execute_script (primary_file=0xbfb0972c)
at /home/wshields/php-5.2.8/main/main.c:2023
#6  0x083a8de5 in main (argc=1, argv=0xbfb09884)
at /home/wshields/php-5.2.8/sapi/cli/php_cli.c:1133


-- 
Edit bug report at http://bugs.php.net/?id=46808&edit=1
-- 
Try a CVS snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=46808&r=trysnapshot52
Try a CVS snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=46808&r=trysnapshot53
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=46808&r=trysnapshot60
Fixed in CVS:
http://bugs.php.net/fix.php?id=46808&r=fixedcvs
Fixed in CVS and need be documented: 
http://bug

#46808 [Com]: Mysqli crashes on LONGTEXT columns

2009-01-10 Thread wcshields at gmail dot com

 ID:   46808
 Comment by:   wcshields at gmail dot com
 Reported By:  wcshields at gmail dot com
 Status:   Open
 Bug Type: MySQLi related
 Operating System: Ubuntu 8.04 LTS x86 32 bit
 PHP Version:  5.2.8
 New Comment:

Isn't the mysqlnd option for PHP 5.3+?  If so, that's hardly a solution
since 5.3 isn't out yet.


Previous Comments:


[2008-12-11 16:09:15] webmaster at ajeux dot com

Note: No bug when mysqlnd is used. (configure with
--with-mysqli=mysqlnd)



[2008-12-11 11:18:32] webmaster at ajeux dot com

Bug confirmed here on PHP 5.3 with Mysql 5.0.51
SELECT query : 

"SELECT id, UNCOMPRESS(myfield) FROM mytable ORDER BY id LIMIT 8"
myfield is BLOB.

How can we help to get it fixed ?

"Program received signal SIGSEGV, Segmentation fault."

Backtrace:
#0  0xb7aedb00 in mysqli_stmt_fetch_libmysql (ht=0,
return_value=0xb71cbe4c, return_value_ptr=0x0, this_ptr=0xb7265748,
return_value_used=1)
at /usr/src/php5.3-200812091530/ext/mysqli/mysqli_api.c:842
#1  0xb7aedf0d in zif_mysqli_stmt_fetch (ht=0, return_value=0xb71cbe4c,
return_value_ptr=0x0, this_ptr=0xb7265748, return_value_used=1)
at /usr/src/php5.3-200812091530/ext/mysqli/mysqli_api.c:984
#2  0x0827a4b9 in zend_do_fcall_common_helper_SPEC
(execute_data=0xb776af88) at
/usr/src/php5.3-200812091530/Zend/zend_vm_execute.h:313
#3  0x08279a32 in execute (op_array=0xb738bd94) at
/usr/src/php5.3-200812091530/Zend/zend_vm_execute.h:104
#4  0x08253c17 in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at /usr/src/php5.3-200812091530/Zend/zend.c:1197
#5  0x081faf59 in php_execute_script (primary_file=0xbfb12090) at
/usr/src/php5.3-200812091530/main/main.c:2080
#6  0x082ec5a9 in main (argc=1, argv=0xbfb121e4) at
/usr/src/php5.3-200812091530/sapi/cgi/cgi_main.c:2000

----

[2008-12-09 07:31:00] wcshields at gmail dot com

Description:

Mysqli restores garbage from longtext columns in mysql 5.0.51a
connected over TCP (also happens with Unix domain sockets) and, after a
random number of rows, seg faults.  The number of rows is unpredictable
but consistent.  If you find something that crashes after 11 rows, it
will crash after 11 rows every time.  Change the order by clause and it
might crash every time after 3 rows.

As per bugs #44867 and several others I've found, people have been
reporting this issue since as early as 2005 and it still hasn't been
addressed.  Can someone PLEASE actually look into it?

Reproduce code:
---
prepare("SELECT name, longtext1 FROM sampletable");
$stmt->execute();
$stmt->bind_result($name, $value);
$count = 1;
while ($stmt->fetch()) {
$size = sizeof($value);
echo "$name $size\n";
$count++;
}
$stmt->close();
?>

Expected result:

To retrieve the exact contents of all longtext values without crashing.

Actual result:
--
Segmentation fault.
$ gdb php core
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show
copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...

warning: Can't read pathname for load map: Input/output error.
Reading symbols from /lib/tls/i686/cmov/libcrypt.so.1...done.
Loaded symbols for /lib/tls/i686/cmov/libcrypt.so.1
Reading symbols from /lib/tls/i686/cmov/librt.so.1...done.
Loaded symbols for /lib/tls/i686/cmov/librt.so.1
Reading symbols from /lib/tls/i686/cmov/libresolv.so.2...done.
Loaded symbols for /lib/tls/i686/cmov/libresolv.so.2
Reading symbols from /lib/tls/i686/cmov/libdl.so.2...done.
Loaded symbols for /lib/tls/i686/cmov/libdl.so.2
Reading symbols from /usr/lib/libmysqlclient.so.15...done.
Loaded symbols for /usr/lib/libmysqlclient.so.15
Reading symbols from /lib/tls/i686/cmov/libpthread.so.0...done.
Loaded symbols for /lib/tls/i686/cmov/libpthread.so.0
Reading symbols from /lib/tls/i686/cmov/libnsl.so.1...done.
Loaded symbols for /lib/tls/i686/cmov/libnsl.so.1
Reading symbols from /lib/tls/i686/cmov/libm.so.6...done.
Loaded symbols for /lib/tls/i686/cmov/libm.so.6
Reading symbols from /usr/lib/libz.so.1...done.
Loaded symbols for /usr/lib/libz.so.1
Reading symbols from /usr/lib/libxml2.so.2...done.
Loaded symbols for /usr/lib/libxml2.so.2
Reading symbols from /lib/tls/i686/cmov/libc.so.6...done.
Loaded symbols for /lib/tls/i686/cmov/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/tls/i686/cmov/libnss_files.so.2...done.
Loaded symbol

#47928 [Com]: Crash in mysqli_stmt_fetch() with longtext column

2009-04-19 Thread wcshields at gmail dot com

 ID:   47928
 Comment by:   wcshields at gmail dot com
 Reported By:  jjuergens at web dot de
 Status:   Verified
 Bug Type: MySQLi related
 Operating System: *
 PHP Version:  5.2CVS-2009-04-19
 New Comment:

I just noticed the status of #46808 is marked as "Bogus". Unfortunately
there's no history to see who marked it that way or why but I guess that
explains why no action was taken on it.

This issue has been reported in various forms for over two years now.
The fact that such reports were written off essentially as hoaxes or
pranks or just plain incompetence by everyone else speaks volumes about
the lack of professionalism and due diligence by whoever is responsible
for investigating such bugs.

So Allelujah that someone finally bothered--years later--to actually
fix it. Maybe if the PHP devs took such reports more seriously, packages
like mysqli wouldn't be the horrible buggy messes that they are.


Previous Comments:


[2009-04-19 14:11:14] j...@php.net

See also bug #46808




[2009-04-19 14:07:02] j...@php.net

Here is the shortest possible test I could come up with:

prepare("SELECT test FROM crash");
$stmt->execute();
$stmt->bind_result($foo);
while($stmt->fetch());
$stmt->close();
?>

The problem seems to be with the longtext column. If that is changed 
to text column, everything works just fine.




[2009-04-19 10:59:40] j...@php.net

Above example causes crash also on my test server. (I removed other 
irrelevant comments)



[2009-04-18 09:57:10] jjuergens at web dot de

query("CREATE TABLE IF NOT EXISTS `sessionData` (
  `sessionId` varchar(60) collate utf8_unicode_ci NOT NULL,
  `pathHash` varchar(32) collate utf8_unicode_ci NOT NULL,
  `path` varchar(100) collate utf8_unicode_ci NOT NULL,
  `data` longtext collate utf8_unicode_ci NOT NULL,
  PRIMARY KEY  (`sessionId`,`pathHash`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci");
$dbLink->query("INSERT INTO `sessionData` (`sessionId`, `pathHash`,
`path`, `data`) VALUES
('e75c7781166e3a361b7cff546563d5e8',
'633fed500f479acaaaf54be8ec9ac657', '/bla',
'0018a901234001222425678901235678345612341315789012345678901234567890123423456789012223456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678')");

$stmt=$dbLink->prepare("SELECT * FROM `sessionData` WHERE `sessionId`=?
 AND `pathHash`=? LIMIT 1");
$arg1="e75c7781166e3a361b7cff546563d5e8";
$arg2="633fed500f479acaaaf54be8ec9ac657";
$stmt->bind_param("ss",$arg1,$arg2);
$stmt->execute();
$resData=$stmt->result_metadata();

while($field=mysqli_fetch_field($resData)){
$resFields[$field->name]=null;
}

call_user_func_array(array($stmt,'bind_result'),$resFields);
$result=array();

while($stmt->fetch()){
$tmpRes=array();
foreach($resFields as $key=>$value){
$tmpRes[$key]=$value;
}
array_push($result,$tmpRes);
}

$stmt->close();
print_r($result);
?>



[2009-04-08 20:37:18] jjuergens at web dot de

Description:

When trying to retrieve data from a MySQL-Database using a
mysqli-statement, PHP just crashes. I excerpted the code below from a
larger web-application and invoked it via the PHP-Cli and it still fails
with a memory-error.
Interestingly enough though, if you just change a single value within
$arg1 and $arg2 (e.g. replace the last 8 from $arg1 with a 7), the bug
doesn't occur anymore.
I've included a Valgrind-output which shows the error.

MySQL-Version is 5.0.67.

Reproduce code:
---
prepare("SELECT * FROM `sessionData` WHERE `sessionId`=?
 AND `pathHash`=? LIMIT 1");

//bind params
$arg1="e75c7781166e3a361b7cff546563d5e8";
$arg2="9ddec3abec5c92628022210892e76afb";
$stmt->bind_param("ss",$arg1,$arg2);

//execute
$stmt->execute();

//create set of result-fields (see
http://php.net/manual/de/mysqli-stmt.bind-result.php#85470)
$resData=$stmt->result_metadata();
$resFields=array();
$bindArray=array();

while($field=mysqli_fetch_field($resData)){
$resFields[]=&$bindArray[$field->name];
}

//bind result-fields
call_user_func_array(array($stmt,'bind_result'),$resFields);

//fetch result
$res=0;
while($stmt->fetch()){
$tmpRes=array();
foreach($bindArray as $key=>$valu

#46808 [Bgs]: Mysqli crashes on LONGTEXT columns

#44867 [Com]: PHP5 with mysqli fails with a segmentation fault (11)

#46808 [NEW]: Mysqli predictably crashes (segmentation fault) on LONGTEXT columns

#46808 [Com]: Mysqli crashes on LONGTEXT columns

#47928 [Com]: Crash in mysqli_stmt_fetch() with longtext column

5 matches

Site Navigation

Mail list logo

Footer information