Skip to content
This repository was archived by the owner on Aug 10, 2019. It is now read-only.
This repository was archived by the owner on Aug 10, 2019. It is now read-only.

php 5.6/mysqlnd segfault with stored procedures #145

Closed
Closed
php 5.6/mysqlnd segfault with stored procedures#145
@tarkin000

Description

@tarkin000
tarkin000
opened on Aug 16, 2016

Debian Wheezy i686 (up to date as of 8/2016)
PHP 5.6.24-1~dotdeb+7.1 (cli) (built: Jul 22 2016 00:07:27)
php-cgi & php-cli

deb http://lug.mtu.edu/debian/ wheezy main
deb-src http://lug.mtu.edu/debian/ wheezy main

#deb http://debian.cse.msu.edu/debian/ wheezy main contrib non-free
#deb-src http://debian.cse.msu.edu/debian/ wheezy main contrib

deb http://security.debian.org/ wheezy/updates main contrib
deb-src http://security.debian.org/ wheezy/updates main contrib

# wheezy-updates, previously known as 'volatile'
deb http://lug.mtu.edu/debian/ wheezy-updates main
deb-src http://lug.mtu.edu/debian/ wheezy-updates main

# wheezy-updates, previously known as 'volatile'
#deb http://debian.cse.msu.edu/debian/ wheezy-updates main contrib
#deb-src http://debian.cse.msu.edu/debian/ wheezy-updates main contrib

# dotdeb
deb http://packages.dotdeb.org wheezy all
deb http://packages.dotdeb.org wheezy-php56 all
deb-src http://packages.dotdeb.org wheezy-php56 all
# deb-multimedia
deb http://www.deb-multimedia.org wheezy main non-free

/etc/apt/sources/list.d : nodesource.list

ii  php-pear                                                    5.6.24-1~dotdeb+7.1                all          PEAR - PHP Extension and Application Repository
ii  php5-cgi                                                    5.6.24-1~dotdeb+7.1                i386         server-side, HTML-embedded scripting language (CGI binary)
ii  php5-cli                                                    5.6.24-1~dotdeb+7.1                i386         command-line interpreter for the php5 scripting language
ii  php5-common                                                 5.6.24-1~dotdeb+7.1                i386         Common files for packages built from the php5 source
ii  php5-dbg                                                    5.6.24-1~dotdeb+7.1                i386         Debug symbols for PHP5
ii  php5-gd                                                     5.6.24-1~dotdeb+7.1                i386         GD module for php5
ii  php5-imagick                                                1:3.1.2-2~dotdeb+7.1               i386         Provides a wrapper to the ImageMagick library
ii  php5-mysqlnd                                                5.6.24-1~dotdeb+7.1                i386         MySQL module for php5 (Native Driver)
ii  php5-readline                                               5.6.24-1~dotdeb+7.1                i386         Readline module for php5
ii  php5-sqlite                                                 5.6.24-1~dotdeb+7.1                i386         SQLite module for php5

php seqfaults when fetching the result of prepared statement that invokes a stored procedure.
To reproduce:
db.sql:

drop database if exists test;
create database test;
use test;
create table test(foo int,bar varchar(36));
insert into test(foo,bar) values(1,"baz");
insert into test(foo,bar) values(2,"quux");

delimiter //
create procedure pppp(id int)
begin
        declare result varchar(4) default 'fail';
        declare message varchar(64) default 'hello, world';
        declare datum varchar(36) default null;
        declare cur cursor for select bar from test where id = id;
        declare exit handler for 1329
                begin
                        set message = 'got 1329';
                        select result,message,datum;
                end;
        open cur;
        fetch cur into datum;
        close cur;
        select result,message,datum;
end
//

test.php:

<?php
$conn = new mysqli('localhost','root','password','test',3306);
$stmt = $conn->prepare('call pppp(?)');
$int = 1;
$stmt->bind_param('i',$int);
$stmt->execute();
do {
        if ($res = $stmt->get_result()) {
                printf("---\n");
                var_dump($res->fetch_all());
                $res->free();
        } else {
                printf("error: ");
                if ($stmt->errno) printf("$stmt->error");
                printf("\n");
        }
} while($stmt->more_results() && $stmt->next_result());
$stmt->close();
$conn->close();
?>

test.gdb.log:

Starting program: /usr/bin/php test.php
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/i686/cmov/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
mysqlnd_fetch_stmt_row_cursor (result=0xb7621088, param=0xb7621a64, flags=2, fetched_anything=0xbfffba3f "\267\364/3\267\210\020b\267")
    at /usr/src/builddir/ext/mysqlnd/mysqlnd_ps.c:1022
1022    /usr/src/builddir/ext/mysqlnd/mysqlnd_ps.c: No such file or directory.
#0  mysqlnd_fetch_stmt_row_cursor (result=0xb7621088, param=0xb7621a64, flags=2, fetched_anything=0xbfffba3f "\267\364/3\267\210\020b\267")
    at /usr/src/builddir/ext/mysqlnd/mysqlnd_ps.c:1022
#1  0xb73148d5 in php_mysqlnd_res_fetch_row_pub (result=0xb7621088, param=0xb7621a64, flags=2, fetched_anything=0xbfffba3f "\267\364/3\267\210\020b\267")
    at /usr/src/builddir/ext/mysqlnd/mysqlnd_result.c:1352
#2  0xb73173a6 in php_mysqlnd_res_fetch_into_pub (result=0xb7621088, flags=2, return_value=0xb7621a64, extension=MYSQLND_MYSQLI)
    at /usr/src/builddir/ext/mysqlnd/mysqlnd_result.c:1823
#3  0xb73171c5 in php_mysqlnd_res_fetch_all_pub (result=0xb7621088, flags=2, return_value=0xb7621a48) at /usr/src/builddir/ext/mysqlnd/mysqlnd_result.c:1893
#4  0xb67c6132 in zif_mysqli_fetch_all (ht=0, return_value=0xb7621a48, return_value_ptr=0xb76041a0, this_ptr=0xb761edb0, return_value_used=1)
    at /usr/src/builddir/ext/mysqli/mysqli_nonapi.c:385
#5  0x0842d376 in execute_internal (execute_data_ptr=execute_data_ptr@entry=0xb76042bc, fci=fci@entry=0x0, return_value_used=return_value_used@entry=1)
    at /usr/src/builddir/Zend/zend_execute.c:1527
#6  0x08371493 in dtrace_execute_internal (execute_data_ptr=0xb76042bc, fci=0x0, return_value_used=1) at /usr/src/builddir/Zend/zend_dtrace.c:97
#7  0x0842f9e7 in zend_do_fcall_common_helper_SPEC (execute_data=<optimized out>) at /usr/src/builddir/Zend/zend_vm_execute.h:560
#8  0x083f15e7 in execute_ex (execute_data=execute_data@entry=0xb76042bc) at /usr/src/builddir/Zend/zend_vm_execute.h:363
#9  0x08371359 in dtrace_execute_ex (execute_data=0xb76042bc) at /usr/src/builddir/Zend/zend_dtrace.c:73
#10 0x0842f162 in zend_execute (op_array=0xb761e5a4) at /usr/src/builddir/Zend/zend_vm_execute.h:388
#11 zend_execute (op_array=0xb761e5a4) at /usr/src/builddir/Zend/zend_vm_execute.h:383
#12 0x08384906 in zend_execute_scripts (type=type@entry=8, retval=retval@entry=0x0, file_count=file_count@entry=3) at /usr/src/builddir/Zend/zend.c:1341
#13 0x08319dae in php_execute_script (primary_file=primary_file@entry=0xbfffdf78) at /usr/src/builddir/main/main.c:2613
#14 0x08433379 in do_cli (argc=-1073750152, argc@entry=2, argv=0x7, argv@entry=0x89a0d88) at /usr/src/builddir/sapi/cli/php_cli.c:994
#15 0x080a5f43 in main (argc=2, argv=0x89a0d88) at /usr/src/builddir/sapi/cli/php_cli.c:1378
A debugging session is active.

        Inferior 1 [process 4588] will be killed.

Quit anyway? (y or n)

This is issue was present in 5.4.45-0+deb7u4, I had upgraded to DotDeb hoping to fix this
issue. Should I report upstream?

Thanks for your time,
Steve

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions