Signal 11 with with mysqli_set

Signal 11 with with mysqli_set_charset ()

Bug #36802

Signal 11 with with mysqli_set_charset ()

Submitted:

2006-03-20 19:49 UTC

Modified:

2006-03-27 17:11 UTC

Votes:	2
Avg. Score:	4.0 ± 1.0
Reproduced:	2 of 2 (100.0%)
Same Version:	2 (100.0%)
Same OS:	2 (100.0%)

From:

mdalton at galaxytelecom dot net

Assigned:

georg (profile)

Status:

Closed

Package:

Reproducible crash

PHP Version:

5.1.2

OS:

Linux

Private report:

CVE-ID:

None

[2006-03-20 19:49 UTC] mdalton at galaxytelecom dot net

Description:
------------
While trying to call set_charset method on a mysqli object php crashes with a signal 11.

Situation tested on a stock ubuntu php + mysqli + mysql 5.0 setup, and on a home rolled apache+hardened-php+mysql 5.0 system

Reproduce code:
---------------
<?php
$mysqli = mysqli_init ();
$mysqli->set_charset ( 'utf8' );
echo $mysqli->character_set_name ();
?>


Expected result:
----------------
script should echo 'utf8'

Actual result:
--------------
The apache child process bombs with a signal 11

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-03-20 23:28 UTC] judas dot iscariote at gmail dot com

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 46912513283232 (LWP 30938)]
0x00002aaaae4b9c65 in mysql_send_query () from /usr/lib64/libmysqlclient.so.15
(gdb) bt
#0  0x00002aaaae4b9c65 in mysql_send_query () from /usr/lib64/libmysqlclient.so.15
#1  0x00002aaaae4b9cd9 in mysql_real_query () from /usr/lib64/libmysqlclient.so.15
#2  0x00002aaaae4ba011 in mysql_set_character_set () from /usr/lib64/libmysqlclient.so.15
#3  0x00002aaaae6dcbc2 in zif_mysqli_set_charset (ht=<value optimized out>, return_value=0x950488,
    return_value_ptr=<value optimized out>, this_ptr=<value optimized out>, return_value_used=<value optimized out>)
    at /usr/src/debug/php-5.1.2/ext/mysqli/mysqli_nonapi.c:329
#4  0x00000000005555d0 in zend_do_fcall_common_helper_SPEC (execute_data=0x7fffffb1d2a0) at zend_vm_execute.h:200
#5  0x0000000000554c53 in execute (op_array=0x9657a8) at zend_vm_execute.h:92
#6  0x000000000053857c in zend_execute_scripts (type=8, retval=<value optimized out>, file_count=3)
    at /usr/src/debug/php-5.1.2/Zend/zend.c:1109
#7  0x00000000004fac35 in php_execute_script (primary_file=0x7fffffb1f950) at /usr/src/debug/php-5.1.2/main/main.c:1725
#8  0x00000000005c9285 in main (argc=2, argv=0x7fffffb1fb08) at /usr/src/debug/php-5.1.2/sapi/cli/php_cli.c:1092

php -v

PHP 5.1.3RC2-dev (cli) (built: Mar 20 2006 17:23:27)

[2006-03-20 23:57 UTC] judas dot iscariote at gmail dot com

although Im not an expert on this,

seems the OP example lacks of a valid internal "mysql_link" (created with mysqli_real_connect or similar ) and some validation is missing in the mysqli extension an that result in a crash...

I deduce this because using a valid mysqli link the function works as expected.

This is a bug anyway, no userspace code should crash PHP.

[2006-03-21 16:35 UTC] iliaa@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

[2006-03-27 17:11 UTC] georg@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.