Home Original page

Accesing mysqli->affected_rows on no connection causes segfault

Bug #50727 Accesing mysqli->affected_rows on no connection causes segfault
Submitted: 2010-01-12 00:11 UTC Modified: 2010-02-01 11:48 UTC
From: lodeclaassen at gmail dot com Assigned: mysql (profile)
Status: Closed Package: Reproducible crash
PHP Version: 5.2.12 OS: Debian Linux
Private report: No CVE-ID: None

 [2010-01-12 00:11 UTC] lodeclaassen at gmail dot com

Description:
------------
I open a mysqli connection that failes (in the tested case wrong password). After that when I try to get the affected rows (mysqli->affected_rows) PHP exits and I only get a blank screen.

The configure command from phpinfo:
'./configure' '--with-apxs2' '--with-curl=/usr/local/lib' '--with-gd' '--enable-gd-native-ttf' '--with-ttf' '--with-gettext' '--with-jpeg-dir=/usr/local/lib' '--with-freetype-dir=/usr/local/lib' '--with-kerberos' '--with-openssl' '--with-mcrypt' '--with-mhash' '--with-mysql=/usr/local/mysql' '--with-mysqli=/usr/local/mysql/bin/mysql_config' '--with-pdo-mysql=/usr/local/mysql' '--with-pear' '--with-png-dir=/usr/local/lib' '--with-zlib' '--with-zlib-dir=/usr/local/lib' '--enable-zip' '--with-iconv=/usr/local' '--enable-bcmath' '--enable-calendar' '--enable-ftp' '--enable-magic-quotes' '--enable-sockets' '--enable-mbstring'

Other settings I don't know, I don't operate the host.

Reproduce code:
---------------
<?php
echo 'startup<br />';

if (isset($_GET['try']) && $_GET['try'] == 1) {
	$connection = new mysqli('localhost', 'user', 'wrong password', 'SomeExistingTable');
	$connection->query("SELECT `id` FROM `SomeExistingTable` LIMIT 1");
	echo 'affected rows: '.$connection->affected_rows.'<br />';
}

echo 'ending<br />';
?>

Expected result:
----------------
If I request the file with ?try=0 I expect:

startup
ending

When I request ?try=1 I get nothing, a blank screen.

Actual result:
--------------
With ?try=1 I expect to see:

startup
affected rows: 
ending

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

 [2010-01-12 00:40 UTC] johannes@php.net

Fixed in 5.3. Can reproduce in 5.2.

A simple fix for this might be

Index: ext/mysqli/mysqli_prop.c
===================================================================
--- ext/mysqli/mysqli_prop.c	(revision 293046)
+++ ext/mysqli/mysqli_prop.c	(working copy)
@@ -162,7 +162,7 @@
 
  	mysql = (MY_MYSQL *)((MYSQLI_RESOURCE *)(obj->ptr))->ptr;
 	
-	if (!mysql) {
+	if (!mysql || !mysql->mysql) {
 		ZVAL_NULL(*retval);
 	} else {
 		CHECK_STATUS(MYSQLI_STATUS_VALID);


Untested and other properties might be affected - might be better to backport the fix from 5.3.

 [2010-01-12 01:28 UTC] lodeclaassen at gmail dot com

Thanks!
Do you know what properties/functions are affected apart from affected_rows? Or is that the only one?

My current fix/workaround was to test isset(affected_rows), but I've noticed that isset(insert_id) fails even if it has a number.

 [2010-02-04 20:28 UTC] svn@php.net

Automatic comment from SVN on behalf of johannes
Revision: http://svn.php.net/viewvc/?view=revision&revision=294543
Log: Merge mysql changes

293815 Add possibility to restrain the number of levels (andrey)
293816 decrement correctly! (andrey)
293976 Fix for bug#50772  (andrey)
294302 Tests related to #50727 (uw)
294313 Fix a bug in mysqlnd where a pointer was not incremented (andrey)
294317 Fix second bug in that code, + instead of += thus not increasing (andrey)
294337 No idea which recent change has cause this little API change, however it is not (uw)
294421 Pass tsrmls to all functions, which might need it in the future. (andrey)