Home Original page

PS crash with libmysql when binding same variable as param and out

Bug #55653 PS crash with libmysql when binding same variable as param and out
Submitted: 2011-09-09 12:00 UTC Modified: 2011-09-10 04:44 UTC
From: uw@php.net Assigned: laruence (profile)
Status: Closed Package: MySQLi related
PHP Version: 5.4SVN-2011-09-09 (SVN) OS:
Private report: No CVE-ID: None

 [2011-09-09 12:00 UTC] uw@php.net

Description:
------------
This will crash, if using mysqli with libmysql.

 sapi/cli/php -r '$link = new mysqli("192.168.2.27", "root", "", "test"); $stmt = $link->stmt_init(); $in = "a"; $stmt->prepare("SELECT ?"); $stmt->bind_param("s", $in); $stmt->execute(); $stmt->bind_result($in); $stmt->fetch(); var_dump($in);'

/home/nixnutz/php-src/branches/PHP_5_4/ext/mysqli/mysqli_api.c(890) : Block 0x071e5870 status:
Invalid pointer: ((size=0x005976c6) != (next.prev=0x00000000))
==12847== Conditional jump or move depends on uninitialised value(s)
==12847==    at 0x81C242: zend_mm_check_ptr (zend_alloc.c:1388)
==12847==    by 0x81C230: zend_mm_check_ptr (zend_alloc.c:1385)
==12847==    by 0x81DDA6: _zend_mm_free_int (zend_alloc.c:2064)
==12847==    by 0x81F350: _efree (zend_alloc.c:2436)
==12847==    by 0x5F412E: mysqli_stmt_fetch_libmysql (mysqli_api.c:890)


Box 1:

mysqli

MysqlI Support => enabled
Client API library version => 5.6.2-m5
Active Persistent Links => 0
Inactive Persistent Links => 0
Active Links => 0
Client API header version => 5.6.2-m5
MYSQLI_SOCKET => /tmp/mysql.sock


Box 2:

mysqli

MysqlI Support => enabled
Client API library version => 5.1.45
Active Persistent Links => 0
Inactive Persistent Links => 0
Active Links => 0
Client API header version => 5.1.45
MYSQLI_SOCKET => /tmp/mysql.sock





Test script:
---------------
 sapi/cli/php -r '$link = new mysqli("192.168.2.27", "root", "", "test"); $stmt = $link->stmt_init(); $in = "a"; $stmt->prepare("SELECT ?"); $stmt->bind_param("s", $in); $stmt->execute(); $stmt->bind_result($in); $stmt->fetch(); var_dump($in);'

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

 [2011-09-10 03:52 UTC] laruence@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: laruence

 [2011-09-10 04:44 UTC] laruence@php.net

this also cause a segfault in ext/mysqli/tests/mysqli_stmt_execute_stored_proc.php