ID: 47928 User updated by: jjuergens at web dot de Reported By: jjuergens at web dot de -Status: Feedback +Status: Open Bug Type: MySQLi related Operating System: Opensuse 11.1 PHP Version: 5.2.9 New Comment:
Ok, here's my new configure line, didn't see what else I could remove: > /temp/php3/bin/php -i phpinfo() PHP Version => 5.2.10-dev System => Linux medion 2.6.27.7-9-default #1 SMP 2008-12-04 18:10:04 +0100 i686 Build Date => Apr 12 2009 16:32:09 Configure Command => './configure' '--prefix=/temp/php3' '--enable-static' '--enable-cli' '--with-mysql-sock=/var/lib/mysql/mysql.sock' '--with-mysqli' ------------ Now running the script with this version, I get a segfault again. > /temp/php3/bin/php -n mysqli.php Speicherzugriffsfehler ------------ And here's the matching valgrind-output: > /temp/php3/bin/php -n mysqli.php Speicherzugriffsfehler d...@medion:~/Desktop/temp> valgrind /temp/php3/bin/php -n mysqli.php ==32741== Memcheck, a memory error detector. ==32741== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al. ==32741== Using LibVEX rev 1854, a library for dynamic binary translation. ==32741== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP. ==32741== Using valgrind-3.3.1, a dynamic binary instrumentation framework. ==32741== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al. ==32741== For more details, rerun with: -v ==32741== ==32741== Invalid read of size 4 ==32741== at 0x82859CA: _zval_ptr_dtor (zend_execute_API.c:412) ==32741== by 0x829C28D: zend_hash_destroy (zend_hash.c:526) ==32741== by 0x8291DE4: _zval_dtor_func (zend_variables.c:43) ==32741== by 0x8285A1F: _zval_ptr_dtor (zend_variables.h:35) ==32741== by 0x829BF41: zend_hash_apply_deleter (zend_hash.c:611) ==32741== by 0x829C1CE: zend_hash_graceful_reverse_destroy (zend_hash.c:646) ==32741== by 0x828839F: shutdown_executor (zend_execute_API.c:239) ==32741== by 0x8292882: zend_deactivate (zend.c:860) ==32741== by 0x8251666: php_request_shutdown (main.c:1492) ==32741== by 0x82FDC80: main (php_cli.c:1343) ==32741== Address 0x0 is not stack'd, malloc'd or (recently) free'd ==32741== ==32741== Process terminating with default action of signal 11 (SIGSEGV) ==32741== Access not within mapped region at address 0x0 ==32741== at 0x82859CA: _zval_ptr_dtor (zend_execute_API.c:412) ==32741== by 0x829C28D: zend_hash_destroy (zend_hash.c:526) ==32741== by 0x8291DE4: _zval_dtor_func (zend_variables.c:43) ==32741== by 0x8285A1F: _zval_ptr_dtor (zend_variables.h:35) ==32741== by 0x829BF41: zend_hash_apply_deleter (zend_hash.c:611) ==32741== by 0x829C1CE: zend_hash_graceful_reverse_destroy (zend_hash.c:646) ==32741== by 0x828839F: shutdown_executor (zend_execute_API.c:239) ==32741== by 0x8292882: zend_deactivate (zend.c:860) ==32741== by 0x8251666: php_request_shutdown (main.c:1492) ==32741== by 0x82FDC80: main (php_cli.c:1343) ==32741== ==32741== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 3 from 1) ==32741== malloc/free: in use at exit: 1,016,362 bytes in 10,656 blocks. ==32741== malloc/free: 11,104 allocs, 448 frees, 1,409,172 bytes allocated. ==32741== For counts of detected errors, rerun with: -v ==32741== searching for pointers to 10,656 not-freed blocks. ==32741== checked 1,208,392 bytes. ==32741== ==32741== LEAK SUMMARY: ==32741== definitely lost: 0 bytes in 0 blocks. ==32741== possibly lost: 0 bytes in 0 blocks. ==32741== still reachable: 1,016,362 bytes in 10,656 blocks. ==32741== suppressed: 0 bytes in 0 blocks. ==32741== Rerun with --leak-check=full to see details of leaked memory. Speicherzugriffsfehler Previous Comments: ------------------------------------------------------------------------ [2009-04-11 23:54:58] [email protected] Try building the snapshot with shortest possible configure line necessary. And do not use shared extensions when debugging the crash, build all static and use -n when running the test to prevent loading any php.ini's. ------------------------------------------------------------------------ [2009-04-11 09:44:13] jjuergens at web dot de Ok, I just downloaded the latest version (php5.2-200904110630) and compiled it with the following options: './configure' '--prefix=/temp/php' '--enable-libxml' '--enable-session' '--with-mm' '--with-pcre-r egex=/usr' '--enable-xml' '--enable-simplexml' '--enable-spl' '--enable-filter' '--disable-debug' '--enable-inline-optimi zation' '--disable-rpath' '--disable-static' '--enable-shared' '--program-suffix=5' '--with-pic' '--with-gnu-ld' '--with- system-tzdata=/usr/share/zoneinfo' '--enable-cli' '--with-pear=/usr/share/php5/PEAR' '--enable-bcmath=shared' '--enable-c alendar=shared' '--enable-ctype=shared' '--enable-dbase=shared' '--enable-dom=shared' '--enable-exif=shared' '--enable-ft p=shared' '--enable-mbstring=shared' '--enable-mbregex' '--enable-pcntl=shared' '--enable-posix=shared' '--enable-shmop=s hared' '--enable-soap=shared' '--enable-sockets=shared' '--enable-sysvmsg=shared' '--enable-sysvsem=shared' '--enable-sys vshm=shared' '--enable-tokenizer=shared' '--enable-wddx=shared' '--with-zlib=shared' '--with-bz2=shared' '--with-curl=sha red' '--with-gd=shared' '--enable-gd-native-ttf' '--with-xpm-dir=/usr' '--with-freetype-dir=/usr' '--with-png-dir=/usr' ' --with-jpeg-dir=/usr' '--with-zlib-dir=/usr' '--with-t1lib=/usr' '--with-gettext=shared' '--with-gmp=shared' '--enable-ha sh=shared' '--with-iconv=shared' '--with-imap-ssl' '--enable-json=shared' '--with-libedit=shared,/usr' '--with-mcrypt=sha red' '--with-mysql=shared,/usr' '--with-mysql-sock=/var/lib/mysql/mysql.sock' '--with-mysqli' '--with-ncurses=shared' '-- with-unixODBC=shared,/usr' '--with-openssl=shared' '--with-xmlrpc=shared' '--enable-xmlreader=shared' '--enable-xmlwriter =shared' '--with-xsl=shared' '--with-tidy=shared,/usr' '--enable-dba=shared' '--with-db4=/usr' '--without-gdbm' '--with-c db' '--with-inifile' '--with-flatfile' '--enable-pdo=shared' '--with-pdo_sqlite=shared,/usr' '--with-pdo-mysql=shared,/us r' '--with-pdo-odbc=shared,unixODBC,/usr' '--with-sqlite=shared,/usr' '--enable-sqlite-utf8' '--enable-zip=shared' '--dis able-cgi' Running it with the same code I posted here I get a memory-error again. But Valgrind shows some different output than before: >valgrind /temp/php/bin/php5 mysqli.php ==19284== Memcheck, a memory error detector. ==19284== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al. ==19284== Using LibVEX rev 1854, a library for dynamic binary translation. ==19284== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP. ==19284== Using valgrind-3.3.1, a dynamic binary instrumentation framework. ==19284== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al. ==19284== For more details, rerun with: -v ==19284== ==19284== Invalid read of size 4 ==19284== at 0x81A16EA: _zval_ptr_dtor (zend_execute_API.c:412) ==19284== by 0x81B9E29: zend_hash_destroy (zend_hash.c:526) ==19284== by 0x81AEA3C: _zval_dtor_func (zend_variables.c:43) ==19284== by 0x81A1747: _zval_ptr_dtor (zend_variables.h:35) ==19284== by 0x81B9A81: zend_hash_apply_deleter (zend_hash.c:611) ==19284== by 0x81B9D46: zend_hash_graceful_reverse_destroy (zend_hash.c:646) ==19284== by 0x81A4582: shutdown_executor (zend_execute_API.c:239) ==19284== by 0x81AF66E: zend_deactivate (zend.c:860) ==19284== by 0x81673C7: php_request_shutdown (main.c:1492) ==19284== by 0x8226483: main (php_cli.c:1343) ==19284== Address 0x0 is not stack'd, malloc'd or (recently) free'd ==19284== ==19284== Process terminating with default action of signal 11 (SIGSEGV) ==19284== Access not within mapped region at address 0x0 ==19284== at 0x81A16EA: _zval_ptr_dtor (zend_execute_API.c:412) ==19284== by 0x81B9E29: zend_hash_destroy (zend_hash.c:526) ==19284== by 0x81AEA3C: _zval_dtor_func (zend_variables.c:43) ==19284== by 0x81A1747: _zval_ptr_dtor (zend_variables.h:35) ==19284== by 0x81B9A81: zend_hash_apply_deleter (zend_hash.c:611) ==19284== by 0x81B9D46: zend_hash_graceful_reverse_destroy (zend_hash.c:646) ==19284== by 0x81A4582: shutdown_executor (zend_execute_API.c:239) ==19284== by 0x81AF66E: zend_deactivate (zend.c:860) ==19284== by 0x81673C7: php_request_shutdown (main.c:1492) ==19284== by 0x8226483: main (php_cli.c:1343) ==19284== ==19284== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 3 from 1) ==19284== malloc/free: in use at exit: 790,981 bytes in 7,064 blocks. ==19284== malloc/free: 7,399 allocs, 335 frees, 1,180,249 bytes allocated. ==19284== For counts of detected errors, rerun with: -v ==19284== searching for pointers to 7,064 not-freed blocks. ==19284== checked 1,025,176 bytes. ==19284== ==19284== LEAK SUMMARY: ==19284== definitely lost: 0 bytes in 0 blocks. ==19284== possibly lost: 0 bytes in 0 blocks. ==19284== still reachable: 790,981 bytes in 7,064 blocks. ==19284== suppressed: 0 bytes in 0 blocks. ==19284== Rerun with --leak-check=full to see details of leaked memory. ------------------------------------------------------------------------ [2009-04-08 22:06:34] [email protected] Please try using this CVS snapshot: http://snaps.php.net/php5.2-latest.tar.gz For Windows: http://windows.php.net/snapshots/ ------------------------------------------------------------------------ [2009-04-08 20:37:18] jjuergens at web dot de Description: ------------ When trying to retrieve data from a MySQL-Database using a mysqli-statement, PHP just crashes. I excerpted the code below from a larger web-application and invoked it via the PHP-Cli and it still fails with a memory-error. Interestingly enough though, if you just change a single value within $arg1 and $arg2 (e.g. replace the last 8 from $arg1 with a 7), the bug doesn't occur anymore. I've included a Valgrind-output which shows the error. MySQL-Version is 5.0.67. Reproduce code: --------------- <?php /* This is the database-table used: CREATE TABLE `sessionData` ( `sessionId` varchar(60) collate utf8_unicode_ci NOT NULL, `pathHash` varchar(32) collate utf8_unicode_ci NOT NULL, `path` varchar(100) collate utf8_unicode_ci NOT NULL, `data` longtext collate utf8_unicode_ci NOT NULL, PRIMARY KEY (`sessionId`,`pathHash`), CONSTRAINT `sessionData_ibfk_1` FOREIGN KEY (`sessionId`) REFERENCES `sessionIndex` (`sessionId`) ON DELETE CASCADE ON UPDATE CASCADE ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci */ //create db-link $dbLink=new mysqli("host","user","pass","db",3306); //create the statement $stmt=$dbLink->prepare("SELECT * FROM `sessionData` WHERE `sessionId`=? AND `pathHash`=? LIMIT 1"); //bind params $arg1="e75c7781166e3a361b7cff546563d5e8"; $arg2="9ddec3abec5c92628022210892e76afb"; $stmt->bind_param("ss",$arg1,$arg2); //execute $stmt->execute(); //create set of result-fields (see http://php.net/manual/de/mysqli-stmt.bind-result.php#85470) $resData=$stmt->result_metadata(); $resFields=array(); $bindArray=array(); while($field=mysqli_fetch_field($resData)){ $resFields[]=&$bindArray[$field->name]; } //bind result-fields call_user_func_array(array($stmt,'bind_result'),$resFields); //fetch result $res=0; while($stmt->fetch()){ $tmpRes=array(); foreach($bindArray as $key=>$value){ $tmpRes[$key]=$value; } //add this row (not needed for bug reproduction) // array_push($result,$tmpRes); $res++; } //close statement $stmt->close(); Expected result: ---------------- In this case, the script should just exit normally without a result. Actual result: -------------- Running it in a shell, I get a memory-error. Using Valgrind, I get the following: ==13749== Memcheck, a memory error detector. ==13749== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al. ==13749== Using LibVEX rev 1854, a library for dynamic binary translation. ==13749== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP. ==13749== Using valgrind-3.3.1, a dynamic binary instrumentation framework. ==13749== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al. ==13749== For more details, rerun with: -v ==13749== ==13749== Invalid read of size 4 ==13749== at 0x51AA261: mysql_stmt_fetch (in /usr/lib/libmysqlclient.so.15.0.0) ==13749== by 0x5187D5C: zif_mysqli_stmt_fetch (in /usr/lib/php5/extensions/mysqli.so) ==13749== by 0x81DE342: (within /usr/bin/php5) ==13749== by 0x81C94BA: execute (in /usr/bin/php5) ==13749== by 0x81A3D4F: zend_execute_scripts (in /usr/bin/php5) ==13749== by 0x81589F9: php_execute_script (in /usr/bin/php5) ==13749== by 0x821C780: main (in /usr/bin/php5) ==13749== Address 0x84 is not stack'd, malloc'd or (recently) free'd ==13749== ==13749== Process terminating with default action of signal 11 (SIGSEGV) ==13749== Access not within mapped region at address 0x84 ==13749== at 0x51AA261: mysql_stmt_fetch (in /usr/lib/libmysqlclient.so.15.0.0) ==13749== by 0x5187D5C: zif_mysqli_stmt_fetch (in /usr/lib/php5/extensions/mysqli.so) ==13749== by 0x81DE342: (within /usr/bin/php5) ==13749== by 0x81C94BA: execute (in /usr/bin/php5) ==13749== by 0x81A3D4F: zend_execute_scripts (in /usr/bin/php5) ==13749== by 0x81589F9: php_execute_script (in /usr/bin/php5) ==13749== by 0x821C780: main (in /usr/bin/php5) ==13749== ==13749== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 118 from 2) ==13749== malloc/free: in use at exit: 1,296,363 bytes in 13,676 blocks. ==13749== malloc/free: 14,687 allocs, 1,011 frees, 2,096,685 bytes allocated. ==13749== For counts of detected errors, rerun with: -v ==13749== searching for pointers to 13,676 not-freed blocks. ==13749== checked 1,736,688 bytes. ==13749== ==13749== LEAK SUMMARY: ==13749== definitely lost: 30,599 bytes in 11 blocks. ==13749== possibly lost: 10,263 bytes in 2 blocks. ==13749== still reachable: 1,255,501 bytes in 13,663 blocks. ==13749== suppressed: 0 bytes in 0 blocks. ==13749== Rerun with --leak-check=full to see details of leaked memory. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=47928&edit=1
