From: drake at oomkill dot net Operating system: Hardened Gentoo Linux (amd64) PHP version: 5.2.6RC1 PHP Bug Type: Reproducible crash Bug description: SEGFAULT when using mysql_pconnect() with client_flags
Description: ------------ Segfaults appear when using: mysql_pconnect('localhost', 'foo', 'bar', 0); but runs fine when using: mysql_pconnect('localhost', 'foo', 'bar'); The bug is most likely caused by trying to store a 'long' value in an 'int' on the stack. At the beginning of php_mysql_do_connect() in ext/mysql/php_mysql.c there is the following declaration: int client_flags = 0; Later in that function zend_parse_parameters() stores a long at &client_flags, which can also overwrite another variable on the stack. Changing the client_flags to unsigned long (like it is defined in mysql's headers) solved my segfault problem. Reproduce code: --------------- // the user/pass don't have to be valid. mysql_pconnect('localhost', 'foo', 'bar', 0); Expected result: ---------------- No segfault. Actual result: -------------- Segfault. No php/zend error message in logs. -- Edit bug report at http://bugs.php.net/?id=44333&edit=1 -- Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=44333&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=44333&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=44333&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=44333&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=44333&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=44333&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=44333&r=needscript Try newer version: http://bugs.php.net/fix.php?id=44333&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=44333&r=support Expected behavior: http://bugs.php.net/fix.php?id=44333&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=44333&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=44333&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=44333&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=44333&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=44333&r=dst IIS Stability: http://bugs.php.net/fix.php?id=44333&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=44333&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=44333&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=44333&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=44333&r=mysqlcfg