ID: 44390 User updated by: pumuckel at metropolis dot de Reported By: pumuckel at metropolis dot de Status: Closed Bug Type: MySQLi related Operating System: Linux Gentoo PHP Version: 5.2.5 Assigned To: andrey New Comment:
Can we expect a backport / patch for 5.2 ? 5.3-dev is not supported by gentoo dist, and we need a production fix. Previous Comments: ------------------------------------------------------------------------ [2008-03-20 15:46:27] [EMAIL PROTECTED] This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Fixed in 5.3.0-dev The original variables passed for parameter binding won't be changed anymore if there is a type conversion to be performed like: $str = "fubar" bind_param("i", $str); // here $str used to be 0, after the fix it will be "fubar" again The reference counting is needed because the variable used for param binding should not be freed, in case the script loses the last reference to it. Otherwise mysqli will point to nirvana and might crash. ------------------------------------------------------------------------ [2008-03-18 17:37:26] [EMAIL PROTECTED] Ohje, there is a problem, valgrind cries : ==22493== Invalid read of size 1 ==22493== at 0x40245A1: memcpy (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==22493== by 0x412563F: store_param_str (libmysql.c:2389) ==22493== by 0x41257D6: store_param (libmysql.c:2443) ==22493== by 0x4125CD0: cli_stmt_execute (libmysql.c:2544) ==22493== by 0x412643F: mysql_stmt_execute (libmysql.c:2856) ==22493== by 0x80FE3EB: zif_mysqli_stmt_execute (mysqli_api.c:734) ==22493== by 0x830DC7E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:190) ==22493== by 0x830EF55: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:309) ==22493== by 0x830D4F9: execute (zend_vm_execute.h:91) ==22493== by 0x82DF4CD: zend_execute_scripts (zend.c:1170) ==22493== by 0x825B0A7: php_execute_script (main.c:2059) ==22493== by 0x837B57B: main (php_cli.c:1139) ==22493== Address 0x4F7BE9D is 5 bytes inside a block of size 7 free'd ==22493== at 0x402243F: free (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==22493== by 0x82B65AB: _efree (zend_alloc.c:2291) ==22493== by 0x82D4098: convert_to_long_base (zend_operators.c:353) ==22493== by 0x82D3F1F: convert_to_long (zend_operators.c:325) ==22493== by 0x80FE3A6: zif_mysqli_stmt_execute (mysqli_api.c:723) ==22493== by 0x830DC7E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:190) ==22493== by 0x830EF55: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:309) ==22493== by 0x830D4F9: execute (zend_vm_execute.h:91) ==22493== by 0x82DF4CD: zend_execute_scripts (zend.c:1170) ==22493== by 0x825B0A7: php_execute_script (main.c:2059) ==22493== by 0x837B57B: main (php_cli.c:1139) ==22493== ==22493== Invalid read of size 1 ==22493== at 0x40245A9: memcpy (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==22493== by 0x412563F: store_param_str (libmysql.c:2389) ==22493== by 0x41257D6: store_param (libmysql.c:2443) ==22493== by 0x4125CD0: cli_stmt_execute (libmysql.c:2544) ==22493== by 0x412643F: mysql_stmt_execute (libmysql.c:2856) ==22493== by 0x80FE3EB: zif_mysqli_stmt_execute (mysqli_api.c:734) ==22493== by 0x830DC7E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:190) ==22493== by 0x830EF55: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:309) ==22493== by 0x830D4F9: execute (zend_vm_execute.h:91) ==22493== by 0x82DF4CD: zend_execute_scripts (zend.c:1170) ==22493== by 0x825B0A7: php_execute_script (main.c:2059) ==22493== by 0x837B57B: main (php_cli.c:1139) ==22493== Address 0x4F7BE9C is 4 bytes inside a block of size 7 free'd ==22493== at 0x402243F: free (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==22493== by 0x82B65AB: _efree (zend_alloc.c:2291) ==22493== by 0x82D4098: convert_to_long_base (zend_operators.c:353) ==22493== by 0x82D3F1F: convert_to_long (zend_operators.c:325) ==22493== by 0x80FE3A6: zif_mysqli_stmt_execute (mysqli_api.c:723) ==22493== by 0x830DC7E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:190) ==22493== by 0x830EF55: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:309) ==22493== by 0x830D4F9: execute (zend_vm_execute.h:91) ==22493== by 0x82DF4CD: zend_execute_scripts (zend.c:1170) ==22493== by 0x825B0A7: php_execute_script (main.c:2059) ==22493== by 0x837B57B: main (php_cli.c:1139) ==22493== ==22493== Invalid read of size 1 ==22493== at 0x40245B0: memcpy (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==22493== by 0x412563F: store_param_str (libmysql.c:2389) ==22493== by 0x41257D6: store_param (libmysql.c:2443) ==22493== by 0x4125CD0: cli_stmt_execute (libmysql.c:2544) ==22493== by 0x412643F: mysql_stmt_execute (libmysql.c:2856) ==22493== by 0x80FE3EB: zif_mysqli_stmt_execute (mysqli_api.c:734) ==22493== by 0x830DC7E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:190) ==22493== by 0x830EF55: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:309) ==22493== by 0x830D4F9: execute (zend_vm_execute.h:91) ==22493== by 0x82DF4CD: zend_execute_scripts (zend.c:1170) ==22493== by 0x825B0A7: php_execute_script (main.c:2059) ==22493== by 0x837B57B: main (php_cli.c:1139) ==22493== Address 0x4F7BE9B is 3 bytes inside a block of size 7 free'd ==22493== at 0x402243F: free (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==22493== by 0x82B65AB: _efree (zend_alloc.c:2291) ==22493== by 0x82D4098: convert_to_long_base (zend_operators.c:353) ==22493== by 0x82D3F1F: convert_to_long (zend_operators.c:325) ==22493== by 0x80FE3A6: zif_mysqli_stmt_execute (mysqli_api.c:723) ==22493== by 0x830DC7E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:190) ==22493== by 0x830EF55: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:309) ==22493== by 0x830D4F9: execute (zend_vm_execute.h:91) ==22493== by 0x82DF4CD: zend_execute_scripts (zend.c:1170) ==22493== by 0x825B0A7: php_execute_script (main.c:2059) ==22493== by 0x837B57B: main (php_cli.c:1139) ==22493== ==22493== Invalid read of size 1 ==22493== at 0x40245B7: memcpy (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==22493== by 0x412563F: store_param_str (libmysql.c:2389) ==22493== by 0x41257D6: store_param (libmysql.c:2443) ==22493== by 0x4125CD0: cli_stmt_execute (libmysql.c:2544) ==22493== by 0x412643F: mysql_stmt_execute (libmysql.c:2856) ==22493== by 0x80FE3EB: zif_mysqli_stmt_execute (mysqli_api.c:734) ==22493== by 0x830DC7E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:190) ==22493== by 0x830EF55: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:309) ==22493== by 0x830D4F9: execute (zend_vm_execute.h:91) ==22493== by 0x82DF4CD: zend_execute_scripts (zend.c:1170) ==22493== by 0x825B0A7: php_execute_script (main.c:2059) ==22493== by 0x837B57B: main (php_cli.c:1139) ==22493== Address 0x4F7BE9A is 2 bytes inside a block of size 7 free'd ==22493== at 0x402243F: free (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==22493== by 0x82B65AB: _efree (zend_alloc.c:2291) ==22493== by 0x82D4098: convert_to_long_base (zend_operators.c:353) ==22493== by 0x82D3F1F: convert_to_long (zend_operators.c:325) ==22493== by 0x80FE3A6: zif_mysqli_stmt_execute (mysqli_api.c:723) ==22493== by 0x830DC7E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:190) ==22493== by 0x830EF55: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:309) ==22493== by 0x830D4F9: execute (zend_vm_execute.h:91) ==22493== by 0x82DF4CD: zend_execute_scripts (zend.c:1170) ==22493== by 0x825B0A7: php_execute_script (main.c:2059) ==22493== by 0x837B57B: main (php_cli.c:1139) ==22493== ==22493== Invalid read of size 1 ==22493== at 0x40245D3: memcpy (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==22493== by 0x412563F: store_param_str (libmysql.c:2389) ==22493== by 0x41257D6: store_param (libmysql.c:2443) ==22493== by 0x4125CD0: cli_stmt_execute (libmysql.c:2544) ==22493== by 0x412643F: mysql_stmt_execute (libmysql.c:2856) ==22493== by 0x80FE3EB: zif_mysqli_stmt_execute (mysqli_api.c:734) ==22493== by 0x830DC7E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:190) ==22493== by 0x830EF55: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:309) ==22493== by 0x830D4F9: execute (zend_vm_execute.h:91) ==22493== by 0x82DF4CD: zend_execute_scripts (zend.c:1170) ==22493== by 0x825B0A7: php_execute_script (main.c:2059) ==22493== by 0x837B57B: main (php_cli.c:1139) ==22493== Address 0x4F7BE99 is 1 bytes inside a block of size 7 free'd ==22493== at 0x402243F: free (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==22493== by 0x82B65AB: _efree (zend_alloc.c:2291) ==22493== by 0x82D4098: convert_to_long_base (zend_operators.c:353) ==22493== by 0x82D3F1F: convert_to_long (zend_operators.c:325) ==22493== by 0x80FE3A6: zif_mysqli_stmt_execute (mysqli_api.c:723) ==22493== by 0x830DC7E: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:190) ==22493== by 0x830EF55: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:309) ==22493== by 0x830D4F9: execute (zend_vm_execute.h:91) ==22493== by 0x82DF4CD: zend_execute_scripts (zend.c:1170) ==22493== by 0x825B0A7: php_execute_script (main.c:2059) ==22493== by 0x837B57B: main (php_cli.c:1139) ------------------------------------------------------------------------ [2008-03-18 17:36:18] [EMAIL PROTECTED] I get the following with mysqli/mysqlnd, which seems correct, except for the reference, but I have to investigate whether this is incorrect. There is no memory error it seems. Test 1: object(foo)#1 (1) { ["bar"]=> string(6) "foobar" } object(foo)#1 (1) { ["bar"]=> &string(6) "foobar" } foobar Test 2: object(foo)#1 (1) { ["bar"]=> string(6) "foobar" } object(foo)#1 (1) { ["bar"]=> &string(6) "foobar" } foobar - 0 Test 3: object(foo)#1 (1) { ["bar"]=> int(0) } object(foo)#1 (1) { ["bar"]=> &int(0) } 0 - 0 ---------------------------------- mysqli/libmysql gives the following, one sees that there is something wrong Test 1: object(foo)#1 (1) { ["bar"]=> string(6) "foobar" } object(foo)#1 (1) { ["bar"]=> &string(6) "foobar" } foobar Test 2: object(foo)#1 (1) { ["bar"]=> string(6) "foobar" } object(foo)#1 (1) { ["bar"]=> &string(6) "foobar" } ZZZZZZ - 0 Test 3: object(foo)#1 (1) { ["bar"]=> int(0) } object(foo)#1 (1) { ["bar"]=> &int(0) } 139797916 - 0 Assigning to myself ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/44390 -- Edit this bug report at http://bugs.php.net/?id=44390&edit=1
