Edit report at http://bugs.php.net/bug.php?id=51248&edit=1
ID: 51248 Comment by: mgarrison at alienz dot net Reported by: mbecc...@php.net Summary: Segmentation fault in mysql_fetch_array Status: Assigned Type: Bug Package: MySQL related Operating System: FreeBSD 6.2 PHP Version: 5.3.2 Assigned To: mysql New Comment: I'm also able to reproduce this but with custom code, replicated with 5.3.2 and php5.3-201003291630 on a CentOS 4.8 box. Doesn't happen in php 5.2.12. (gdb) bt #0 0x00007fdcc37cdac3 in zend_fetch_resource (passed_id=0x7fffd484e6a0, default_id=-1, resource_type_name=0x7fdcc3a8ce08 "MySQL result", found_resource_type=0x0, num_resource_types=1) at /usr/src/php-5.3.2/Zend/zend_list.c:127 #1 0x00007fdcc3651846 in php_mysql_fetch_hash (ht=2, return_value=0x7fdcbf0e2970, return_value_ptr=Variable "return_value_ptr" is not available. ) at /usr/src/php-5.3.2/ext/mysql/php_mysql.c:1944 #2 0x00007fdcc3651dcb in zif_mysql_fetch_array (ht=-729487712, return_value=0xffffffff, return_value_ptr=0x7fdcc37cd9cf, this_ptr=0x0, return_value_used=1) at /usr/src/php-5.3.2/ext/mysql/php_mysql.c:2105 #3 0x00007fdcc37e2c62 in zend_do_fcall_common_helper_SPEC (execute_data=0x7fdcc2b34310) at /usr/src/php-5.3.2/Zend/zend_vm_execute.h:313 #4 0x00007fdcc37e2089 in execute (op_array=0x7fdcbf4841c8) at /usr/src/php- 5.3.2/Zend/zend_vm_execute.h:104 #5 0x00007fdcc37c0345 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/php-5.3.2/Zend/zend.c:1194 #6 0x00007fdcc376e67d in php_execute_script (primary_file=0x7fffd4850da0) at /usr/src/php-5.3.2/main/main.c:2260 #7 0x00007fdcc3845d12 in apache_php_module_main (r=Variable "r" is not available. ) at /usr/src/php-5.3.2/sapi/apache/sapi_apache.c:53 #8 0x00007fdcc38468ce in send_php (r=0xcec3d0, display_source_mode=0, filename=0x0) at /usr/src/php-5.3.2/sapi/apache/mod_php5.c:682 #9 0x00007fdcc3846ac3 in send_parsed_php (r=0x7fffd484e6a0) at /usr/src/php- 5.3.2/sapi/apache/mod_php5.c:697 #10 0x00000000004428e4 in ap_invoke_handler () #11 0x000000000045a74e in process_request_internal () #12 0x000000000045ac19 in ap_internal_redirect () #13 0x00007fdcc3ee7f7c in mod_gzip_redir1_handler () from /var/www/libexec/mod_gzip.so #14 0x00007fdcc3ee61eb in mod_gzip_handler () from /var/www/libexec/mod_gzip.so #15 0x00000000004428e4 in ap_invoke_handler () #16 0x000000000045a74e in process_request_internal () #17 0x000000000045a7a3 in ap_process_request () #18 0x0000000000450a06 in child_main () #19 0x0000000000450cf1 in make_child () #20 0x000000000045109e in perform_idle_server_maintenance () #21 0x00000000004516c3 in standalone_main () #22 0x0000000000451cb7 in main () Previous Comments: ------------------------------------------------------------------------ [2010-03-09 20:20:13] mbecc...@php.net Description: ------------ I've been asked to publish a Drupal based website on my 5.3.2 box, but every page call triggers a segmentation fault. Replicated with 5.3.1 as well. I've been able to test an old 5.2.8 and the issue is gone. I can't attach a reproduce code, but I will try to gather more information in the next few days. For now I'm attaching the backtrace. Actual result: -------------- Program received signal SIGSEGV, Segmentation fault. 0x000000008518a7c3 in zend_fetch_resource (passed_id=0x7fffffffcc50, default_id=-1, resource_type_name=0x855c3d6f "MySQL result", found_resource_type=0x0, num_resource_types=1) at /root/compile/php-5.3.2-apache/Zend/zend_list.c:127 127 } else if ((*passed_id)->type != IS_RESOURCE) { (gdb) bt full #0 0x000000008518a7c3 in zend_fetch_resource (passed_id=0x7fffffffcc50, default_id=-1, resource_type_name=0x855c3d6f "MySQL result", found_resource_type=0x0, num_resource_types=1) at /root/compile/php-5.3.2-apache/Zend/zend_list.c:127 id = -1 actual_resource_type = 0 resource = (void *) 0x10 resource_types = {{gp_offset = 5, fp_offset = 0, overflow_arg_area = 0x861c775b, reg_save_area = 0x3000000020}} i = -1 space = 0x85185062 "H\201Ãè" class_name = 0x1 <Address 0x1 out of bounds> #1 0x0000000084fabcc6 in php_mysql_fetch_hash (ht=2, return_value=0xb04ae0, return_value_ptr=0x8518a6cf, this_ptr=0x0, return_value_used=1, result_type=1, expected_args=2, into_object=0) at /root/compile/php-5.3.2-apache/ext/mysql/php_mysql.c:1944 class_name = 0x7fffffffcd40 "Ãî©" class_name_len = 32767 mysql_result = (MYSQL_RES *) 0x2 res = (zval *) 0x0 ctor_params = (zval *) 0x0 ce = (zend_class_entry *) 0x0 i = 17 mysql_field = (MYSQL_FIELD *) 0x0 mysql_row = (MYSQL_ROW) 0xa9eed0 mysql_row_lengths = (long unsigned int *) 0x1 #2 0x0000000084fac24b in zif_mysql_fetch_array (ht=-13232, return_value=0xffffffff, return_value_ptr=0x8518a6cf, this_ptr=0x0, return_value_used=1) at /root/compile/php-5.3.2-apache/ext/mysql/php_mysql.c:2105 No locals. #3 0x000000008519fa82 in zend_do_fcall_common_helper_SPEC (execute_data=0x9cef80) at /root/compile/php-5.3.2-apache/Zend/zend_vm_execute.h:313 i = 0 p = (zval **) 0x9cef70 arg_count = 2 opline = (zend_op *) 0xa9eed0 should_change_scope = 0 '\0' #4 0x000000008519eea9 in execute (op_array=0xa94e00) at /root/compile/php-5.3.2-apache/Zend/zend_vm_execute.h:104 ret = 0 execute_data = (zend_execute_data *) 0x9cef80 nested = 1 '\001' original_in_execution = 0 '\0' #5 0x000000008517d055 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/compile/php-5.3.2-apache/Zend/zend.c:1194 files = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7fffffffd000, reg_save_area = 0x7fffffffcf10}} i = 1 file_handle = (zend_file_handle *) 0x7fffffffe640 orig_op_array = (zend_op_array *) 0x0 orig_retval_ptr_ptr = (zval **) 0x0 #6 0x000000008512a7db in php_execute_script (primary_file=0x7fffffffe640) at /root/compile/php-5.3.2-apache/main/main.c:2260 realfile = "\000\000\000\000\000\000\000\000Ã\204{\200", '\0' <repeats 16 times>, "ÿ\177\000\000\002\000\000\000\002\000\000\000Ã\217\233\000\000\000\000\000\v\000\000\000\000\000\000\000>\020V\200\000\000\000\000 äW\200\000\000\000\000Ããÿÿÿ\177\000\000\000\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000ÃI<\a\000\000\000\000é\rV\200\000\000\000\000(p\233\000\000\000\000\000\0006X\200\000\000\000\000¸ãÿÿÿ\177", '\0' <repeats 11 times>, "äÿÿÿ\177\000\000{", '\0' <repeats 15 times>, "\001\000\000\000\000\000\000\000ÃI<\a\000\000\000\000\001\fV\200\000\000\000\000\000ðW\200\000\000\000\000\000òW\200\000\000\000\000\000ôW\200"... prepend_file_p = (zend_file_handle *) 0x0 append_file_p = (zend_file_handle *) 0x0 prepend_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, isatty = 0, mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, old_handle = 0x0, old_closer = 0}, reader = 0, fsizer = 0, closer = 0}}, free_filename = 0 '\0'} append_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, isatty = 0, mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, old_handle = 0x0, old_closer = 0}, reader = 0, fsizer = 0, closer = 0}}, free_filename = 0 '\0'} old_cwd = 0x7fffffffd010 "/array1/compile" retval = 0 #7 0x0000000085203a20 in php_handler (r=0x9cb3a0) at /root/compile/php-5.3.2-apache/sapi/apache2handler/sapi_apache2.c:655 zfd = {type = ZEND_HANDLE_MAPPED, filename = 0x9cc678 "/usr/local/www/vhosts/grusp.org/www/index.php", opened_path = 0x0, handle = {fd = 7419736, fp = 0x713758, stream = {handle = 0x713758, isatty = 0, mmap = {len = 980, pos = 0, map = 0x0, buf = 0x80585000 <Address 0x80585000 out of bounds>, old_handle = 0x0, old_closer = 0}, reader = 0x8513cad0 <_php_stream_read>, fsizer = 0x85128cf0 <php_zend_stream_fsizer>, closer = 0x85128ce0 <php_zend_stream_mmap_closer>}}, free_filename = 0 '\0'} __bailout = {{_sjb = {2233481406, 2239891776, 140737488348616, 7131832, 10269600, 0, 4500992, 4501016, 10224511, 4461031, 10270232, 0}}} ctx = (php_struct * volatile) 0x9cca28 conf = (void *) 0x9cab88 brigade = (apr_bucket_brigade * volatile) 0x9cd770 bucket = (apr_bucket *) 0x0 rv = 0 parent_req = (request_rec * volatile) 0x0 #8 0x0000000000436c8e in ap_run_handler () No symbol table info available. #9 0x00000000004372ae in ap_invoke_handler () No symbol table info available. #10 0x0000000000444734 in ap_internal_redirect () No symbol table info available. #11 0x0000000084c1486c in handler_redirect () from /usr/local/libexec/apache22/mod_rewrite.so No symbol table info available. ---Type <return> to continue, or q <return> to quit--- #12 0x0000000000436c8e in ap_run_handler () No symbol table info available. #13 0x00000000004372ae in ap_invoke_handler () No symbol table info available. #14 0x000000000044408c in ap_process_request () No symbol table info available. #15 0x0000000000441a14 in ap_process_http_connection () No symbol table info available. #16 0x000000000043dd1e in ap_run_process_connection () No symbol table info available. #17 0x000000000043e0b8 in ap_process_connection () No symbol table info available. #18 0x0000000000448c9e in child_main () No symbol table info available. #19 0x0000000000448d8a in make_child () No symbol table info available. #20 0x0000000000449266 in ap_mpm_run () No symbol table info available. #21 0x0000000000423754 in main () No symbol table info available. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=51248&edit=1