Edit report at http://bugs.php.net/bug.php?id=53716&edit=1
ID: 53716
Comment by: max at axismedia dot ru
Reported by: anthon dot pang at gmail dot com
Summary: segfault in $stmt->execute()
Status: Open
Type: Bug
Package: PDO related
Operating System: Ubuntu 10.04
PHP Version: 5.3.5
Block user comment: N
Private report: N
New Comment:
Looks like I have very similar problem. In short php 5.3 in CLI or Apach
module
mode, PDO compiled againt mysqlnd crashes when using MySQL native
prepared
queries with segmentation fault.
EXAMPLE SCRIPT
<?php
$driver_options = array(PDO::ATTR_ERRMODE =>
PDO::ERRMODE_EXCEPTION,.
PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES
'UTF8';",
PDO::ATTR_PERSISTENT => true,
PDO::MYSQL_ATTR_DIRECT_QUERY => false);
$sql = 'SELECT NOW()';
$pdo = new PDO('mysql:host=localhost;dbname=m_shop', 'max', null,
$driver_options);
$st = $pdo->prepare($sql, array(PDO::ATTR_CURSOR =>
PDO::CURSOR_FWDONLY));
print "before execute\n";
$st->execute();
print "after execute\n";
$st->closeCursor();
$pdo = null;
?>
Output:
office tmp # php bug.php
before execute
after execute
Segmentation fault (core dumped)
BACKTRACE
(gdb) bt
#0 0xb6acb02d in free () from /lib/libc.so.6
#1 0x082f8208 in _mysqlnd_pefree (ptr=0x0, persistent=1 '\001',
tsrm_ls=0x0) at
/var/tmp/portage/dev-lang/php-5.3.5/work/sapis-
build/cli/ext/mysqlnd/mysqlnd_debug.c:1062
#2 0x082e97c8 in php_mysqlnd_stmt_free_result_bind_pub (s=0x8b56024,
result_bind=0x8b24a60, tsrm_ls=0x891e280)
at /var/tmp/portage/dev-lang/php-5.3.5/work/sapis-
build/cli/ext/mysqlnd/mysqlnd_ps.c:2296
#3 0x082e9856 in mysqlnd_stmt_separate_result_bind (s=0x8b56024,
tsrm_ls=<value
optimized out>)
at /var/tmp/portage/dev-lang/php-5.3.5/work/sapis-
build/cli/ext/mysqlnd/mysqlnd_ps.c:2029
#4 0x082e98d3 in php_mysqlnd_stmt_free_result_pub (s=0x8b56024,
tsrm_ls=0x891e280) at /var/tmp/portage/dev-lang/php-5.3.5/work/sapis-
build/cli/ext/mysqlnd/mysqlnd_ps.c:1961
#5 0x081e8e11 in pdo_mysql_stmt_cursor_closer (stmt=0x8b24240,
tsrm_ls=0x891e280) at /var/tmp/portage/dev-lang/php-5.3.5/work/sapis-
build/cli/ext/pdo_mysql/mysql_statement.c:906
#6 0x081e4471 in zim_PDOStatement_closeCursor (ht=0,
return_value=0x8b24154,
return_value_ptr=0x0, this_ptr=0x8b24170, return_value_used=0,
tsrm_ls=0x891e280)
at /var/tmp/portage/dev-lang/php-5.3.5/work/sapis-
build/cli/ext/pdo/pdo_stmt.c:2141
#7 0x0839edf1 in zend_do_fcall_common_helper_SPEC
(execute_data=0x8b56058,
tsrm_ls=0x891e280)
at /var/tmp/portage/dev-lang/php-5.3.5/work/sapis-
build/cli/Zend/zend_vm_execute.h:316
#8 0x0839f2f1 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x1,
tsrm_ls=0x8b24a54) at /var/tmp/portage/dev-lang/php-5.3.5/work/sapis-
build/cli/Zend/zend_vm_execute.h:421
#9 0x083786a6 in execute (op_array=0x8b23124, tsrm_ls=0x891e280) at
/var/tmp/portage/dev-lang/php-5.3.5/work/sapis-
build/cli/Zend/zend_vm_execute.h:107
#10 0x08353317 in zend_execute_scripts (type=8, tsrm_ls=0x891e280,
retval=0x0,
file_count=3) at /var/tmp/portage/dev-lang/php-5.3.5/work/sapis-
build/cli/Zend/zend.c:1194
#11 0x082fcee9 in php_execute_script (primary_file=0xbfbfa920,
tsrm_ls=0x891e280) at /var/tmp/portage/dev-lang/php-5.3.5/work/sapis-
build/cli/main/main.c:2265
#12 0x083d6fe6 in main (argc=2, argv=0xbfbfaa24) at
/var/tmp/portage/dev-
lang/php-5.3.5/work/sapis-build/cli/sapi/cli/php_cli.c:1193
NOTES
1. If i do not call $st->closeCursor() i still get segmentation fault
but with a
bit different backtrace (same problem but on php environment shutdown):
#0 0xffffe424 in __kernel_vsyscall ()
#1 0xb6a4c401 in raise () from /lib/libc.so.6
#2 0xb6a4db42 in abort () from /lib/libc.so.6
#3 0xb6a87815 in ?? () from /lib/libc.so.6
#4 0xb6a8d6d1 in ?? () from /lib/libc.so.6
#5 0xb6a8ef38 in ?? () from /lib/libc.so.6
#6 0xb6a9203d in free () from /lib/libc.so.6
#7 0x082f8208 in _mysqlnd_pefree (ptr=0x0, persistent=48 '0',
tsrm_ls=0x400) at
/var/tmp/portage/dev-lang/php-5.3.5/work/sapis-
build/cli/ext/mysqlnd/mysqlnd_debug.c:1062
#8 0x082e97c8 in php_mysqlnd_stmt_free_result_bind_pub (s=0x8b56024,
result_bind=0x8b24a4c, tsrm_ls=0x891e280)
at /var/tmp/portage/dev-lang/php-5.3.5/work/sapis-
build/cli/ext/mysqlnd/mysqlnd_ps.c:2296
#9 0x082e9856 in mysqlnd_stmt_separate_result_bind (s=0x8b56024,
tsrm_ls=<value
optimized out>)
at /var/tmp/portage/dev-lang/php-5.3.5/work/sapis-
build/cli/ext/mysqlnd/mysqlnd_ps.c:2029
#10 0x082e99a3 in php_mysqlnd_stmt_free_stmt_content_pub (s=0x8b56024,
tsrm_ls=0x891e280) at /var/tmp/portage/dev-lang/php-5.3.5/work/sapis-
build/cli/ext/mysqlnd/mysqlnd_ps.c:2125
#11 0x082eb441 in php_mysqlnd_stmt_net_close_priv (s=0x8b56024,
implicit=0
'\000', tsrm_ls=0x891e280)
at /var/tmp/portage/dev-lang/php-5.3.5/work/sapis-
build/cli/ext/mysqlnd/mysqlnd_ps.c:2212
#12 0x082eaf9e in php_mysqlnd_stmt_dtor_pub (s=0x8b56024, implicit=6
'\006',
tsrm_ls=0x891e280)
at /var/tmp/portage/dev-lang/php-5.3.5/work/sapis-
build/cli/ext/mysqlnd/mysqlnd_ps.c:2239
#13 0x081e9d89 in pdo_mysql_stmt_dtor (stmt=0x8b24560,
tsrm_ls=0x891e280) at
/var/tmp/portage/dev-lang/php-5.3.5/work/sapis-
build/cli/ext/pdo_mysql/mysql_statement.c:64
#14 0x081e357c in free_statement (stmt=0x8b24560, tsrm_ls=<value
optimized out>)
at /var/tmp/portage/dev-lang/php-5.3.5/work/sapis-
build/cli/ext/pdo/pdo_stmt.c:2398
#15 0x081e36d8 in php_pdo_stmt_delref (stmt=0x0, tsrm_ls=0x891e280) at
/var/tmp/portage/dev-lang/php-5.3.5/work/sapis-build/cli/ext/pdo/pdo_stmt.c:2440
#16 0x081e36f2 in pdo_dbstmt_free_storage (stmt=0x8b24560,
tsrm_ls=0x891e280) at
/var/tmp/portage/dev-lang/php-5.3.5/work/sapis-build/cli/ext/pdo/pdo_stmt.c:2446
#17 0x08374b9b in zend_objects_store_del_ref_by_handle_ex (handle=2,
handlers=0x891c180, tsrm_ls=0x891e280)
at /var/tmp/portage/dev-lang/php-5.3.5/work/sapis-
build/cli/Zend/zend_objects_API.c:220
#18 0x08374cab in zend_objects_store_del_ref (zobject=0x8b240d8,
tsrm_ls=0x891e280) at /var/tmp/portage/dev-lang/php-5.3.5/work/sapis-
build/cli/Zend/zend_objects_API.c:172
#19 0x0835303e in _zval_dtor_func (zvalue=0x8b240d8) at
/var/tmp/portage/dev-
lang/php-5.3.5/work/sapis-build/cli/Zend/zend_variables.c:52
#20 0x083483f9 in _zval_dtor (zval_ptr=0x8b244bc) at
/var/tmp/portage/dev-
lang/php-5.3.5/work/sapis-build/cli/Zend/zend_variables.h:35
#21 _zval_ptr_dtor (zval_ptr=0x8b244bc) at
/var/tmp/portage/dev-lang/php-
5.3.5/work/sapis-build/cli/Zend/zend_execute_API.c:443
#22 0x0835f42c in zend_hash_apply_deleter (ht=0x89204f0, p=0x8b244b0) at
/var/tmp/portage/dev-lang/php-5.3.5/work/sapis-build/cli/Zend/zend_hash.c:614
#23 0x0835f4d8 in zend_hash_reverse_apply (ht=0x89204f0,
apply_func=0x8347a56
<zval_call_destructor>, tsrm_ls=0x891e280)
at /var/tmp/portage/dev-lang/php-5.3.5/work/sapis-
build/cli/Zend/zend_hash.c:763
#24 0x08348c79 in shutdown_destructors (tsrm_ls=0x891e280) at
/var/tmp/portage/dev-lang/php-5.3.5/work/sapis-
build/cli/Zend/zend_execute_API.c:226
#25 0x08353dd2 in zend_call_destructors (tsrm_ls=0x891e280) at
/var/tmp/portage/dev-lang/php-5.3.5/work/sapis-build/cli/Zend/zend.c:874
#26 0x082fd893 in php_request_shutdown (dummy=0x0) at
/var/tmp/portage/dev-
lang/php-5.3.5/work/sapis-build/cli/main/main.c:1587
#27 0x083d782b in main (argc=2, argv=0xbfbc8ae4) at
/var/tmp/portage/dev-
lang/php-5.3.5/work/sapis-build/cli/sapi/cli/php_cli.c:1374
2. If i use emulated prepares (PDO::MYSQL_ATTR_DIRECT_QUERY => true)
everyting
is fine.
3. If compile PDO against standard mysqlclientlib driver everything is
fine.
4. Situation is reproduced at x86 and x86_64
Previous Comments:
------------------------------------------------------------------------
[2011-01-12 17:24:04] anthon dot pang at gmail dot com
I'm in the middle of a project. For reference, the segfault occurs in
r3717:
http://dev.piwik.org/trac/changeset/3717/trunk?old_path=%2F&format=zip
Please keep this ticket open until I have some free time to troubleshoot
and isolate a smaller test case. (I can already tell you it'll require
database access and be more than the arbitrary 20 line limit.)
Additional info:
Same code doesn't crash when using MYSQLI or php 5.2.17.
(Tested/segfaulted with 5.3.2, 5.3.3, 5.3.4, and 5.3.5. These are all
vanilla builds using source downloads from php.net.)
------------------------------------------------------------------------
[2011-01-12 12:00:33] paj...@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves.
A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external
resources such as databases, etc. If the script requires a
database to demonstrate the issue, please make sure it creates
all necessary tables, stored procedures etc.
Please avoid embedding huge scripts into the report.
------------------------------------------------------------------------
[2011-01-12 07:27:41] anthon dot pang at gmail dot com
Description:
------------
The snippet of code shown used is a method from a class that subclasses
Zend_Db_Adapter_Abstract. We make a lot of query() calls, so caching
prepared statements reportedly gives us a 10% performance improvement.
#! /bin/sh
#
# Created by configure
'./configure' \
'--with-mysqli=mysqlnd' \
'--with-pdo-mysql=mysqlnd' \
'--with-zlib' \
'--enable-zip' \
'--with-gd' \
'--with-curl' \
'--enable-mbstring' \
'--enable-debug' \
"$@"
Test script:
---------------
public function query($sql, $bind = array())
{
static $cachePreparedStatement = array();
if(isset($cachePreparedStatement[$sql]))
{
if (!is_array($bind)) {
$bind = array($bind);
}
$stmt = $cachePreparedStatement[$sql];
$stmt->execute($bind);
return $stmt;
}
$stmt = parent::query($sql, $bind);
$cachePreparedStatement[$sql] = $stmt;
return $stmt;
}
Expected result:
----------------
No crash.
Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
0x003c7816 in ?? () from /lib/tls/i686/cmov/libc.so.6
(gdb) bt
#0 0x003c7816 in ?? () from /lib/tls/i686/cmov/libc.so.6
#1 0x082818c6 in do_fetch (stmt=0x99cb938, do_bind=1,
return_value=0x8f5c78c,
how=PDO_FETCH_ASSOC, ori=PDO_FETCH_ORI_NEXT, offset=0,
return_all=0x0)
at /home/apang/work/php/php-5.3.5/ext/pdo/pdo_stmt.c:1044
#2 0x082825a2 in zim_PDOStatement_fetch (ht=3, return_value=0x8f5c78c,
return_value_ptr=0x0, this_ptr=0xb7ecba54, return_value_used=1)
at /home/apang/work/php/php-5.3.5/ext/pdo/pdo_stmt.c:1316
#3 0x08501e58 in zend_do_fcall_common_helper_SPEC
(execute_data=0x8bd0dc0)
at /home/apang/work/php/php-5.3.5/Zend/zend_vm_execute.h:316
#4 0x08502415 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0x8bd0dc0)
at /home/apang/work/php/php-5.3.5/Zend/zend_vm_execute.h:421
#5 0x085014f5 in execute (op_array=0x971d190)
at /home/apang/work/php/php-5.3.5/Zend/zend_vm_execute.h:107
#6 0x084c6e07 in zend_call_function (fci=0xbfffce28,
fci_cache=0xbfffce4c)
at /home/apang/work/php/php-5.3.5/Zend/zend_execute_API.c:964
#7 0x083849e1 in zif_call_user_func_array (ht=2,
return_value=0x9a03db0,
return_value_ptr=0x0, this_ptr=0x0, return_value_used=0)
at
/home/apang/work/php/php-5.3.5/ext/standard/basic_functions.c:4796
#8 0x08501e58 in zend_do_fcall_common_helper_SPEC
(execute_data=0x8bcffdc)
at /home/apang/work/php/php-5.3.5/Zend/zend_vm_execute.h:316
#9 0x08505918 in ZEND_DO_FCALL_SPEC_CONST_HANDLER
(execute_data=0x8bcffdc)
at /home/apang/work/php/php-5.3.5/Zend/zend_vm_execute.h:1606
#10 0x085014f5 in execute (op_array=0x8e7bd1c)
---Type <return> to continue, or q <return> to quit---
at /home/apang/work/php/php-5.3.5/Zend/zend_vm_execute.h:107
#11 0x084d488e in zend_execute_scripts (type=8, retval=0x0,
file_count=3)
at /home/apang/work/php/php-5.3.5/Zend/zend.c:1194
#12 0x0846a4ee in php_execute_script (primary_file=0xbffff2e4)
at /home/apang/work/php/php-5.3.5/main/main.c:2265
#13 0x08592c71 in main (argc=2, argv=0xbffff474)
at /home/apang/work/php/php-5.3.5/sapi/cli/php_cli.c:1193
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/bug.php?id=53716&edit=1
