From: Operating system: PHP version: 5.4SVN-2011-09-09 (SVN) Package: MySQLi related Bug Type: Bug Bug description:PS crash with libmysql when binding same variable as param and out
Description: ------------ This will crash, if using mysqli with libmysql. sapi/cli/php -r '$link = new mysqli("192.168.2.27", "root", "", "test"); $stmt = $link->stmt_init(); $in = "a"; $stmt->prepare("SELECT ?"); $stmt->bind_param("s", $in); $stmt->execute(); $stmt->bind_result($in); $stmt->fetch(); var_dump($in);' /home/nixnutz/php-src/branches/PHP_5_4/ext/mysqli/mysqli_api.c(890) : Block 0x071e5870 status: Invalid pointer: ((size=0x005976c6) != (next.prev=0x00000000)) ==12847== Conditional jump or move depends on uninitialised value(s) ==12847== at 0x81C242: zend_mm_check_ptr (zend_alloc.c:1388) ==12847== by 0x81C230: zend_mm_check_ptr (zend_alloc.c:1385) ==12847== by 0x81DDA6: _zend_mm_free_int (zend_alloc.c:2064) ==12847== by 0x81F350: _efree (zend_alloc.c:2436) ==12847== by 0x5F412E: mysqli_stmt_fetch_libmysql (mysqli_api.c:890) Box 1: mysqli MysqlI Support => enabled Client API library version => 5.6.2-m5 Active Persistent Links => 0 Inactive Persistent Links => 0 Active Links => 0 Client API header version => 5.6.2-m5 MYSQLI_SOCKET => /tmp/mysql.sock Box 2: mysqli MysqlI Support => enabled Client API library version => 5.1.45 Active Persistent Links => 0 Inactive Persistent Links => 0 Active Links => 0 Client API header version => 5.1.45 MYSQLI_SOCKET => /tmp/mysql.sock Test script: --------------- sapi/cli/php -r '$link = new mysqli("192.168.2.27", "root", "", "test"); $stmt = $link->stmt_init(); $in = "a"; $stmt->prepare("SELECT ?"); $stmt->bind_param("s", $in); $stmt->execute(); $stmt->bind_result($in); $stmt->fetch(); var_dump($in);' -- Edit bug report at https://bugs.php.net/bug.php?id=55653&edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=55653&r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=55653&r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=55653&r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=55653&r=fixed Fixed in SVN and need be documented: https://bugs.php.net/fix.php?id=55653&r=needdocs Fixed in release: https://bugs.php.net/fix.php?id=55653&r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=55653&r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=55653&r=needscript Try newer version: https://bugs.php.net/fix.php?id=55653&r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=55653&r=support Expected behavior: https://bugs.php.net/fix.php?id=55653&r=notwrong Not enough info: https://bugs.php.net/fix.php?id=55653&r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=55653&r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=55653&r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=55653&r=php4 Daylight Savings: https://bugs.php.net/fix.php?id=55653&r=dst IIS Stability: https://bugs.php.net/fix.php?id=55653&r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=55653&r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=55653&r=float No Zend Extensions: https://bugs.php.net/fix.php?id=55653&r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=55653&r=mysqlcfg