Edit report at https://bugs.php.net/bug.php?id=62273&edit=1
ID: 62273 Updated by: and...@php.net Reported by: andres at phalconphp dot com Summary: Segmentation Fault in Mysqli/Mysqlnd Status: Verified Type: Bug Package: MySQLi related Operating System: Linux/Mac PHP Version: 5.3.15-dev/5.3.12/5.4.5-dev Assigned To: mysql Block user comment: N Private report: N New Comment: The fix will come, together with more csets in the next PHP 5.3 release Previous Comments: ------------------------------------------------------------------------ [2012-06-29 13:59:02] and...@php.net Automatic comment on behalf of andrey Revision: http://git.php.net/?p=php-src.git;a=commit;h=8fe87e7feaab2c031998d553585ba8cabf077499 Log: fix Bug #62273 Segmentation Fault in Mysqli/Mysqlnd ------------------------------------------------------------------------ [2012-06-12 08:09:40] and...@php.net php -r '$link = mysqli_connect("127.0.0.1", "root", "root", "test");var_dump(mysqli_character_set_name($link));' Segmentation fault (core dumped) ------------------------------------------------------------------------ [2012-06-11 23:45:50] andres at phalconphp dot com hi, is someone assigned to this? ------------------------------------------------------------------------ [2012-06-09 05:56:58] andres at phalconphp dot com I think the problem is the mysqlnd_charsets variable in ext/mysqlnd/mysqlnd_charset.c: utf8_spanish_ci is returned as code 199 by the mysql/server but in the charset const is: { 119, UTF8_MB3, UTF8_MB3"_spanish_ci", 1, 3, "", mysqlnd_mbcharlen_utf8mb3, check_mb_utf8mb3_valid}, Then mysqlnd_find_charset_nr is unable to find the charset name. And as a consequence of that, conn->charset is null producing the segmentation fault. I'm not sure what is the right solution for this, maybe updating the charset code or assigning a default charset when the charset code does not match any. ------------------------------------------------------------------------ [2012-06-09 05:08:45] andres at phalconphp dot com PHP 5.4 is also affected: $ php -v PHP 5.4.5-dev (cli) (built: Jun 8 2012 23:58:38) Copyright (c) 1997-2012 The PHP Group Zend Engine v2.4.0, Copyright (c) 1998-2012 Zend Technologies $ php a.php Segmentation fault $ gdb --args sapi/cli/php a.php GNU gdb (Ubuntu/Linaro 7.3-0ubuntu2) 7.3-2011.08 Copyright (C) 2011 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i686-linux-gnu". For bug reporting instructions, please see: <http://bugs.launchpad.net/gdb-linaro/>... Reading symbols from /home/andres/php5.4-201206090330/sapi/cli/php...done. (gdb) run Starting program: /home/andres/php5.4-201206090330/sapi/cli/php a.php Program received signal SIGSEGV, Segmentation fault. mysqlnd_cset_escape_slashes (cset=0x0, newstr=0xb7fc5884 "|X\374\267|X\374\267\364\001", escapestr=0xb7ebbc90 "1", escapestr_len=1) at /home/andres/php5.4-201206090330/ext/mysqlnd/mysqlnd_charset.c:719 719 if (cset->char_maxlen > 1 && (len = cset->mb_valid(escapestr, end))) { (gdb) bt #0 mysqlnd_cset_escape_slashes (cset=0x0, newstr=0xb7fc5884 "|X\374\267|X\374\267\364\001", escapestr=0xb7ebbc90 "1", escapestr_len=1) at /home/andres/php5.4-201206090330/ext/mysqlnd/mysqlnd_charset.c:719 #1 0x08285111 in php_mysqlnd_conn_data_escape_string_pub (escapestr_len=1, escapestr=0xb7ebbc90 "1", newstr=0xb7fc5884 "|X\374\267|X\374\267\364\001", conn=0xb7fc3e58) at /home/andres/php5.4-201206090330/ext/mysqlnd/mysqlnd.c:1470 #2 php_mysqlnd_conn_data_escape_string_pub (conn=0xb7fc3e58, newstr=0xb7fc5884 "|X\374\267|X\374\267\364\001", escapestr=0xb7ebbc90 "1", escapestr_len=1) at /home/andres/php5.4-201206090330/ext/mysqlnd/mysqlnd.c:1459 #3 0x0818419c in zif_mysqli_real_escape_string (ht=2, return_value=0xb7fc35a0, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1) at /home/andres/php5.4-201206090330/ext/mysqli/mysqli_api.c:1905 #4 0x083a28d8 in zend_do_fcall_common_helper_SPEC (execute_data=<optimized out>) at /home/andres/php5.4-201206090330/Zend/zend_vm_execute.h:642 #5 0x083658ed in execute (op_array=<optimized out>) at /home/andres/php5.4-201206090330/Zend/zend_vm_execute.h:410 #6 0x083077db in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/andres/php5.4-201206090330/Zend/zend.c:1279 #7 0x082a8192 in php_execute_script (primary_file=0xbfffdf6c) at /home/andres/php5.4-201206090330/main/main.c:2473 #8 0x083a4fec in do_cli (argc=2, argv=0xbffff1f4) at /home/andres/php5.4-201206090330/sapi/cli/php_cli.c:988 #9 0x08066cc4 in main (argc=2, argv=0xbffff1f4) at /home/andres/php5.4-201206090330/sapi/cli/php_cli.c:1361 ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=62273 -- Edit this bug report at https://bugs.php.net/bug.php?id=62273&edit=1
