Edit report at https://bugs.php.net/bug.php?id=55653&edit=1
ID: 55653 Updated by: larue...@php.net Reported by: u...@php.net Summary: PS crash with libmysql when binding same variable as param and out Status: Closed Type: Bug Package: MySQLi related PHP Version: 5.4SVN-2011-09-09 (SVN) Assigned To: laruence Block user comment: N Private report: N New Comment: this also cause a segfault in ext/mysqli/tests/mysqli_stmt_execute_stored_proc.php Previous Comments: ------------------------------------------------------------------------ [2011-09-10 03:52:04] larue...@php.net This bug has been fixed in SVN. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. For Windows: http://windows.php.net/snapshots/ Thank you for the report, and for helping us make PHP better. ------------------------------------------------------------------------ [2011-09-10 03:51:02] larue...@php.net Automatic comment from SVN on behalf of laruence Revision: http://svn.php.net/viewvc/?view=revision&revision=316474 Log: Fixed Bug #55653(PS crash with libmysql when binding same variable as param and out) Actually this caused by attempt to efree a INTERNED string ------------------------------------------------------------------------ [2011-09-09 12:12:45] u...@php.net Test added ------------------------------------------------------------------------ [2011-09-09 12:11:54] u...@php.net Automatic comment from SVN on behalf of uw Revision: http://svn.php.net/viewvc/?view=revision&revision=316455 Log: Bug #55653 ------------------------------------------------------------------------ [2011-09-09 12:00:27] u...@php.net Description: ------------ This will crash, if using mysqli with libmysql. sapi/cli/php -r '$link = new mysqli("192.168.2.27", "root", "", "test"); $stmt = $link->stmt_init(); $in = "a"; $stmt->prepare("SELECT ?"); $stmt->bind_param("s", $in); $stmt->execute(); $stmt->bind_result($in); $stmt->fetch(); var_dump($in);' /home/nixnutz/php-src/branches/PHP_5_4/ext/mysqli/mysqli_api.c(890) : Block 0x071e5870 status: Invalid pointer: ((size=0x005976c6) != (next.prev=0x00000000)) ==12847== Conditional jump or move depends on uninitialised value(s) ==12847== at 0x81C242: zend_mm_check_ptr (zend_alloc.c:1388) ==12847== by 0x81C230: zend_mm_check_ptr (zend_alloc.c:1385) ==12847== by 0x81DDA6: _zend_mm_free_int (zend_alloc.c:2064) ==12847== by 0x81F350: _efree (zend_alloc.c:2436) ==12847== by 0x5F412E: mysqli_stmt_fetch_libmysql (mysqli_api.c:890) Box 1: mysqli MysqlI Support => enabled Client API library version => 5.6.2-m5 Active Persistent Links => 0 Inactive Persistent Links => 0 Active Links => 0 Client API header version => 5.6.2-m5 MYSQLI_SOCKET => /tmp/mysql.sock Box 2: mysqli MysqlI Support => enabled Client API library version => 5.1.45 Active Persistent Links => 0 Inactive Persistent Links => 0 Active Links => 0 Client API header version => 5.1.45 MYSQLI_SOCKET => /tmp/mysql.sock Test script: --------------- sapi/cli/php -r '$link = new mysqli("192.168.2.27", "root", "", "test"); $stmt = $link->stmt_init(); $in = "a"; $stmt->prepare("SELECT ?"); $stmt->bind_param("s", $in); $stmt->execute(); $stmt->bind_result($in); $stmt->fetch(); var_dump($in);' ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=55653&edit=1