search

gplessis / dotdeb-php

Dotdeb : PHP packages
https://www.dotdeb.org/
Other
125 stars 23 forks source link

php 5.6/mysqlnd segfault with stored procedures #145

Closed tarkin000 closed 8 years ago

tarkin000 commented 8 years ago

Debian Wheezy i686 (up to date as of 8/2016) PHP 5.6.24-1~dotdeb+7.1 (cli) (built: Jul 22 2016 00:07:27) php-cgi & php-cli

deb http://lug.mtu.edu/debian/ wheezy main
deb-src http://lug.mtu.edu/debian/ wheezy main

#deb http://debian.cse.msu.edu/debian/ wheezy main contrib non-free
#deb-src http://debian.cse.msu.edu/debian/ wheezy main contrib

deb http://security.debian.org/ wheezy/updates main contrib
deb-src http://security.debian.org/ wheezy/updates main contrib

# wheezy-updates, previously known as 'volatile'
deb http://lug.mtu.edu/debian/ wheezy-updates main
deb-src http://lug.mtu.edu/debian/ wheezy-updates main

# wheezy-updates, previously known as 'volatile'
#deb http://debian.cse.msu.edu/debian/ wheezy-updates main contrib
#deb-src http://debian.cse.msu.edu/debian/ wheezy-updates main contrib

# dotdeb
deb http://packages.dotdeb.org wheezy all
deb http://packages.dotdeb.org wheezy-php56 all
deb-src http://packages.dotdeb.org wheezy-php56 all
# deb-multimedia
deb http://www.deb-multimedia.org wheezy main non-free

/etc/apt/sources/list.d : nodesource.list

ii  php-pear                                                    5.6.24-1~dotdeb+7.1                all          PEAR - PHP Extension and Application Repository
ii  php5-cgi                                                    5.6.24-1~dotdeb+7.1                i386         server-side, HTML-embedded scripting language (CGI binary)
ii  php5-cli                                                    5.6.24-1~dotdeb+7.1                i386         command-line interpreter for the php5 scripting language
ii  php5-common                                                 5.6.24-1~dotdeb+7.1                i386         Common files for packages built from the php5 source
ii  php5-dbg                                                    5.6.24-1~dotdeb+7.1                i386         Debug symbols for PHP5
ii  php5-gd                                                     5.6.24-1~dotdeb+7.1                i386         GD module for php5
ii  php5-imagick                                                1:3.1.2-2~dotdeb+7.1               i386         Provides a wrapper to the ImageMagick library
ii  php5-mysqlnd                                                5.6.24-1~dotdeb+7.1                i386         MySQL module for php5 (Native Driver)
ii  php5-readline                                               5.6.24-1~dotdeb+7.1                i386         Readline module for php5
ii  php5-sqlite                                                 5.6.24-1~dotdeb+7.1                i386         SQLite module for php5

php seqfaults when fetching the result of prepared statement that invokes a stored procedure. To reproduce: db.sql:

drop database if exists test;
create database test;
use test;
create table test(foo int,bar varchar(36));
insert into test(foo,bar) values(1,"baz");
insert into test(foo,bar) values(2,"quux");

delimiter //
create procedure pppp(id int)
begin
        declare result varchar(4) default 'fail';
        declare message varchar(64) default 'hello, world';
        declare datum varchar(36) default null;
        declare cur cursor for select bar from test where id = id;
        declare exit handler for 1329
                begin
                        set message = 'got 1329';
                        select result,message,datum;
                end;
        open cur;
        fetch cur into datum;
        close cur;
        select result,message,datum;
end
//

test.php:

<?php
$conn = new mysqli('localhost','root','password','test',3306);
$stmt = $conn->prepare('call pppp(?)');
$int = 1;
$stmt->bind_param('i',$int);
$stmt->execute();
do {
        if ($res = $stmt->get_result()) {
                printf("---\n");
                var_dump($res->fetch_all());
                $res->free();
        } else {
                printf("error: ");
                if ($stmt->errno) printf("$stmt->error");
                printf("\n");
        }
} while($stmt->more_results() && $stmt->next_result());
$stmt->close();
$conn->close();
?>

test.gdb.log:

Starting program: /usr/bin/php test.php
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/i686/cmov/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
mysqlnd_fetch_stmt_row_cursor (result=0xb7621088, param=0xb7621a64, flags=2, fetched_anything=0xbfffba3f "\267\364/3\267\210\020b\267")
    at /usr/src/builddir/ext/mysqlnd/mysqlnd_ps.c:1022
1022    /usr/src/builddir/ext/mysqlnd/mysqlnd_ps.c: No such file or directory.
#0  mysqlnd_fetch_stmt_row_cursor (result=0xb7621088, param=0xb7621a64, flags=2, fetched_anything=0xbfffba3f "\267\364/3\267\210\020b\267")
    at /usr/src/builddir/ext/mysqlnd/mysqlnd_ps.c:1022
#1  0xb73148d5 in php_mysqlnd_res_fetch_row_pub (result=0xb7621088, param=0xb7621a64, flags=2, fetched_anything=0xbfffba3f "\267\364/3\267\210\020b\267")
    at /usr/src/builddir/ext/mysqlnd/mysqlnd_result.c:1352
#2  0xb73173a6 in php_mysqlnd_res_fetch_into_pub (result=0xb7621088, flags=2, return_value=0xb7621a64, extension=MYSQLND_MYSQLI)
    at /usr/src/builddir/ext/mysqlnd/mysqlnd_result.c:1823
#3  0xb73171c5 in php_mysqlnd_res_fetch_all_pub (result=0xb7621088, flags=2, return_value=0xb7621a48) at /usr/src/builddir/ext/mysqlnd/mysqlnd_result.c:1893
#4  0xb67c6132 in zif_mysqli_fetch_all (ht=0, return_value=0xb7621a48, return_value_ptr=0xb76041a0, this_ptr=0xb761edb0, return_value_used=1)
    at /usr/src/builddir/ext/mysqli/mysqli_nonapi.c:385
#5  0x0842d376 in execute_internal (execute_data_ptr=execute_data_ptr@entry=0xb76042bc, fci=fci@entry=0x0, return_value_used=return_value_used@entry=1)
    at /usr/src/builddir/Zend/zend_execute.c:1527
#6  0x08371493 in dtrace_execute_internal (execute_data_ptr=0xb76042bc, fci=0x0, return_value_used=1) at /usr/src/builddir/Zend/zend_dtrace.c:97
#7  0x0842f9e7 in zend_do_fcall_common_helper_SPEC (execute_data=<optimized out>) at /usr/src/builddir/Zend/zend_vm_execute.h:560
#8  0x083f15e7 in execute_ex (execute_data=execute_data@entry=0xb76042bc) at /usr/src/builddir/Zend/zend_vm_execute.h:363
#9  0x08371359 in dtrace_execute_ex (execute_data=0xb76042bc) at /usr/src/builddir/Zend/zend_dtrace.c:73
#10 0x0842f162 in zend_execute (op_array=0xb761e5a4) at /usr/src/builddir/Zend/zend_vm_execute.h:388
#11 zend_execute (op_array=0xb761e5a4) at /usr/src/builddir/Zend/zend_vm_execute.h:383
#12 0x08384906 in zend_execute_scripts (type=type@entry=8, retval=retval@entry=0x0, file_count=file_count@entry=3) at /usr/src/builddir/Zend/zend.c:1341
#13 0x08319dae in php_execute_script (primary_file=primary_file@entry=0xbfffdf78) at /usr/src/builddir/main/main.c:2613
#14 0x08433379 in do_cli (argc=-1073750152, argc@entry=2, argv=0x7, argv@entry=0x89a0d88) at /usr/src/builddir/sapi/cli/php_cli.c:994
#15 0x080a5f43 in main (argc=2, argv=0x89a0d88) at /usr/src/builddir/sapi/cli/php_cli.c:1378
A debugging session is active.

        Inferior 1 [process 4588] will be killed.

Quit anyway? (y or n)

This is issue was present in 5.4.45-0+deb7u4, I had upgraded to DotDeb hoping to fix this issue. Should I report upstream?

Thanks for your time, Steve

tarkin000 commented 8 years ago

update: It has something to do with the cursor. Is the way I am using the cursor with the 1329 handler generating some huge result set?

The following replacement procedure works as expected:

drop procedure if exists pppp;
delimiter //
create procedure pppp(i int)
begin
        declare result varchar(4) default 'fail';
        declare message varchar(64) default 'hello, world';
        declare datum varchar(36) default null;
        declare exit handler for 1329
                begin
                        set message = 'got 1329';
                        select result,message,datum;
                end;
        select bar into datum from test where foo = i;
        select result,message,datum;
end //
delimiter ;
gplessis commented 8 years ago

That looks like an upstream problem. Did you take a look at https://bugs.php.net for similar issues?

tarkin000 commented 8 years ago

Yes, I have. The only thing similar is https://bugs.php.net/bug.php?id=72413 I will report this upstream, thanks!