PHP :: Bug #31288 :: mysql_fetch_field() crashes
- ️Fri Dec 24 2004
| Bug #31288 | mysql_fetch_field() crashes | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Submitted: | 2004-12-24 17:18 UTC | Modified: | 2005-02-22 16:00 UTC |
|
||||||||||
| From: | m dot brachner at gmx dot at | Assigned: | ||||||||||||
| Status: | Closed | Package: | MySQL related | |||||||||||
| PHP Version: | 5CVS-2004-12-24 (dev) | OS: | Windows XP | |||||||||||
| Private report: | No | CVE-ID: | None |
[2004-12-24 17:18 UTC] m dot brachner at gmx dot at
Description:
------------
mysql_fetch_field produces an PHP-Crash. A Modal Window pops up (I have a German XP):
php-cgi.exe Error in Application
The instruction at '0x1000589c' referenced memory at '0x00000001'.
The memory could not be read.
Click OK to terminate the program.
MySQL Version 4.0.18
Reproduce code:
---------------
<?php
$conn = mysql_connect('localhost:3306', 'root', '');
mysql_select_db('odb');
$result = mysql_query('select * from classes');
/* get column metadata */
$i = 0;
while ($i < mysql_num_fields($result)) {
echo "Information for column $i:<br />\n";
$meta = mysql_fetch_field($result, $i);
$i++;
}
mysql_free_result($result);
?>
Expected result:
----------------
mysql_fetch_field should do the documented operations.
Actual result:
--------------
mysql_fetch_field produces an PHP-Crash. A Modal Window pops up (I have a German XP):
php-cgi.exe Error in Application
The instruction at '0x1000589c' referenced memory at '0x00000001'.
The memory could not be read.
Click OK to terminate the program.
Patches
Pull Requests
History
AllCommentsChangesGit/SVN commitsRelated reports
[2004-12-25 18:52 UTC] m dot brachner at gmx dot at
Using CGI Version Internet Information Server Version 5.1
[2005-01-09 19:06 UTC] kurt at indermaur dot com
Failed for me with a "Segmentation Violation" on freebsd, php 4.3.10 and php 5.0.3 (switched to 5.x after encountering this bug), with mysql 4.0.22. I tracked it down to line 2250 of ext/mysql/php_mysql.c: add_property_string(return_value, "def",(mysql_field->def?mysql_field->def :empty_string), 1); According to mysql's documentation (http://dev.mysql.com/doc/mysql/en/C_API_datatypes.html, with my emphasis added): char * def - The default value of this field, as a null-terminated string. ***This is set only if you use mysql_list_fields()***. My guess is that *def is never initialized, so it may very well not be null, and then just about any attempt to retrieve its value will result in a segmentation violation (or whatever your OS calls a reference to memory outside the program's control). A simple workaround for me was to comment out line 2250.
[2005-02-22 16:00 UTC] iliaa@php.net
This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better.