Bug 185343 - Segmentation Faults using PHP ODBC and MySQL
Summary: Segmentation Faults using PHP ODBC and MySQL
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Web Application Stack
Classification: Retired
Component: mysql-connector-odbc
Version: v1
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Tom Lane
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-03-13 21:06 UTC by Greg Nichols
Modified: 2013-07-03 03:08 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-02-12 06:08:11 UTC
Embargoed:


Attachments (Terms of Use)
PHP test case illustrating bug (1.00 KB, text/plain)
2006-03-13 21:06 UTC, Greg Nichols
no flags Details

Description Greg Nichols 2006-03-13 21:06:27 UTC
Description of problem:

PHP use of MySQL database via unixODBC and mysql-connector-odbc
produces memory corruption and segmentation faults on roughly 
half of all database accesses.  Representative error messages 
from the Apache error log:

[Mon Mar 13 14:54:03 2006] [notice] child pid 28893 exit signal Segmentation
fault (11)

[Mon Mar 13 15:27:39 2006] [error] [client 172.16.81.27] PHP Warning: 
odbc_connect() [<a href='function.odbc-connect'>function.odbc-connect</a>]: SQL
error: [unixODBC][MySQL][ODBC 3.51 Driver]Can't initialize character set latin1
(path: /usr/share/mysql/charsets/), SQL state S1T00 in SQLConnect in
/var/www/html/bluemoose/qq.php on line 2
Character set 'latin1' is not a compiled character set and is not specified in
the '/usr/share/mysql/charsets/Index.xml' file

This bug is (or is related to) the following MySQL bugs:

http://bugs.mysql.com/bug.php?id=15248
http://bugs.mysql.com/bug.php?id=15547


Version-Release number of selected component (if applicable):

mysql-connector-odbc-3.51.12-1.e14s1.1
unixODBC-2.2.11-6.e14s1.1


How reproducible:

Very - usually after 2 or 3 repeated accesses of the attached PHP code


Steps to Reproduce:

- see attachment

Comment 1 Greg Nichols 2006-03-13 21:06:27 UTC
Created attachment 126070 [details]
PHP test case illustrating bug

Comment 2 Benjamin Kahn 2006-03-21 15:53:41 UTC
May be related to bug #171064

Comment 3 Tom Lane 2006-03-21 17:32:22 UTC
I didn't have any luck reproducing the problem when running php directly on the
test case (ie, "php bug.php").  Any suggestions?

Comment 4 Tom Lane 2006-03-21 17:42:50 UTC
BTW, I notice that bug #171064 relates to the much older MyODBC driver
(libmyodbc.so rather than libmyodbc3.so).  Might be worth double checking which
driver version your ODBC configuration actually selects.

Comment 5 Tom Lane 2006-03-23 21:41:18 UTC
OK, I'm pretty well convinced that you are in fact seeing the same problem as is
mentioned in the second mysql bug above (15547) --- the core dump is in the same
place.  And I can reproduce that one on my own machine.  It looks to me like
some kind of double-free error but I'm not having much luck narrowing it down
more than that (it'd seem the MySQL guys have not found it either...)  Currently
rebuilding all this stuff on my old slow i386 machine so I can try valgrind.

Comment 6 Tom Lane 2006-03-24 00:01:00 UTC
Argh ... I suddenly see the problem.  libmyodbc3.so is linking to
libmysqlclient.so which is *not thread safe*.  Why isn't it linking
to libmysqlclient_r.so?

Comment 7 Tom Lane 2006-03-24 00:13:37 UTC
Double argh.  I've been testing an incorrect configuration: multithread programs
had better use libmyodbc3_r.so, not libmyodbc3.so.  With the thread-safe library
I'm not seeing the bogus free()s anymore.  It still crashes though :-(

Comment 8 Tom Lane 2006-03-27 17:41:05 UTC
It seems that the correct fix to this is that myodbc_end() shouldn't be called
during connection shutdown.  That function only makes sense to call during total
library shutdown (eg, DLL unload on Windows).  Committed in 3.51.12-2.el4s1.1
and reported to upstream library author too.

Comment 11 Gurhan Ozen 2006-05-22 16:17:26 UTC
Greg Nichols verified this bug.. Changing the status to verified.

Comment 12 Tom Lane 2008-02-12 06:08:11 UTC
This bug is long since dealt with, not sure why it was not closed.


Note You need to log in before you can comment on or make changes to this bug.