Segmentation fault in PHP?

Question

Why does the following code cause a segmentation fault?

<?php

$CNX = new mysqli('localhost','dbuser', 'dbpass', 'dbtest');

class DAO
{
        var $stmt;

        function DAO()
        {
                $this->stmt = $GLOBALS['CNX']->stmt_init();
        }

        function listing()
        {
                $this->stmt->prepare('SELECT * FROM any_table');
        }
}

class Page
{
        function go()
        {
                $d1 = new DAO();
                $d2 = new DAO();
                $d1->listing();
                exit;
        }
}

$tpl = new Page();
$tpl->go();
?>

Additional Notes

1) I ran this code on two different LAMP servers and they both generate errors like child pid somenumber exit signal Segmentation fault (11) in my error.log files. On one server, I am running Ubuntu 10.04, Apache 2, Mysql 5 and PHP 5.3.2-1ubuntu4.9, and on another server I'm running Ubuntu 11.10, Apache 2, mysql 5 and PHP 5.3.6-13ubuntu3.3.

2) It's weird, but when I comment out the line $d2 = new DAO(); or the line exit;, the segmentation fault goes away.

3) The segmentation fault occurs no matter which db table I select from in the prepared statement

What is going on? I am so frustrated. I have lost an entire day's worth of time because of this segmentation fault. Please...if anyone knows what's going on, let me know

Thanks

Answer 1

Looks like you found a bug in the mysqli module!

Submit it to https://bugs.php.net/

Don't expect it to be fixed tomorrow, though. Find a way to work around the bug or try using different PHP/mysqli versions to see if you can get by.

For reference, I can reproduce it too, and here's a backtrace. Looks like things are exploding while trying to close the connection and clean things up:

jon@jonx:~/tmp$ gdb `which php`
...
Reading symbols from /usr/bin/php...(no debugging symbols found)...done.
(gdb) run tmp.php
Starting program: /usr/bin/php tmp.php
[Thread debugging using libthread_db enabled]
[New Thread 0x7ffff3cb7700 (LWP 1028)]
[Thread 0x7ffff3cb7700 (LWP 1028) exited]

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff458ca25 in vio_peer_addr () from /usr/lib/libmysqlclient_r.so.16
(gdb) bt
#0  0x00007ffff458ca25 in vio_peer_addr () from /usr/lib/libmysqlclient_r.so.16
#1  0x00007ffff458d873 in net_real_write () from /usr/lib/libmysqlclient_r.so.16
#2  0x00007ffff458dd5b in net_flush () from /usr/lib/libmysqlclient_r.so.16
#3  0x00007ffff458df40 in net_write_command () from /usr/lib/libmysqlclient_r.so.16
#4  0x00007ffff458aa84 in cli_advanced_command () from /usr/lib/libmysqlclient_r.so.16
#5  0x00007ffff455c23c in mysql_stmt_close () from /usr/lib/libmysqlclient_r.so.16
#6  0x00007ffff42f3815 in ?? () from /usr/lib/php5/20090626/mysqli.so
#7  0x00007ffff42f38ca in ?? () from /usr/lib/php5/20090626/mysqli.so
#8  0x00000000006b6ad1 in zend_objects_store_del_ref_by_handle_ex ()
#9  0x00000000006b6af3 in zend_objects_store_del_ref ()
#10 0x0000000000683662 in _zval_ptr_dtor ()
#11 0x000000000069f313 in zend_hash_destroy ()
#12 0x00000000006b2ae9 in zend_object_std_dtor ()
#13 0x00000000006b2b09 in zend_objects_free_object_storage ()
#14 0x00000000006b663f in zend_objects_store_free_object_storage ()
#15 0x0000000000683c84 in ?? ()
#16 0x0000000000691cd5 in ?? ()
#17 0x000000000063eccf in php_request_shutdown ()
#18 0x000000000072c76c in ?? ()
#19 0x00007ffff55f5eff in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6
#20 0x0000000000428859 in _start ()

Answer 2

I have just enabled xdebugger in my Linux machine. Then I debugged code in PHPStorm which has given me the exact lines of code that caused the error.

The error was due to recursive call to the function in my case for e.g.:

public function1()
{
    $this->function2();
}

public function2()
{
    $this->function1();
}

I hope this helps you.

Thanks,

Dipti