From: temnota at kmv dot ru
Operating system: Linux RH7.3
PHP version: 4.3.4
PHP Bug Type: MySQL related
Bug description: phpmyadmin-2.5.4 + mysql-4.0.15 = crash

Description:
------------
When i try to browse mysql table structure in phpmyadmin
it crash.
php crash into Zend/zend_API.c:add_property_string_ex
but incorrect parametrs coming from mysql module.
mysql compilled as shared module

Actual result:
--------------
#0 0x401cfe27 in strlen () from /lib/libc.so.6
#1 0x404757b6 in add_property_string_ex (arg=0x848a6ac, key=0x40858409
"def",
key_len=4, str=0x9 <Address 0x9 out of bounds>, duplicate=1)
at /usr/src/redhat/BUILD/php-4.3.4/Zend/zend_API.c:980
#2 0x40856b1a in zif_mysql_fetch_field (ht=1, return_value=0x848a6ac,
this_ptr=0x0, return_value_used=1)
at /usr/src/redhat/BUILD/php-4.3.4/ext/mysql/php_mysql.c:2163
#3 0x40488463 in execute (op_array=0x8357b78)
at /usr/src/redhat/BUILD/php-4.3.4/Zend/zend_execute.c:1616
#4 0x4048863f in execute (op_array=0x82bdd5c)
at /usr/src/redhat/BUILD/php-4.3.4/Zend/zend_execute.c:1660
#5 0x4047308c in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at /usr/src/redhat/BUILD/php-4.3.4/Zend/zend.c:884
#6 0x40445871 in php_execute_script (primary_file=0xbffff470)
at /usr/src/redhat/BUILD/php-4.3.4/main/main.c:1729
#7 0x4049043e in apache_php_module_main (r=0x8139e5c,
display_source_mode=0)
at /usr/src/redhat/BUILD/php-4.3.4/sapi/apache/sapi_apache.c:54
#8 0x40491173 in send_php (r=0x8139e5c, display_source_mode=0,
filename=0x0)
at /usr/src/redhat/BUILD/php-4.3.4/sapi/apache/mod_php4.c:620
#9 0x404911d3 in send_pd_php (r=0x8139e5c)
at /usr/src/redhat/BUILD/php-4.3.4/sapi/apache/mod_php4.c:635
#10 0x0805ce63 in ap_invoke_handler ()
#11 0x08073ea7 in process_request_internal ()
#12 0x08073f08 in ap_process_request ()
#13 0x080695c1 in child_main ()
#14 0x08069790 in make_child ()
#15 0x08069904 in startup_children ()
#16 0x08069ff4 in standalone_main ()
#17 0x0806a873 in main ()
#18 0x4016d1c4 in __libc_start_main () from /lib/libc.so.6

and other backtrace
Breakpoint 2, add_property_string_ex (arg=0x848a6bc, key=0x40894a53
"def",
key_len=4, str=0xb <Address 0xb out of bounds>, duplicate=1)
at /usr/src/redhat/BUILD/php-4.3.4/Zend/zend_API.c:977
977 MAKE_STD_ZVAL(tmp);
(gdb) bt
#0 add_property_string_ex (arg=0x848a6bc, key=0x40894a53 "def",
key_len=4,
str=0xb <Address 0xb out of bounds>, duplicate=1)
at /usr/src/redhat/BUILD/php-4.3.4/Zend/zend_API.c:977
#1 0x40892f2c in zif_mysql_fetch_field (ht=1, return_value=0x848a6bc,
this_ptr=0x0, return_value_used=1)
at /usr/src/redhat/BUILD/php-4.3.4/ext/mysql/php_mysql.c:2163
#2 0x404bf51f in execute (op_array=0x8357b78)
at /usr/src/redhat/BUILD/php-4.3.4/Zend/zend_execute.c:1616
[skipp]
(gdb) return
Make add_property_string_ex return now? (y or n) y

#0 0x40892f2c in zif_mysql_fetch_field (ht=1, return_value=0x848a6bc,
this_ptr=0x0, return_value_used=1)
at /usr/src/redhat/BUILD/php-4.3.4/ext/mysql/php_mysql.c:2163
2163 add_property_string(return_value,
"def",(mysql_field->def?mysql_field->def:empty_string), 1);

(gdb) print mysql_field[0]
$2 = {name = 0x8451750 "idp", table = 0x8451748 "bufer", org_table = 0x0,
db = 0x3 <Address 0x3 out of bounds>, def = 0xb <Address 0xb out of
bounds>,
length = 7, max_length = 49667, flags = 0, decimals = 138745696,
type = 138745688}
(gdb) cont

--
Edit bug report at [url]http://bugs.php.net/?id=26208&edit=1[/url]
--
Try a CVS snapshot (php4): [url]http://bugs.php.net/fix.php?id=26208&r=trysnapshot4[/url]
Try a CVS snapshot (php5): [url]http://bugs.php.net/fix.php?id=26208&r=trysnapshot5[/url]
Fixed in CVS: [url]http://bugs.php.net/fix.php?id=26208&r=fixedcvs[/url]
Fixed in release: [url]http://bugs.php.net/fix.php?id=26208&r=alreadyfixed[/url]
Need backtrace: [url]http://bugs.php.net/fix.php?id=26208&r=needtrace[/url]
Try newer version: [url]http://bugs.php.net/fix.php?id=26208&r=oldversion[/url]
Not developer issue: [url]http://bugs.php.net/fix.php?id=26208&r=support[/url]
Expected behavior: [url]http://bugs.php.net/fix.php?id=26208&r=notwrong[/url]
Not enough info: [url]http://bugs.php.net/fix.php?id=26208&r=notenoughinfo[/url]
Submitted twice: [url]http://bugs.php.net/fix.php?id=26208&r=submittedtwice[/url]
register_globals: [url]http://bugs.php.net/fix.php?id=26208&r=globals[/url]
PHP 3 support discontinued: [url]http://bugs.php.net/fix.php?id=26208&r=php3[/url]
Daylight Savings: [url]http://bugs.php.net/fix.php?id=26208&r=dst[/url]
IIS Stability: [url]http://bugs.php.net/fix.php?id=26208&r=isapi[/url]
Install GNU Sed: [url]http://bugs.php.net/fix.php?id=26208&r=gnused[/url]
Floating point limitations: [url]http://bugs.php.net/fix.php?id=26208&r=float[/url]