php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #8663 Script with incorrect syntax crashes php4ts.dll (seems similar to #8521)
Submitted: 2001-01-11 16:59 UTC Modified: 2001-05-06 21:30 UTC
From: melis at cs dot utwente dot nl Assigned:
Status: Closed Package: Reproducible Crash
PHP Version: 4.0.4 OS: win98
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2001-01-11 16:59 UTC] melis at cs dot utwente dot nl 
I have three php files as follows:

--f1.php--
<?php
include "f2.php";
include "f3.php";
?>
----------

--f2.php--
<?php
# only seems to occur in a switch statement
switch ($t) {
      default:
              die (;    # a syntax error, on purpose
}
?>
----------

--f3.php--
<?php
$x = 0;     # there needs to be some statement here for the bug to occur
?>
----------

When running f1.php through php.exe I get

PHP caused an invalid page fault in
module PHP4TS.DLL at 015f:1008e147.
Registers:
EAX=00000001 CS=015f EIP=1008e147 EFLGS=00010206
EBX=006601ec SS=0167 ESP=0063f410 EBP=00791710
ECX=00000000 DS=0167 ESI=00791714 FS=541f
EDX=007910dc ES=0167 EDI=006601e4 GS=0000
Bytes at CS:EIP:
66 ff 48 0a 8b 06 66 8b 48 0a 66 85 c9 75 40 50 
Stack dump:
007612f0 100a46bb 00791714 00791990 007612f0 007918e0 0065ea04 006601c4 006601c4 00000001 007910dc 006601ec 81709050 00000000 00000000 0063f470 

Couldn't generate a backtrace, the borland debugger refused to work on this error. It seems to be similar to the problem described in bug #8521. In both cases a simple syntax error crashes the DLL. In this case, however, the include directives seem to have something to do with the bug. Simply copying the contents of f2 and f3 into f1 does not cause a crash.

PHP is 4.0.4 windows installer from your website.

Bye,
Paul

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-04-26 14:25 UTC] jmoore@php.net 
Reproduced under Apache and ISAPI under win2k.

- James
 [2001-04-26 14:53 UTC] jmoore@php.net 
THis has been fixed in latest CVS, and will be included in 4.0.6 thanks for your report.


- James
 [2001-04-26 15:08 UTC] jmoore@php.net 
heh trying a modified script didnt work but trying your script again crashses.

Backtrace:

_zval_ptr_dtor(_zval_struct * * 0x00e00b8c, char * 0x1022188c `string', unsigned int 236) line 259 + 5 bytes
zend_switch_free(_zend_op * 0x00dae5c0, _temp_variable * 0x00e00b88, _zend_executor_globals * 0x00db21e0) line 236 + 38 bytes
execute(_zend_op_array * 0x00e00c28, _zend_executor_globals * 0x00db21e0) line 1831 + 17 bytes
execute(_zend_op_array * 0x00dff2f8, _zend_executor_globals * 0x00db21e0) line 2039 + 19 bytes
zend_execute_scripts(int 8, _zend_compiler_globals * 0x00db28f0, _zend_executor_globals * 0x00db21e0, int 3) line 743 + 22 bytes
php_execute_script(_zend_file_handle * 0x0012ff48, _zend_compiler_globals * 0x00db28f0, _zend_executor_globals * 0x00db21e0, _php_core_globals * 0x00db52c0) line 1205 + 29 bytes
main(int 3, char * * 0x00db18c0) line 735 + 22 bytes
mainCRTStartup() line 338 + 17 bytes
KERNEL32! 77e992a6()
 [2001-05-06 21:30 UTC] zeev@php.net 
Fixed in the CVS - thanks for the accurate and easily reproducible bug report!
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Apr 25 12:01:31 2024 UTC