php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #29370 Crash apache.exe (php5ts.dll)
Submitted: 2004-07-25 03:34 UTC Modified: 2005-02-17 01:00 UTC
Votes:35
Avg. Score:4.1 ± 1.1
Reproduced:28 of 30 (93.3%)
Same Version:16 (57.1%)
Same OS:19 (67.9%)
From: anthony dot debhian at only-for dot info Assigned:
Status: No Feedback Package: Reproducible crash
PHP Version: 5.0.0 OS: Windows XP
Private report: No CVE-ID: None
View Add Comment Developer Edit
Have you experienced this issue?
Rate the importance of this bug to you:

 [2004-07-25 03:34 UTC] anthony dot debhian at only-for dot info 
Description:
------------
The code crash apache.exe with php-5.0.0/apache-1.3.31 and php-4.3.3/apache-1.3.27 (2 pc, 2 config)

The GET request does not appear in access.log and error.log.

this bug's odd, perhaps not important, but i send you feedback anyway.

Reproduce code:
---------------
<?
function funcfunc($array,$space="")
{
 foreach($array as $key=>$value) { if(is_array($array[$key])) { $src.=$key; } }
 return $src;
}

function funcfunc2($array,$test)
{
 foreach($array['test'] as $key=>$value) { }
 return $array;
}

$test['lol']['test1']="test1";
$test['lol']['test2']="test2";
$array=funcfunc($test);
$array=funcfunc2($array,"test");
?>

Expected result:
----------------
Just a fatal error.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-07-25 12:42 UTC] ahtin at hot dot ee 
i got the same obscure crash with php 5.0 + apache 2.0.48 on win98se with this code snippet:
---------
<?
$x=1;
while($s2=$this->db_fetch_row($s))
{						$x['birthday'].=$this->parse_tpl("k_links",$s2);
}
?>
--------
no errors, just apache crash
 [2004-07-25 21:37 UTC] grayw at mail dot montclair dot edu 
Can you provide the 'crash' output?  Since this is for windows, is there anything relevant in the logs you can view from Event Viewer?  In there you would see any messages relating to an kernel, application, or service crash?
 [2004-07-25 23:17 UTC] anthony dot debhian at only-for dot info 
Unhandled exception in Apache.exe (PHP5TS.DLL): 0xC0000005: Access Violation.
Offset: 00007344

The error report display
C:\DOCUME~1\Anthony\LOCALS~1\Temp\WER689.tmp.dir00\Apache.exe.mdmp
C:\DOCUME~1\Anthony\LOCALS~1\Temp\WER689.tmp.dir00\appcompat.txt

No more info on the error report :-\ sorry
 [2004-07-26 10:16 UTC] John at wargan dot org 
For info:

This bug does'nt work on apache 1.3.24 & php 4.2.5 under Redhat and slackware.
It seems to only be avalaible on Windows...as often ;)
 [2004-07-26 10:16 UTC] John at wargan dot org 
For info:

This bug does'nt work on apache 1.3.24 & php 4.2.5 under Redhat and slackware.
It seems to only be avalaible on Windows...as often ;)

John JEAN
 [2004-08-07 23:56 UTC] skippy at zuavra dot net 
Nothing special happens on Red Hat 9.0 with Apache 1.3.27, PHP 4.3.4. Just the normal complaint about foreach().
 [2004-08-09 11:12 UTC] mart at __no_spam__spin dot ee 
I got the crach with PHP 4.3.7 + Apache 1.3.31 + Linux
and PHP 4.3.4 + Apache 2.0.47 + Linux RH9.
It didn't work with PHP 4.3.5 + Apache 1.3.29 + Win2K.

A bit minimized version of this crash code:
<?php
 function funcfunc($array){
  foreach($array as $key=>$value) { $src.=$key; }
  return $src;
 }

 function funcfunc2($array){
  foreach($array['foo'] as $key=>$value) { }
 }

 $a['x']['y']="";
 $array=funcfunc($a);
 funcfunc2($array);
?>
 [2004-08-09 17:30 UTC] sbrown at truckstuffusa dot com 
Confirmed this condition also exists on php 4.3.8 on Apache 2.0.50.  Ran both segments of code given below.  Each time the output of the script was good, but there was no access/error log generated by Apache.
 [2004-08-09 17:31 UTC] sbrown at truckstuffusa dot com 
Sorry, fogot to mention I'm running Redhat 9 here.
 [2004-08-09 22:41 UTC] brian at centurionservice dot com 
Confirmed bug on RedHat 9, Apache 2.0.50, PHP 4.3.8. Reports a segmentation fault in the Apache error log and no entry in the access log. httpd seems to recover fine with no user interaction nessesary.

Seg fault if ran through the CLI version on RedHat 9, PHP 4.3.8.

Crashes on Windows XP, PHP 5 using the CLI version.
 [2004-08-10 17:44 UTC] hazer at chipshot dot net 
Reproducable on Apache 2.0.48 mod_ssl OpenSSL0.9.7c PHP 5.0.0 Linux Kernel 2.6.7 GCC 3.2.2

Run through CLI it gives a seg fault.

Viewed via web it gives nothing, even if there is something to be output before the code in question. It doesn't look like we can expect this to be used for 'hiding' pages on the server, but there is something that needs to be looked at...
 [2004-08-11 04:08 UTC] neil at ncsconsulting dot com 
Confirming on Redhat 9, apache 1.3.31, php 4.3.8 
 
running php crash.php gives segfault.  Running through 
apache gives dreaded 'child exit signal segfault'. 
 
Program received signal SIGSEGV, Segmentation fault. 
[Switching to Thread 1080494848 (LWP 26212)] 
0x081b555a in _efree () 
(gdb) bt 
#0  0x081b555a in _efree () 
#1  0x081c9e7f in zend_hash_destroy () 
#2  0x081c3aa5 in _zval_dtor () 
#3  0x081bcbbc in _zval_ptr_dtor () 
#4  0x081d3682 in execute () 
#5  0x081d447d in execute () 
#6  0x081c53bf in zend_execute_scripts () 
#7  0x08198d0e in php_execute_script () 
#8  0x081e341f in main () 
#9  0x42015704 in __libc_start_main () 
from /lib/tls/libc.so.6
 [2004-08-11 08:14 UTC] derick@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip

This works fine for me here...
 [2004-08-13 02:13 UTC] neil at ncsconsulting dot com 
This crash still happens with 4.3.9RC1. 
I haven't tried php5 yet
 [2004-08-15 11:52 UTC] anthony dot debhian at only-for dot info 
With http://snaps.php.net/win32/php5-win32-latest.zip, the bug works always (winXP)
 [2005-02-10 00:21 UTC] tony2001@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php5-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.0-win32-latest.zip

Can't reproduce with latest snapshots.
 [2005-02-17 01:00 UTC] php-bugs at lists dot php dot net 
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2006-01-12 13:43 UTC] itsmegawtf at gmail dot com 
<?
function POC($var1) {
	while($var2 = POC($var1)) {}
POC("test");
?>

PHP4 and PHP5 affected, recursion level limit.
Tested on Latest stable versions and latest snapshots.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu May 02 04:01:30 2024 UTC