php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #50241 Crash in gmp_init() function of php_gmp
Submitted: 2009-11-20 12:40 UTC Modified: 2009-12-10 02:04 UTC
From: Brian dot White at foxfire74 dot com Assigned: pajoye (profile)
Status: Closed Package: GNU MP related
PHP Version: 5.3.1 OS: win32 only - Windows XP SP3
Private report: No CVE-ID: None
 [2009-11-20 12:40 UTC] Brian dot White at foxfire74 dot com
Description:
------------
Did the compiler options for GMP change between 5.3.0 and 5.3.1?  The code below executes properly in 5.3.0; but crashes when run using 5.3.1, however, the stack traces (attached) are uninformative.  Crash happens as both an Apache2.2 module as well as CLI.  Crash does NOT happen on Core 2 Duo (Family 6, Model F, Stepping B), only on Pentium III EB(Family 6, Model 8, Stepping 6).  php_gmp on Windows usus MIPR which supports x86 processors as old as the Pentium depending on how it was compiled.

Reproduce code:
---------------
<?php
      $a = '155172898181473697471232257763715539915724801'.
        '966915404479707795314057629378541917580651227423'.
        '698188993727816152646631438561595825688188889951'.
        '272158842675419950341258706556549803580104870537'.
        '681476726513255747040765857479291291572334510643'.
        '245094715007229621094194349783925984760375594985'.
        '848253359305585439638443';

    $n = gmp_init($a, 10);
    var_dump($n);
?>


Expected result:
----------------
resource(4) of type (GMP integer)


Actual result:
--------------
Apache 2.2 Backtrace
====================
Thread 148 - System ID 396
Entry point   msvcr90!_endthreadex+6f 
Create time   11/20/2009 5:20:47 AM 
Time spent in user mode   0 Days 0:0:8.502 
Time spent in kernel mode   0 Days 0:0:0.711 

Function     Arg 1     Arg 2     Arg 3   Source 
php_gmp!__gmpn_mul_1+1a     0681d1d8     0681d1d8     00000001    
php_gmp!__gmpn_set_str+11d     0681d1d8     0682e970     00000135    
php_gmp!__gmpz_set_str+1af     053691c8     0682e828     0000000a    
php_gmp!__gmpz_init_set_str+2d     053691c8     0682e828     0000000a    
php_gmp!zm_info_gmp+147     041ff988     0000000a     04832af0    
php_gmp!zif_gmp_init+7c     00000002     0682b7b8     00000000    
php5ts!execute+1110     05374270     04832a00     04832af0    
php5ts!execute+583a     00000000     041ffae0     04832af0    
php5ts!execute+2e8     04a3c148     04832a01     04832af0    
php5ts!zend_call_function+884     00000000     041ffacc     05371e08    
php5ts!zif_call_user_func_array+63     00000002     05367188     00000000    
php5ts!execute+1110     05371e08     04832a00     04832af0    
php5ts!execute+583a     04832af0     041ffbe4     00000000    
php5ts!execute+2e8     0533e2e8     04832a00     04832af0    
php5ts!zend_execute_scripts+fe     00000008     04832af0     00000000    
php5ts!php_execute_script+239     041ffe70     04832af0     00000005    
php5apache2_2!zm_info_apache+1744     047b5b60     012522c8     047b5b60    
libhttpd!ap_run_handler+25     00000000     00000000     00000000    

In httpd__PID__5396__Date__11_20_2009__Time_05_25_09AM__793__Second_Chance_Exception_C000001D.dmp the assembly instruction at php_gmp!__gmpn_mul_1+1a in C:\PHP\ext\php_gmp.dll from The PHP Group has caused an unknown exception (0xc000001d) on thread 148

CLI Backtrace
=============
Thread 0 - System ID 4656
Entry point   php+2fa2 
Create time   11/20/2009 7:00:15 AM 
Time spent in user mode   0 Days 0:0:1.181 
Time spent in kernel mode   0 Days 0:0:0.340 

Function     Arg 1     Arg 2     Arg 3   Source 
php_gmp!get_module+c85a     0114e7a0     0114e7a0     00000001    
php_gmp!get_module+15e0d     0114fc48     00000004     00000088    
php_gmp!get_module+c08d     0114e7a0     0114ea10     00000135    
php_gmp!get_module+b82f     0114fc18     0114e8c8     0000000a    
php_gmp!get_module+53ad     00000000     00000000     00000000    

In php__PID__440__Date__11_20_2009__Time_07_00_22AM__370__Second_Chance_Exception_C000001D.dmp the assembly instruction at php_gmp!get_module+c85a in C:\TEMP\PHP\ext\php_gmp.dll from The PHP Group has caused an unknown exception (0xc000001d) on thread 0


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-11-20 12:54 UTC] pajoye@php.net
The only difference between 5.3.0 and 5.3.1 is that we use ASM in MPIR.

PIII is not on our tests matrix, niether it is on the MPIR one. I'll try to create a C example and report this bug to the MPIR project. But that's not a PHP bug per se (> bogus).
 [2009-11-21 22:35 UTC] Brian dot White at foxfire74 dot com
The problem is indeed lib_mipr.  When I rebuilt php_gmp with mpir-1.2.0 (presumably the same version that was used for PHP 5.3.0) or with mpir-1.2.2 (which was just released), the problem went away.  The release candidate of mpir-1.3.0 also yields an extension that runs without crashing.  I request/recommend that mpir-1.2.2 or higher be included in PHP 5.3.2.  The VC9 version of PHP runs fast enough on Win32/PIII that the hardware is still useful.  I can provide a PIII compatible version of version of php_gmp for PHP 5.3.1 (using YASM and based upon mpir-1.2.2) if anyone is interested.  Also, php_gmp from version PHP 5.3.0 *should* work with PHP 5.3.1.
 [2009-11-22 11:35 UTC] pajoye@php.net
Yes, 5.3.0's gmp works just fine with 5.3.1 (or any 5.3.x).

I did not see any relevent changes in 1.2.2 to do an update so late in the 5.3.1 process, but I will update mpir to 1.2.2 next week. Snapshots and the next release will have it. Move to "assigned" so I do not forget this update :)

Thanks for your tests and feedbacks!
 [2009-12-10 02:04 UTC] pajoye@php.net
Libs updated to 1.2.2, next snapshots will have it as well as 5.3.2RC
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Oct 31 23:01:28 2024 UTC