php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #65927 _zend_mm_free_int caused access violation
Submitted: 2013-10-18 08:07 UTC Modified: 2014-12-30 10:42 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: it dot vie at virtual-identity dot com Assigned:
Status: No Feedback Package: sqlsrv (PECL)
PHP Version: 5.4.21 OS: Windows 2012
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: it dot vie at virtual-identity dot com
New email:
PHP Version: OS:

 

 [2013-10-18 08:07 UTC] it dot vie at virtual-identity dot com
Description:
------------
We are using:
 * Windows 2012
 * httpd-2.4.4-win32
 * mod_fcgid-2.3.7-win32
 * php_sqlsrv_54_nts
 * php 5.4.21
 * drupal 7.x

The php-cgi.exe crashes on "high" load (20-50 r/sec) with an access violation. I created a debugging output as shown on "bugs-generating-backtrace-win32".

IMHO the 

#define ZEND_MM_IS_FREE_BLOCK(b)		(!((b)->info._size & ZEND_MM_USED_BLOCK))

should check if b is a valid pointer or there should be more checks when using ZEND_MM_IS_FREE_BLOCK, but I'm not a C pro :)

Can you help me with this issue?

Actual result:
--------------
php5!_zend_mm_free_int+57 [c:\php-sdk\php53dev\vc9\x86\php-5.3.24\zend\zend_alloc.c @ 2028]   c:\php-sdk\php53dev\vc9\x86\php-5.3.24\zend\zend_alloc.c @ 2028 
php5!_efree+19 [c:\php-sdk\php53dev\vc9\x86\php-5.3.24\zend\zend_alloc.c @ 2361 + a]   c:\php-sdk\php53dev\vc9\x86\php-5.3.24\zend\zend_alloc.c @ 2361 + a 
php_pdo_sqlsrv_53_nts+6833 
...
...
...
sqlncli11!SNIPacketSetConnection+b4    
sqlncli11!Session::ProcessDataPacket+1ef    
sqlncli11!CCriticalSectionNT::Leave+d    
0x018e5c58    
ntdll!RtlpHeapFindListLookupEntry+40    
ntdll!RtlpFindEntry+49    
0x0673d4d0    
ntdll!RtlpAllocateHeap+6e6    
0x06720000    
ntdll!RtlAllocateHeap+2de    
php_pdo_sqlsrv_53_nts+12903    
ntdll!RtlpAllocateHeap+76d    
ntdll!RtlAllocateHeap+176    
ntdll!RtlpHeapFindListLookupEntry+40    
ntdll!RtlpFindEntry+49    
ntdll!RtlpFreeHeap+667    
0x067287c8    
ntdll!RtlpFreeHeap+667    
ntdll!RtlFreeHeap+206    
sqlncli11!CImpISOSHost_MPMemObj::OperatorDelete+1c    
sqlncli11!BATCHCTX::Release+a1 


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-10-18 08:15 UTC] it dot vie at virtual-identity dot com
Sorry! The debugging output is from the first test with 5.3.24, but we could reproduce this also in the current build of php 5.4.21 for Windows.
 [2013-10-18 09:47 UTC] it dot vie at virtual-identity dot com
I further investigated and found out that the access violation only happens with the SQLSRV30 dll Package and not with the SQLSRV20 Dll Package found http://www.microsoft.com/en-us/download/details.aspx?id=20098
 [2013-10-21 06:39 UTC] laruence@php.net
-Status: Open +Status: Feedback
 [2013-10-21 06:39 UTC] laruence@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.


 [2013-10-24 07:08 UTC] it dot vie at virtual-identity dot com
-Status: Feedback +Status: Open
 [2013-10-24 07:08 UTC] it dot vie at virtual-identity dot com
Hi,

this is a little bit tricky because the php app running on this site is a drupal installation. I try to generate a test script.

cu
 [2014-01-05 10:58 UTC] ab@php.net
-Status: Open +Status: Feedback -Package: Reproducible crash +Package: sqlsrv
 [2014-12-30 10:42 UTC] pecl-dev at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 30 14:01:28 2024 UTC