php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #68583 Crash in timeout thread
Submitted: 2014-12-10 06:13 UTC Modified: 2014-12-10 06:15 UTC
From: ab@php.net Assigned: ab (profile)
Status: Closed Package: Scripting Engine problem
PHP Version: Irrelevant OS: Windows
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: ab@php.net
New email:
PHP Version: OS:

 

 [2014-12-10 06:13 UTC] ab@php.net
Description:
------------
php-cgi.exe (5.6.0 x86) crashes with the exit value:  INVALID_POINTER_READ  0xc0000005

Primarily this is on Win7sp1x64, primarily from Chinese locale, also Japanese (2 byte unicode charsets) and Russian. Only ~1% of hits are for English locale.


It has 3 threads running:

It appears to crash in zend_fetch_dimension_address_read(),  around line zend_execute_api.c:1306.

Maybe it’s the line: ZVAL_COPY_VALUE(&tmp, dim);

That seems like a strange place for a crash. Let me know what you think :) and I can try to find the correct information.


020afd98 6c8a485f user32+0xb891
020afdd0 6d32f2e9 php5!timeout_thread_proc+0x9f [c:\php-sdk\php56\vc11\x86\php-5.6.0\zend\zend_execute_api.c @ 1306]
020afe08 6d32f2cd msvcr110+0x2f2e9
020afe14 75148543 msvcr110+0x2f2cd
020afe20 776dac69 kernel32+0x28543
020afe64 776dac3c ntdll+0x5ac69
020afe7c 00000000 ntdll+0x5ac3c

And the other 2 threads
00a3ce3c 751856c0 ntdll+0x41318
00a3ceb0 7518586a kernel32+0x656c0
00a3cec4 75157828 kernel32+0x6586a
00a3ced0 771807c4 kernel32+0x37828
00a3cf6c 776fc11c KERNELBASE+0x907c4
00a3fc1c 776dac3c ntdll+0x7c11c
00a3fc34 00000000 ntdll+0x5ac3c

02fafe7c 75148543 ntdll+0x42828
02fafe88 776dac69 kernel32+0x28543
02fafecc 776dac3c ntdll+0x5ac69
02fafee4 00000000 ntdll+0x5ac3c

This crash is being reported for PHP-5.6 on win7 x86 and x64, but the same code causing it is present also in earlier PHP versions. The code with the custom thread for timeout handling seems to descend from the even pre XP era and should be replaced with something more modern.


Expected result:
----------------
no crash

Actual result:
--------------
crash

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-12-10 06:15 UTC] ab@php.net
-Assigned To: +Assigned To: ab
 [2014-12-10 06:15 UTC] ab@php.net
This is also related to bug #7051 and bug #35298
 [2014-12-12 13:04 UTC] ab@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=3affc0e8a2167fd5e31cf120f691f52d474e5f89
Log: Fixed bug #68583 Crash in timeout thread
 [2014-12-12 13:04 UTC] ab@php.net
-Status: Assigned +Status: Closed
 [2014-12-12 15:51 UTC] ab@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=3affc0e8a2167fd5e31cf120f691f52d474e5f89
Log: Fixed bug #68583 Crash in timeout thread
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Dec 03 17:01:29 2024 UTC