php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #49767 estrdup crash
Submitted: 2009-10-04 17:04 UTC Modified: 2009-10-16 23:33 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: mb at smartftp dot com Assigned: pajoye (profile)
Status: Closed Package: Reproducible crash
PHP Version: 5.3.0 OS: win32 only -Windows 2008 SP2 x86
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: mb at smartftp dot com
New email:
PHP Version: OS:

 

 [2009-10-04 17:04 UTC] mb at smartftp dot com 
Description:
------------
The following crash occurs every minute:

unction     Arg 1     Arg 2     Arg 3   Source 
php5!_estrdup+10     00000000     00c0de74     00c0de74    
php5!UpdateIniFromRegistry+141     00000000     00c0d400     100ab2e0    
php5!php_execute_script+b1     00c0de74     0040a500     00000001    
php_cgi!main+ab0     00000001     01871300     018717c8    
php_cgi!memset+160     7ffdf000     00c0ffd4     776919bb    
kernel32!BaseThreadInitThunk+e     7ffdf000     79a4bd48     00000000    
ntdll!__RtlUserThreadStart+23     004062ca     7ffdf000     00000000    
ntdll!_RtlUserThreadStart+1b     004062ca     7ffdf000     00000000    

Find complete crash report at:
http://rapidshare.com/files/288635650/CrashHang_Report__PID_3112__PID_3728__PID_4460__PID_472__PID_5168__PID_5216__PID_5276__PID_5388__100.html


Reproduce code:
---------------
not available

Expected result:
----------------
no crash

Actual result:
--------------
crash

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-10-04 17:09 UTC] mb at smartftp dot com 
Trimmed URL:
http://trim-url.com/?gW
 [2009-10-04 17:21 UTC] pajoye@php.net 
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.
 [2009-10-04 17:23 UTC] pajoye@php.net 
Btw, can you also zip the report and send it to me or provide a link to the zip (pls not one of these radidshare thing) :)
 [2009-10-04 17:28 UTC] mb at smartftp dot com 
I don't think you need a script. A little bit of time and motivation would do as well:

Please review your code:

File: main.c
PHPAPI int php_execute_script(zend_file_handle *primary_file TSRMLS_DC)
{
...
#ifdef PHP_WIN32
		UpdateIniFromRegistry(primary_file->filename TSRMLS_CC);
#endif
..
}

Then:
File: registry.c
void UpdateIniFromRegistry(char *path TSRMLS_DC)
{
-> BUG: missing check for argument

// here comes the check for Per Directory registry value. If it is not found the function exists and never comes to the estrdup and hence no crash.
...
	orig_path = path = estrdup(path);
..
}

The problem only happens if the "Per Directory Values" registry key is present. In this case estrdup(NULL) is called and you get the crash.

So I think the argument (path) should be checked for NULL. And when I look at the main.c I also noticed that you sometimes expect the primary_file->filename to be null, so maybe you add a check before the UpdateIniFromRegistry() call.

Proposed FIX:
#ifdef PHP_WIN32
if(primary_file->filename)
{
		UpdateIniFromRegistry(primary_file->filename TSRMLS_CC);
}
#endif

+ Add argument check for UpdateIniFromRegistry

Workaround:
Remove "Per Directories Values" registry key.

Regards,
Mat
 [2009-10-04 19:25 UTC] pajoye@php.net 
I corrected myself about the script by asking for the full bt (the one on RS was not readable).

The diagnostic sounds good, I have to reproduce it to be sure. Assigned to me.
 [2009-10-04 19:35 UTC] mb at smartftp dot com 
I have also sent you the crash report by email. Open the .mht file (RS removed the .mth extension for some reason) with IE.
 [2009-10-13 22:25 UTC] danielc@php.net 
Bug #47627 marked duplicate of this.
 [2009-10-16 23:33 UTC] stas@php.net 
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

This should be fixed now.
 [2009-10-16 23:34 UTC] svn@php.net 
Automatic comment from SVN on behalf of stas
Revision: http://svn.php.net/viewvc/?view=revision&revision=289706
Log: improve fix for #49767 and #47627 - make PHP report
"no script" on 404 again
 [2009-10-19 17:04 UTC] svn@php.net 
Automatic comment from SVN on behalf of pajoye
Revision: http://svn.php.net/viewvc/?view=revision&revision=289757
Log: - Merge: improve fix for #49767 and #47627 - make PHP report 'no script' on 404 again
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri Jul 04 15:01:36 2025 UTC