php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #53292 imap_header crashes when too may To: addresses exist
Submitted: 2010-11-10 23:40 UTC Modified: 2011-03-03 11:30 UTC
Votes:3
Avg. Score:4.7 ± 0.5
Reproduced:2 of 3 (66.7%)
Same Version:2 (100.0%)
Same OS:1 (50.0%)
From: mmitchell at riccagroup dot com Assigned: pajoye (profile)
Status: Closed Package: IMAP related
PHP Version: 5.2.14 OS: Windows
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: mmitchell at riccagroup dot com
New email:
PHP Version: OS:

 

 [2010-11-10 23:40 UTC] mmitchell at riccagroup dot com 
Description:
------------
Seems that bug http://bugs.php.net/19280 is happening again.

When I try to read a mail message with a long list of To: addresses PHP crashes every time. The email I have issues with has a 168 "To:" addresses in it. 

Test script:
---------------
$mbox = imap_open($imapLocation.'INBOX', $user, $pass);
$headerInfo = imap_header($mbox, $mailID);
// Above will crash if the message being read has too many To: addresses 


Expected result:
----------------
Should not crash, should parse as many To: addresses as possible

Actual result:
--------------
PHP exists with a status other then zero. This status changes each time the script crashes.

Windows error log shows 

Faulting application php.exe, version 5.2.13.13, faulting module php_imap.dll, version 5.2.13.13, fault address 0x00046144.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-11-11 00:10 UTC] cataphract@php.net
-Status: Open +Status: Feedback
 [2010-11-11 00:10 UTC] cataphract@php.net 
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.
 [2010-11-11 16:47 UTC] mmitchell at riccagroup dot com
-Status: Feedback +Status: Open
 [2010-11-11 16:47 UTC] mmitchell at riccagroup dot com 
I did a backtrace but it seems to crash in ntdll.dll and I don't know if any of this is useful. I'm not sure how to upload the backtrace file so I will just paste the parts that seem to be important here. 


Thread 0 - System ID 11372
Entry point   php+2f72 
Create time   11/11/2010 1:15:22 AM 
Time spent in user mode   0 Days 0:0:3.843 
Time spent in kernel mode   0 Days 0:0:0.312 

Function     Arg 1     Arg 2     Arg 3   Source 
ntdll!RtlSubtreePredecessor+195     00411028     00411044     00411028   
super long list here.....

NTDLL!RTLSUBTREEPREDECESSOR+195WARNING - DebugDiag was not able to locate debug symbols for ntdll.dll, so the information below may be incomplete.




In php__PID__3540__Date__11_11_2010__Time_01_15_39AM__469__Second_Chance_Exception_C0000005.dmp the assembly instruction at ntdll!RtlSubtreePredecessor+195 in C:\WINDOWS\system32\ntdll.dll from Microsoft Corporation has caused an access violation exception (0xC0000005) when trying to write to memory location 0x00410fb0 on thread 0

Module Information 
Image Name: C:\WINDOWS\system32\ntdll.dll   Symbol Type:  Export 
Base address: 0x7c800000   Time Stamp:  Mon Feb 09 06:02:56 2009  
Checksum: 0x000c2b9d   Comments:   
COM DLL: False   Company Name:  Microsoft Corporation 
ISAPIExtension: False   File Description:  NT Layer DLL 
ISAPIFilter: False   File Version:  5.2.3790.4455 (srv03_sp2_gdr.090203-1205) 
Managed DLL: False   Internal Name:  ntdll.dll 
VB DLL: False   Legal Copyright:  © Microsoft Corporation. All rights reserved. 
Loaded Image Name:  ntdll.dll   Legal Trademarks:   
Mapped Image Name:     Original filename:  ntdll.dll 
Module name:  ntdll   Private Build:   
Single Threaded:  False   Product Name:  Microsoft® Windows® Operating System 
Module Size:  776.00 KBytes   Product Version:  5.2.3790.4455 
Symbol File Name:  ntdll.dll   Special Build:  &
 [2010-11-11 18:06 UTC] mmitchell at riccagroup dot com 
I tried to do a better back trace this time. I was missing the entry in the debug symbol path this time that downloads the microsoft debug symbols.

My Symbol search path is 
"C:\php;C:\php\ext;SRV*c:\symbols*http://msdl.microsoft.com/download/symbols"

For some reason I still get 

"WARNING - DebugDiag was not able to locate debug symbols for C:\php\ext\php_imap.dll, so the information below may be incomplete."

But the .pdb file is at C:\php\ext\php_imap.pdb so I'm not sure why it can't find it. Any ideas?
 [2010-11-11 18:30 UTC] pajoye@php.net 
Try with 5.3.3 please.
 [2010-11-11 18:30 UTC] pajoye@php.net
-Status: Open +Status: Feedback
 [2010-11-11 18:32 UTC] pajoye@php.net 
I mean the bug not to get a backtrace.
 [2010-11-11 18:51 UTC] mmitchell at riccagroup dot com
-Status: Feedback +Status: Open
 [2010-11-11 18:51 UTC] mmitchell at riccagroup dot com 
Works with 5.3.3 VC6 Thread Safe!
Works with 5.3.3 VC9 Thread Safe!

Still fails with 5.2.14 even with minimal config where php_imap is the only ext loaded.

I guess whatever change in 5.3 fixed this should be back ported to 5.2?
 [2011-03-03 11:25 UTC] chrisst at carmel dot ac dot uk 
Agreed with mmitchell, I am also experiencing this issue.  Would be great if this could be ported to 5.2.x.
 [2011-03-03 11:30 UTC] pajoye@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: pajoye
 [2011-03-03 11:30 UTC] pajoye@php.net 
5.2 is a dead branch and it is actually a c-client problem. 5.3 has the newest 
version of c-client, which seems to fix this problem.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sat Jan 18 07:01:30 2025 UTC