PHP :: Bug #62910 :: intern string crash with phpts

Bug #62910	intern string crash with phpts
Submitted:	2012-08-23 17:41 UTC	Modified:	2012-12-05 15:25 UTC
From:	mattficken@php.net	Assigned:	ab (profile)
Status:	Closed	Package:	APC (PECL)
PHP Version:	5.4.6	OS:	Windows
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	mattficken@php.net
New email:
PHP Version:		OS:

New Comment:

[2012-08-23 17:41 UTC] mattficken@php.net

Description:
------------
I ran the phpunit tests for standard Symfony components and found 3 tests that crash PHP when APC is enabled (interned strings related).

I have translated those 3 tests to PHPTs now in APC, which crash (AV) PHP on Windows with APC 3.1.11 and php 5.4.6 nts.



Test script:
---------------
See symfony_* PHPTs

Expected result:
----------------
== doesn't crash ==

Actual result:
--------------
00 00c0d9fc 10007e5c 025edb90 0000001d 10008994 php_apc!apc_new_interned_string(char * arKey = 0x025edb90 "/Extensions/RepeatedTest.php", int nKeyLength = 0n29)+0x184 (FPO: [2,1,0]) (CONV: cdecl) [c:\php-sdk\php54\vc9\x86\php-src\ext\apc\apc_string.c @ 91]
01 00c0da08 10008994 025fa520 0351d470 0351eb68 php_apc!apc_string_pmemcpy(char * str = 0x931c35b3 "--- memory read error at address 0x931c35b3 ---", unsigned int len = 0x3115148, struct _apc_pool * pool = 0x0351c2b0)+0xc (FPO: [0,0,0]) (CONV: cdecl) [c:\php-sdk\php54\vc9\x86\php-src\ext\apc\apc_compile.c @ 284]
02 00c0da20 10009323 0351d470 0351c570 02fa6598 php_apc!my_copy_zval(struct _zval_struct * dst = 0x0351d470, struct _zval_struct * src = 0x000035b3, struct _apc_context_t * ctxt = 0x03115110)+0xf4 (FPO: [1,1,0]) (CONV: cdecl) [c:\php-sdk\php54\vc9\x86\php-src\ext\apc\apc_compile.c @ 342]
03 00c0db60 10009ea8 0351c4e8 02fa6510 00c0dbe0 php_apc!apc_copy_op_array(struct _zend_op_array * dst = 0x0351c4e8, struct _zend_op_array * src = 0x02fa6510, struct _apc_context_t * ctxt = 0x00c0dbe0)+0x1f3 (FPO: [3,74,0]) (CONV: cdecl) [c:\php-sdk\php54\vc9\x86\php-src\ext\apc\apc_compile.c @ 1105]
04 00c0db80 1000a424 00000000 02fa6510 00c0dbe0 php_apc!my_copy_function(union _zend_function * dst = 0x00000000, union _zend_function * src = 0x02fa6510, struct _apc_context_t * ctxt = 0x00c0dbe0)+0x78 (FPO: [3,0,0]) (CONV: cdecl) [c:\php-sdk\php54\vc9\x86\php-src\ext\apc\apc_compile.c @ 474]
05 00c0dbb0 1000cab4 00000011 00c0dbe0 00c0e0ac php_apc!apc_copy_new_functions(int old_count = 0n17, struct _apc_context_t * ctxt = 0x00c0dbe0)+0x124 (FPO: [2,4,0]) (CONV: cdecl) [c:\php-sdk\php54\vc9\x86\php-src\ext\apc\apc_compile.c @ 1380]
06 00c0e090 1000cf2d 00c0e250 00c0e344 00000008 php_apc!apc_compile_cache_entry(struct apc_cache_key_t * key = 0x00c0e250, struct _zend_file_handle * h = 0x00c0e344, int type = 0n8, long t = 0n1345743493, struct _zend_op_array ** op_array = 0x00c0e110, struct apc_cache_entry_t ** cache_entry = 0x00c0e114)+0x1e4 (FPO: [6,305,0]) (CONV: cdecl) [c:\php-sdk\php54\vc9\x86\php-src\ext\apc\apc_main.c @ 454]
07 00c0e284 7140ad41 00c0e344 00000008 025ee5f8 php_apc!my_compile_file(struct _zend_file_handle * h = 0x00c0e344, int type = 0n8)+0x3bd (FPO: [Non-Fpo]) (CONV: cdecl) [c:\php-sdk\php54\vc9\x86\php-src\ext\apc\apc_main.c @ 610]
08 00c0e328 715a163a 00c0e344 00000008 025ee4e0 php5!zend_compare_file_handles+0xc1
09 00c0e394 713b8424 00c0e3f8 00c0f69c 00c0e3e0 php5!libiconv_open+0x7bd6a
0a 00c0e3b0 7141f3a1 025ec628 00000000 00c0f69c php5!execute+0x164
0b 00c0e3e0 7138c64e 00000008 00000000 00000003 php5!zend_execute_scripts+0xc1
0c 00c0f544 00241738 029ab048 0024b754 00000006 php5!php_execute_script+0x14e
0d 00000000 00000000 00000000 00000000 00000000 php!sapi_cli_single_write+0x5a8

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2012-12-05 15:25 UTC] ab@php.net

The bug was intl related, fixed by Gustavo Lopes in this commit

http://git.php.net/?p=php-src.git;a=commitdiff;h=a5d0c1e21b9fa166d8fe5ec7d52a24a5f7adc107

[2012-12-05 15:25 UTC] ab@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: ab

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Jul 12 16:01:33 2025 UTC