php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #67729 WinCache 1.3.6.1 crash due to _callstatic function
Submitted: 2014-07-31 19:05 UTC Modified: 2014-10-10 20:08 UTC
Votes:4
Avg. Score:4.0 ± 1.2
Reproduced:4 of 4 (100.0%)
Same Version:2 (50.0%)
Same OS:3 (75.0%)
From: tser at deltacontrols dot com Assigned: ericsten (profile)
Status: Closed Package: WinCache (PECL)
PHP Version: 5.4.31 OS: Windows 7 64bit
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: tser at deltacontrols dot com
New email:
PHP Version: OS:

 

 [2014-07-31 19:05 UTC] tser at deltacontrols dot com 
Description:
------------
Try to load an external php that define a class with __callStatic will cause a crash in wincache.

Setup FastCGI on IIS, using the TestScript, iisreset first, just browse phpinfo.php, refresh the browser several times, the php_cgi.exe will crash with the following call stack listed in Actual Result.



Test script:
---------------
phpinfo.php
<?
require_once('global.php');
phpinfo()


global.php
<?
abstract class Delta_Db_Row
  {
    public static function __callStatic ($name, array $arguments)
      {
        return 5;
      }
  }

abstract class Delta_Log_Row extends Delta_Db_Row
  {
  }

class Settings_Global extends Delta_Log_Row
  {
    function getDependentTables(){ return array(); }
  }



Expected result:
----------------
Not crash.

Actual result:
--------------
Crash


php_wincache.dll!copy_zend_class_entry(opcopy_context * popcopy=0x022a9428, _zend_class_entry * poldce=0x05b020f8, _zend_class_entry * * ppnewce=0x00b8e880) Line 2909	C
php_wincache.dll!opcopy_zend_copyout(opcopy_context * popcopy=0x022a9428, ocache_value * pvalue=0x05b017ac) Line 4140	C
php_wincache.dll!ocache_useval(ocache_context * pcache=0x022ce160, ocache_value * pvalue=0x05b017ac, _zend_op_array * * pparray=0x00b8e92c) Line 595	C
php_wincache.dll!aplist_ocache_use(aplist_context * pcache=0x022db058, ocache_value * povalue=0x05b017ac, _zend_op_array * * pparray=0x00b8e92c) Line 2247	C


In copy_zend_clas_entry, poldce->__callstatic is not NULL

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-10-10 17:11 UTC] ericsten@php.net
-Assigned To: +Assigned To: ericsten
 [2014-10-10 18:28 UTC] ericsten@php.net 
Problem understood.  Fix will be in WinCache 1.3.6.3.

Bug: Dead #ifdef in Wincache was skipping initialization of zend_class_entry.__callstatic member.

Fix: Change to correct #ifdef.

Thx!
    --E.
 [2014-10-10 19:31 UTC] ericsten@php.net 
Automatic comment from SVN on behalf of ericsten
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=335042
Log: wincache 1.3.6.3
php bug 67729 __callstatic not properly cached, leading to AV
 [2014-10-10 20:08 UTC] ericsten@php.net
-Status: Assigned +Status: Closed
 [2014-10-10 20:08 UTC] ericsten@php.net 
Fix available on SourceForge:

http://sourceforge.net/projects/wincache/files/development/wincache-1.3.6.3-dev-5.3-nts-vc9-x86.exe/download
http://sourceforge.net/projects/wincache/files/development/wincache-1.3.6.3-dev-5.4-nts-vc9-x86.exe/download
http://sourceforge.net/projects/wincache/files/development/wincache-1.3.6.3-dev-5.5-nts-vc11-x86.exe/download
http://sourceforge.net/projects/wincache/files/development/wincache-1.3.6.3-dev-5.6-nts-vc11-x86.exe/download

Thx!
    --E.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Jul 03 19:01:35 2025 UTC