PHP :: Bug #69183 :: Access violation in php7.dll!

Bug #69183	Access violation in php7.dll!_emalloc
Submitted:	2015-03-04 13:13 UTC	Modified:	2019-01-30 19:11 UTC
From:	mberchtold at gmail dot com	Assigned:
Status:	Closed	Package:	opcache
PHP Version:	master-Git-2015-03-04 (snap)	OS:	Windows Server 2012 R2
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	mberchtold at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2015-03-04 13:13 UTC] mberchtold at gmail dot com

Description:
------------
stack trace:
>	php7.dll!_emalloc(unsigned int size) Line 2200	C
 	php7.dll!concat_function(_zval_struct * result, _zval_struct * op1, _zval_struct * op2) Line 1582	C
 	php7.dll!zend_eval_const_expr(_zend_ast * * ast_ptr) Line 6687	C
 	php7.dll!zend_try_ct_eval_array(_zval_struct * result, _zend_ast * ast) Line 5315	C
 	php7.dll!zend_eval_const_expr(_zend_ast * * ast_ptr) Line 6711	C
 	php7.dll!zend_try_ct_eval_array(_zval_struct * result, _zend_ast * ast) Line 5315	C
 	php7.dll!zend_eval_const_expr(_zend_ast * * ast_ptr) Line 6711	C
 	php7.dll!zend_try_ct_eval_array(_zval_struct * result, _zend_ast * ast) Line 5315	C
 	php7.dll!zend_eval_const_expr(_zend_ast * * ast_ptr) Line 6711	C
 	php7.dll!zend_try_ct_eval_array(_zval_struct * result, _zend_ast * ast) Line 5315	C
 	php7.dll!zend_compile_array(_znode * result, _zend_ast * ast) Line 5891	C
 	php7.dll!zend_llist_apply_with_argument(_zend_llist * l, void (void *, void *) * func, void * arg) Line 236	C
 	php7.dll!execute_ex(_zend_execute_data * execute_data) Line 352	C
 	php7.dll!ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER(_zend_execute_data * execute_data) Line 648	C
 	php7.dll!execute_ex(_zend_execute_data * execute_data) Line 352	C
 	php7.dll!zend_call_function(_zend_fcall_info * fci, _zend_fcall_info_cache * fci_cache) Line 847	C
 	php7.dll!zif_call_user_func(_zend_execute_data * execute_data, _zval_struct * return_value) Line 4729	C
 	php7.dll!ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER(_zend_execute_data * execute_data) Line 648	C
 	php7.dll!execute_ex(_zend_execute_data * execute_data) Line 352	C
 	php7.dll!zend_execute(_zend_op_array * op_array, _zval_struct * return_value) Line 381	C
 	php7.dll!zend_execute_scripts(int type, _zval_struct * retval, int file_count, ...) Line 1310	C
 	php7.dll!php_execute_script(_zend_file_handle * primary_file) Line 2539	C
 	php-cgi.exe!main(int argc, char * * argv) Line 2439	C
 	php-cgi.exe!__tmainCRTStartup() Line 536	C
 	kernel32.dll!@BaseThreadInitThunk@12()	Unknown
 	ntdll.dll!__RtlUserThreadStart()	Unknown
 	ntdll.dll!__RtlUserThreadStart@8()	Unknown

I have sent the full crash dump by email to ab@

Test script:
---------------
n/a

Expected result:
----------------
no crash

Actual result:
--------------
Unhandled exception at 0x749DBFE9 (php7.dll) in php-cgi.exe.7788.dmp: 0xC0000005: Access violation reading location 0x28066000.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2015-03-04 14:18 UTC] laruence@php.net

-Status: Open +Status: Feedback

[2015-03-04 14:18 UTC] laruence@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

[2015-03-04 14:23 UTC] mberchtold at gmail dot com

-Status: Feedback +Status: Open

[2015-03-04 14:23 UTC] mberchtold at gmail dot com

I have forwarded the crash dump to you as well.

[2015-03-04 14:58 UTC] laruence@php.net

sorry, I meant to say, we need a reproduce script.

are you able to get one reproduce script?

[2015-03-04 15:03 UTC] mberchtold at gmail dot com

Unfortunately no.

[2015-03-08 15:01 UTC] mberchtold at gmail dot com

I have several new crash dumps from the latest snap:
Revision: r5aebdc9 (March 08 2015, 14:06:45)

All these crashs happen right when the HTTP server is started. Most likely during init/population of the opcache.

I have sent the new crash dumps (including the debug symbols) to ab@ and laruence@

[2015-03-09 07:41 UTC] ab@php.net

@mrechtold, thanks for the further infos. I'm adding a couple of backtraces here based on your dumps. However looks like we can't come forward without a reproduce case, sadly. Also changing to the opcache issue, by at least 2 backtraces it is.

Thanks.

 	php7.dll!zend_mm_realloc_heap(_zend_mm_heap * heap, void * ptr, unsigned int size, unsigned int copy_size) Line 1561	C
 	php7.dll!_erealloc(void * ptr, unsigned int size) Line 2229	C
>	php7.dll!pass_two(_zend_op_array * op_array) Line 738	C
 	php7.dll!zend_compile_func_decl(_znode * result, _zend_ast * ast) Line 4457	C
 	php7.dll!zend_compile_stmt(_zend_ast * ast) Line 6428	C
 	php7.dll!zend_compile_stmt_list(_zend_ast * ast) Line 3968	C
 	php7.dll!zend_compile_stmt(_zend_ast * ast) Line 6373	C
 	php7.dll!zend_compile_class_decl(_zend_ast * ast) Line 4814	C
 	php7.dll!zend_compile_stmt(_zend_ast * ast) Line 6441	C
 	php7.dll!zend_compile_top_stmt(_zend_ast * ast) Line 6352	C
 	php7.dll!zend_compile_top_stmt(_zend_ast * ast) Line 6345	C
 	php7.dll!compile_file(_zend_file_handle * file_handle, int type) Line 597	C
 	php7.dll!phar_compile_file(_zend_file_handle * file_handle, int type) Line 3312	C
 	php_opcache.dll!compile_and_cache_file(_zend_file_handle * file_handle, int type, char * key, unsigned int key_length, _zend_op_array * * op_array_p, int * from_shared_memory) Line 1418	C
 	php_opcache.dll!persistent_compile_file(_zend_file_handle * file_handle, int type) Line 1635	C
 	php7.dll!compile_filename(int type, _zval_struct * filename) Line 638	C
 	php7.dll!ZEND_INCLUDE_OR_EVAL_SPEC_CV_HANDLER(_zend_execute_data * execute_data) Line 24730	C
 	php7.dll!execute_ex(_zend_execute_data * execute_data) Line 352	C
 	php7.dll!zend_call_function(_zend_fcall_info * fci, _zend_fcall_info_cache * fci_cache) Line 862	C
 	php7.dll!zend_call_method(_zval_struct * object, _zend_class_entry * obj_ce, _zend_function * * fn_proxy, const char * function_name, unsigned int function_name_len, _zval_struct * retval_ptr, int param_count, _zval_struct * arg1, _zval_struct * arg2) Line 101	C
 	php7.dll!zif_spl_autoload_call(_zend_execute_data * execute_data, _zval_struct * return_value) Line 426	C
 	php7.dll!zend_call_function(_zend_fcall_info * fci, _zend_fcall_info_cache * fci_cache) Line 881	C
 	php7.dll!zend_lookup_class_ex(_zend_string * name, const _zval_struct * key, int use_autoload) Line 1044	C
 	php7.dll!zend_fetch_class_by_name(_zend_string * class_name, const _zval_struct * key, int fetch_type) Line 1358	C
 	php7.dll!ZEND_FETCH_CONSTANT_SPEC_CONST_CONST_HANDLER(_zend_execute_data * execute_data) Line 4699	C
 	php7.dll!execute_ex(_zend_execute_data * execute_data) Line 352	C
 	php7.dll!zend_call_function(_zend_fcall_info * fci, _zend_fcall_info_cache * fci_cache) Line 862	C
 	php7.dll!zif_call_user_func(_zend_execute_data * execute_data, _zval_struct * return_value) Line 4735	C
 	php7.dll!ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER(_zend_execute_data * execute_data) Line 648	C
 	php7.dll!execute_ex(_zend_execute_data * execute_data) Line 352	C
 	php7.dll!zend_execute(_zend_op_array * op_array, _zval_struct * return_value) Line 381	C
 	php7.dll!zend_execute_scripts(int type, _zval_struct * retval, int file_count, ...) Line 1311	C
 	php7.dll!php_execute_script(_zend_file_handle * primary_file) Line 2539	C
 	php-cgi.exe!main(int argc, char * * argv) Line 2439	C


>	php7.dll!_emalloc(unsigned int size) Line 2208	C
 	php7.dll!_php_stream_fopen(const char * filename, const char * mode, _zend_string * * opened_path, int options) Line 983	C
 	php7.dll!php_plain_files_stream_opener(_php_stream_wrapper * wrapper, const char * path, const char * mode, int options, _zend_string * * opened_path, _php_stream_context * context) Line 1029	C
 	php7.dll!_php_stream_open_wrapper_ex(const char * path, const char * mode, int options, _zend_string * * opened_path, _php_stream_context * context) Line 2066	C
 	php7.dll!php_stream_open_for_zend_ex(const char * filename, _zend_file_handle * handle, int mode) Line 1392	C
 	php7.dll!php_stream_open_for_zend(const char * filename, _zend_file_handle * handle) Line 1384	C
 	php_opcache.dll!persistent_compile_file(_zend_file_handle * file_handle, int type) Line 1526	C
 	php7.dll!compile_filename(int type, _zval_struct * filename) Line 638	C
 	php7.dll!ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER(_zend_execute_data * execute_data) Line 3166	C
 	php7.dll!execute_ex(_zend_execute_data * execute_data) Line 352	C
 	php7.dll!zend_call_function(_zend_fcall_info * fci, _zend_fcall_info_cache * fci_cache) Line 862	C
 	php7.dll!zif_call_user_func(_zend_execute_data * execute_data, _zval_struct * return_value) Line 4735	C
 	php7.dll!ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER(_zend_execute_data * execute_data) Line 648	C
 	php7.dll!execute_ex(_zend_execute_data * execute_data) Line 352	C
 	php7.dll!zend_call_function(_zend_fcall_info * fci, _zend_fcall_info_cache * fci_cache) Line 862	C
 	php7.dll!zif_call_user_func(_zend_execute_data * execute_data, _zval_struct * return_value) Line 4735	C
 	php7.dll!ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER(_zend_execute_data * execute_data) Line 648	C
 	php7.dll!execute_ex(_zend_execute_data * execute_data) Line 352	C
 	php7.dll!zend_execute(_zend_op_array * op_array, _zval_struct * return_value) Line 381	C
 	php7.dll!zend_execute_scripts(int type, _zval_struct * retval, int file_count, ...) Line 1311	C
 	php7.dll!php_execute_script(_zend_file_handle * primary_file) Line 2539	C
 	php-cgi.exe!main(int argc, char * * argv) Line 2439	C
 	php-cgi.exe!__tmainCRTStartup() Line 536	C


 	php7.dll!_emalloc(unsigned int size) Line 2208	C
 	php7.dll!concat_function(_zval_struct * result, _zval_struct * op1, _zval_struct * op2) Line 1582	C
>	php7.dll!ZEND_CONCAT_SPEC_TMPVAR_CONST_HANDLER(_zend_execute_data * execute_data) Line 34390	C
 	php7.dll!execute_ex(_zend_execute_data * execute_data) Line 352	C
 	php7.dll!zend_execute(_zend_op_array * op_array, _zval_struct * return_value) Line 381	C
 	php7.dll!zend_execute_scripts(int type, _zval_struct * retval, int file_count, ...) Line 1311	C
 	php7.dll!php_execute_script(_zend_file_handle * primary_file) Line 2539	C
 	php-cgi.exe!main(int argc, char * * argv) Line 2439	C
 	php-cgi.exe!__tmainCRTStartup() Line 536	C


 	php_opcache.dll!accel_new_interned_string(_zend_string * str) Line 312	C
 	php_opcache.dll!accel_use_shm_interned_strings() Line 377	C
 	php_opcache.dll!accel_startup(_zend_extension * extension) Line 2301	C
>	php7.dll!zend_extension_startup(_zend_extension * extension) Line 162	C
 	php7.dll!zend_llist_apply_with_del(_zend_llist * l, int (void *) * func) Line 171	C
 	php7.dll!zend_startup_extensions(...) Line 183	C
 	php7.dll!php_module_startup(_sapi_module_struct * sf, _zend_module_entry * additional_modules, unsigned int num_additional_modules) Line 2257	C
 	php-cgi.exe!php_cgi_startup(_sapi_module_struct * sapi_module) Line 907	C
 	php-cgi.exe!main(int argc, char * * argv) Line 1886	C
 	php-cgi.exe!__tmainCRTStartup() Line 536	C

[2015-03-09 07:42 UTC] ab@php.net

-Package: *General Issues +Package: opcache

[2015-03-09 18:47 UTC] mberchtold at gmail dot com

I'm keep on getting crashes. I have sent you a new dump but I have no idea to know whether it is related to the crashes.

Unhandled exception at 0x74791FFA (php_opcache.dll) in php-cgi.exe.6112.dmp: 0xC0000005: Access violation reading location 0x0A863B9F.

Stack trace:

>	php_opcache.dll!accel_make_persistent_key(const char * path, int path_length, int * key_len) Line 1054	C
 	php_opcache.dll!persistent_zend_resolve_path(const char * filename, int filename_len) Line 1750	C
 	php7.dll!ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER(_zend_execute_data * execute_data) Line 3132	C
 	php7.dll!execute_ex(_zend_execute_data * execute_data) Line 352	C
 	php7.dll!zend_execute(_zend_op_array * op_array, _zval_struct * return_value) Line 381	C
 	php7.dll!zend_execute_scripts(int type, _zval_struct * retval, int file_count, ...) Line 1311	C
 	php7.dll!php_execute_script(_zend_file_handle * primary_file) Line 2539	C
 	php-cgi.exe!main(int argc, char * * argv) Line 2439	C
 	php-cgi.exe!__tmainCRTStartup() Line 536	C
 	kernel32.dll!@BaseThreadInitThunk@12()	Unknown
 	ntdll.dll!__RtlUserThreadStart()	Unknown
 	ntdll.dll!__RtlUserThreadStart@8()	Unknown

[2019-01-30 18:59 UTC] q21 at bk dot ru

I have Access violation in php7.dll (PHP 7.3.1) when trying to access MariaDB 10.3.12 - for example with phpMyAdmin. Call stack is:
php7.dll!000007fee44ccb3a()
php7.dll!000007fee4433382()
php7.dll!000007fee4431c9d()
php7.dll!000007fee44b87e7()
php7.dll!000007fee44973bf()
php7.dll!000007fee446d14f()
php_xdebug.dll!000007fef3ad530a()
php7.dll!000007fee446fc5f()
php7.dll!000007fee446d14f()
php_xdebug.dll!000007fef3ad530a()
php7.dll!000007fee446fc5f()
php7.dll!000007fee446d14f()
php_xdebug.dll!000007fef3ad530a()
php7.dll!000007fee446fc5f()
php7.dll!000007fee446d14f()
php_xdebug.dll!000007fef3ad530a()
php7.dll!000007fee446ff7f()
php7.dll!000007fee446d14f()
php_xdebug.dll!000007fef3ad530a()
php7.dll!000007fee446fc5f()
php7.dll!000007fee446d14f()
php_xdebug.dll!000007fef3ad530a()
php7.dll!000007fee446fc5f()
php7.dll!000007fee446d14f()
php_xdebug.dll!000007fef3ad530a()
php7.dll!000007fee447424b()
php7.dll!000007fee446d14f()
php_xdebug.dll!000007fef3ad530a()
php7.dll!000007fee446d094()
php7.dll!000007fee44321d7()
php7.dll!000007fee450992b()
php-cgi.exe!000000013f4a3f20()
php-cgi.exe!000000013f4a9168()
kernel32.dll!0000000076de652d()
ntdll.dll!0000000076f1c541()

[2019-01-30 19:11 UTC] mberchtold at gmail dot com

-Status: Open +Status: Closed

[2019-01-30 19:11 UTC] mberchtold at gmail dot com

closed

[2019-01-30 19:47 UTC] q21 at bk dot ru

My bug seems to disappear after I turned opcache OFF.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 18:01:29 2024 UTC