PHP :: Bug #75794 :: getenv() crashes on Windows 7.2.1 when second parameter is false

Bug #75794

getenv() crashes on Windows 7.2.1 when second parameter is false

Submitted:

2018-01-10 14:34 UTC

Modified:

2018-01-15 16:52 UTC

Votes:	3
Avg. Score:	5.0 ± 0.0
Reproduced:	3 of 3 (100.0%)
Same Version:	2 (66.7%)
Same OS:	3 (100.0%)

From:

jon at senyahnoj dot org dot uk

Assigned:

ab (profile)

Status:

Closed

Package:

Reproducible crash

PHP Version:

7.2.1

OS:

Windows

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	jon at senyahnoj dot org dot uk
New email:
PHP Version:		OS:

New Comment:

[2018-01-10 14:34 UTC] jon at senyahnoj dot org dot uk

Description:
------------
Using PHP 7.2.1 (64 bit NTS) on (Windows Server 2012/Windows 7) + IIS FastCGI.

The fast CGI process crashes when PHP calls getenv() with a second parameter (local_only) of false. It's fine if the second parameter is true. 

It does not crash on the previous version 7.2.0.

PHP 7.2.1 on linux also fine. We are wondering if this is a windows platform-specific problem. Could this be related to Bug #75574 which was released in 7.2.1?

Test script:
---------------
<?php
getenv('HTTP_ACCEPT_LANGUAGE', false);

Patches

php.ini (last revision 2018-01-13 10:37 UTC by jon at senyahnoj dot org dot uk)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2018-01-10 15:06 UTC] ab@php.net

-Status: Open +Status: Feedback

[2018-01-10 15:06 UTC] ab@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

[2018-01-11 10:26 UTC] jon at senyahnoj dot org dot uk

-Status: Feedback +Status: Open

[2018-01-11 10:26 UTC] jon at senyahnoj dot org dot uk

Loading control script C:\Program Files\DebugDiag\scripts\CrashRule_Process_php-cgi.exe.vbs
DumpPath set to C:\Program Files\DebugDiag\Logs\Crash rule for all instances of php-cgi.exe
[11/01/2018 10:16:06]
  Process created. BaseModule - D:\phpBinaries\win64\7.2\php-cgi.exe. BaseThread - System ID: 7024
  C:\Windows\SYSTEM32\ntdll.dll loaded at 0x432f0000
  Thread created. New thread - System ID: 6260
  C:\Windows\system32\KERNEL32.DLL loaded at 0x40e70000
  C:\Windows\system32\KERNELBASE.dll loaded at 0x40240000
  D:\phpBinaries\win64\7.2\php7.dll loaded at 0x25750000
  C:\Windows\system32\WS2_32.dll loaded at 0x41e90000
  C:\Windows\system32\ADVAPI32.dll loaded at 0x41db0000
  C:\Windows\SYSTEM32\VCRUNTIME140.dll loaded at 0x33700000
  C:\Windows\SYSTEM32\api-ms-win-crt-stdio-l1-1-0.dll loaded at 0x336f0000
  C:\Windows\SYSTEM32\api-ms-win-crt-environment-l1-1-0.dll loaded at 0x336e0000
  C:\Windows\SYSTEM32\api-ms-win-crt-heap-l1-1-0.dll loaded at 0x32990000
  C:\Windows\SYSTEM32\api-ms-win-crt-string-l1-1-0.dll loaded at 0x32980000
  C:\Windows\SYSTEM32\api-ms-win-crt-runtime-l1-1-0.dll loaded at 0x318d0000
  C:\Windows\SYSTEM32\api-ms-win-crt-convert-l1-1-0.dll loaded at 0x318a0000
  C:\Windows\SYSTEM32\api-ms-win-crt-filesystem-l1-1-0.dll loaded at 0x31720000
  C:\Windows\SYSTEM32\api-ms-win-crt-math-l1-1-0.dll loaded at 0x31710000
  C:\Windows\SYSTEM32\api-ms-win-crt-locale-l1-1-0.dll loaded at 0x31700000
  C:\Windows\system32\ole32.dll loaded at 0x41bc0000
  C:\Windows\system32\USER32.dll loaded at 0x41260000
  C:\Windows\SYSTEM32\DNSAPI.dll loaded at 0x3f300000
  C:\Windows\SYSTEM32\bcrypt.dll loaded at 0x3fbf0000
  C:\Windows\SYSTEM32\api-ms-win-crt-time-l1-1-0.dll loaded at 0x316f0000
  C:\Windows\SYSTEM32\api-ms-win-crt-utility-l1-1-0.dll loaded at 0x31640000
  C:\Windows\system32\RPCRT4.dll loaded at 0x415d0000
  C:\Windows\system32\NSI.dll loaded at 0x41bb0000
  C:\Windows\system32\msvcrt.dll loaded at 0x40fb0000
  C:\Windows\SYSTEM32\sechost.dll loaded at 0x40e20000
  C:\Windows\SYSTEM32\combase.dll loaded at 0x40c60000
  C:\Windows\system32\GDI32.dll loaded at 0x41060000
  C:\Windows\SYSTEM32\ucrtbase.DLL loaded at 0x29a80000
  C:\Windows\system32\dzuser32.dll loaded at 0x40050000
  C:\Windows\system32\bcryptprimitives.dll loaded at 0x3ff20000
  D:\phpBinaries\win64\7.2\ext\ioncube_loader_win_7.2.dll loaded at 0x80000000
  D:\phpBinaries\win64\7.2\ext\php_bz2.dll loaded at 0x31070000
  D:\phpBinaries\win64\7.2\ext\php_curl.dll loaded at 0x299f0000
  D:\phpBinaries\win64\7.2\libssh2.dll loaded at 0x651c0000
  D:\phpBinaries\win64\7.2\nghttp2.dll loaded at 0x30a30000
  D:\phpBinaries\win64\7.2\libcrypto-1_1-x64.dll loaded at 0x25450000
  D:\phpBinaries\win64\7.2\libssl-1_1-x64.dll loaded at 0x29960000
  C:\Windows\system32\WLDAP32.dll loaded at 0x413b0000
  C:\Windows\system32\Normaliz.dll loaded at 0x41460000
  C:\Windows\system32\CRYPT32.dll loaded at 0x404a0000
  C:\Windows\system32\MSASN1.dll loaded at 0x40220000
  D:\phpBinaries\win64\7.2\ext\php_fileinfo.dll loaded at 0x24f80000
  D:\phpBinaries\win64\7.2\ext\php_gd2.dll loaded at 0x276e0000
  D:\phpBinaries\win64\7.2\ext\php_intl.dll loaded at 0x298f0000
  D:\phpBinaries\win64\7.2\icuuc60.dll loaded at 0x592e0000
  D:\phpBinaries\win64\7.2\icuin60.dll loaded at 0x58580000
  D:\phpBinaries\win64\7.2\icuio60.dll loaded at 0x598c0000
  C:\Windows\SYSTEM32\MSVCP140.dll loaded at 0x27640000
  D:\phpBinaries\win64\7.2\icudt60.dll loaded at 0x60f00000
  C:\Windows\SYSTEM32\api-ms-win-crt-multibyte-l1-1-0.dll loaded at 0x31060000
  D:\phpBinaries\win64\7.2\ext\php_mbstring.dll loaded at 0x24e20000
  D:\phpBinaries\win64\7.2\ext\php_mysqli.dll loaded at 0x31000000
  D:\phpBinaries\win64\7.2\ext\php_openssl.dll loaded at 0x30390000
  D:\phpBinaries\win64\7.2\ext\php_pdo_mysql.dll loaded at 0x31050000
  D:\phpBinaries\win64\7.2\ext\php_com_dotnet.dll loaded at 0x308d0000
  C:\Windows\system32\OLEAUT32.dll loaded at 0x41ef0000
  D:\phpBinaries\win64\7.2\ext\php_soap.dll loaded at 0x298b0000
  D:\phpBinaries\win64\7.2\ext\php_xsl.dll loaded at 0x29440000
  D:\phpBinaries\win64\7.2\ext\php-7.2.x_memcache.dll loaded at 0x30260000
  D:\phpBinaries\win64\7.2\ext\php_pdo_sqlsrv.dll loaded at 0x29870000
  C:\Windows\SYSTEM32\ODBC32.dll loaded at 0x324f0000
  D:\phpBinaries\win64\7.2\ext\php_sqlsrv.dll loaded at 0x28be0000
  C:\Windows\SYSTEM32\secur32.dll loaded at 0x3bdf0000
  C:\Windows\SYSTEM32\SSPICLI.DLL loaded at 0x3fef0000
  C:\Windows\system32\mswsock.dll loaded at 0x3f610000
  C:\Windows\SYSTEM32\IPHLPAPI.DLL loaded at 0x3df40000
  C:\Windows\SYSTEM32\WINNSI.DLL loaded at 0x3ded0000
  C:\Windows\SYSTEM32\dhcpcsvc.DLL loaded at 0x3d1d0000
  C:\Windows\SYSTEM32\dhcpcsvc6.DLL loaded at 0x3d420000
  Thread created. New thread - System ID: 6624
  Initializing control script
  Clearing any existing breakpoints
  
  Current Breakpoint List(BL)
  Thread exited. Exiting thread - System ID: 6624. Exit code - 0x00000000
[11/01/2018 10:16:13]
  Exception 0X80000003 on thread 7024. DetailID = 1
  Stack Trace
RetAddr           : Args to Child                                                           : Call Site
000007fb`433cf350 : 00000044`64670000 00000044`64c03918 00000044`64670000 000007fb`29a8295e : ntdll!RtlpNtCreateKey+0x30ab
000007fb`43375e81 : 00000044`64c70030 00000000`00000000 00000000`00000000 00000044`64683fe0 : ntdll!RtlpNtCreateKey+0x7f04
000007fb`29a942cb : 00000044`64683fe0 00000044`64c70030 00000044`64681d90 00000000`00000001 : ntdll!RtlSetCurrentEnvironment+0x33b5
000007fb`25b99294 : 000007f7`52282e00 00000044`64c03918 00000044`64c03918 00000044`655c6538 : ucrtbase!free+0x1b
000007fb`2591a724 : 00000044`64c1d100 00000000`00000002 00000044`64c70030 00000044`6458b4f0 : php7!libiconv_set_relocation_prefix+0x5a274
000007fb`2576b1d3 : 00000000`00000000 000007fb`25919bf0 00000000`00000000 00000044`64c03900 : php7!php_base64_decode_ex+0x3444
000007fb`2576ce40 : 80000000`00000000 000007fb`25766ed0 000007fb`2576b180 00000001`8006f2c4 : php7!array_init+0x4d3
000007fb`25760aa0 : 00000001`8006f3d0 00000000`00000000 00000044`64c830e0 00000000`00000008 : php7!execute_ex+0x80
000007fb`257605a5 : 00000000`00000000 00000044`6458e2d0 00000044`64c604b0 00000000`00000008 : php7!zend_execute+0x150
000007fb`25760305 : 00000044`00000008 00000000`00000000 00000000`00000003 00000000`00000000 : php7!zend_execute_scripts+0xa5
000007f7`52287e7b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000001 : php7!php_execute_script+0x335
000007f7`522834dc : 00000000`00000000 00000000`00000000 000007fb`29b659f4 00000000`00000000 : php_cgi+0x7e7b
000007fb`40e71842 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : php_cgi+0x34dc
000007fb`4333e2f9 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x1a
00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21
  Action limit of 1 reached for unconfigured first chance exceptions.
  Exception 0XC0000374 on thread 7024. DetailID = 2
  Second chance exception - 0XC0000374 caused by thread with System ID: 7024 DetailID = 2
  Thread exited. Exiting thread - System ID: 7024. Exit code - 0xffffffff
  Process exited. Exit code - 0xffffffff

***********************
*  EXCEPTION DETAILS  *
***********************

DetailID = 1
	Count:    1
	Exception #:  0X80000003
	Stack:        
		ntdll!RtlpNtCreateKey+0x30ab
		ntdll!RtlpNtCreateKey+0x7f04
		ntdll!RtlSetCurrentEnvironment+0x33b5
		ucrtbase!free+0x1b
		php7!libiconv_set_relocation_prefix+0x5a274
		php7!php_base64_decode_ex+0x3444
		php7!array_init+0x4d3
		php7!execute_ex+0x80
		php7!zend_execute+0x150
		php7!zend_execute_scripts+0xa5
		php7!php_execute_script+0x335
		php_cgi+0x7e7b
		php_cgi+0x34dc
		KERNEL32!BaseThreadInitThunk+0x1a
		ntdll!RtlUserThreadStart+0x21


DetailID = 2
	Count:    2
	Exception #:  0XC0000374
	Stack:        
		ntdll!RtlpNtCreateKey+0x30e9
		ntdll!RtlpNtCreateKey+0x7f04
		ntdll!RtlSetCurrentEnvironment+0x33b5
		ucrtbase!free+0x1b
		php7!libiconv_set_relocation_prefix+0x5a274
		php7!php_base64_decode_ex+0x3444
		php7!array_init+0x4d3
		php7!execute_ex+0x80
		php7!zend_execute+0x150
		php7!zend_execute_scripts+0xa5
		php7!php_execute_script+0x335
		php_cgi+0x7e7b
		php_cgi+0x34dc
		KERNEL32!BaseThreadInitThunk+0x1a
		ntdll!RtlUserThreadStart+0x21





***********************
*  EXCEPTION SUMMARY  *
***********************

	|--------------------|
	| Count | Exception  |
	|--------------------|
	| 2     | 0XC0000374 |
	| 1     | 0X80000003 |
	|--------------------|

Debugging Overhead Cost:
	Total Elapsed Ticks = 7520 (100%)
	Total Ticks Spent in Debugger Engine = 313 (4%)
	Total Ticks Spent in Crash Rule Script = 188 (2%)

[2018-01-12 16:51 UTC] ab@php.net

Thanks for the backtrace. It looks same as in bug #75761. The PHP versions are different, though, so unlikely it is unlikely related to the other ticket you mention. Unfortunately it doesn't reproduce on my side, but from the BT - perhaps it could be an issue with the iconv ext.

Thanks.

[2018-01-12 16:52 UTC] ab@php.net

-Status: Open +Status: Feedback

[2018-01-12 16:52 UTC] ab@php.net

Were it possible you to provide a crash dump? Just share somewhere and post a link.

Thanks.

[2018-01-12 17:17 UTC] jon at senyahnoj dot org dot uk

-Status: Feedback +Status: Open

[2018-01-12 17:17 UTC] jon at senyahnoj dot org dot uk

For your information I'm using the pre-compiled binaries from windows.php.net

I don't usually use Windows but I'll try and work out how to do a crash dump as you suggest!

[2018-01-12 20:01 UTC] ab@php.net

One question yet. Could you post your php.ini please?

Thanks.

[2018-01-12 20:23 UTC] ab@php.net

Related To: Bug #75810

[2018-01-13 10:38 UTC] jon at senyahnoj dot org dot uk

Thanks - attached php.ini (in the patches section)

[2018-01-13 14:15 UTC] ab@php.net

Thanks for posting. I was able to reproduce the issue earlier and pushed a fix. The snapshots should be that far already, could you test the latest please? The aforementioned patch was indeed in 7.1+, so that seems to be the cause.

Thanks.

[2018-01-15 16:52 UTC] ab@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: ab

[2018-01-15 16:52 UTC] ab@php.net

Closing as the issue is confirmed fixed.

Thanks.

[2018-01-15 16:52 UTC] ab@php.net

Related To: Bug #75810

[2018-04-18 08:04 UTC] 875019860 at qq dot com

Related To: Bug #76230

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 12:01:29 2024 UTC