PHP :: Bug #75810 :: getenv with valid varname crashes ntdll.dll

Bug #75810	getenv with valid varname crashes ntdll.dll
Submitted:	2018-01-12 19:12 UTC	Modified:	2018-01-15 16:52 UTC
From:	laurinkeithdavis at gmail dot com	Assigned:
Status:	Duplicate	Package:	PHP options/info functions
PHP Version:	7.1.13	OS:	Windows 10 x64 Pro
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	laurinkeithdavis at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2018-01-12 19:12 UTC] laurinkeithdavis at gmail dot com

Description:
------------
Any specific varname, if that environment variable name actually exists, crashes PHP. If you put a non-valid environment variable name, that does not crash and no value (getenv()), dumps the whole array, and does not crash. 



Test script:
---------------
<?php
echo getenv("PATH");

Expected result:
----------------
Value of the indicated environment variable.

Actual result:
--------------
Internal Server Error 500

AND

Log Name:      Application
Source:        Application Error
Date:          1/12/2018 12:46:03 PM
Event ID:      1000
Task Category: (100)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      KDAVIS.pridedallas.com
Description:
Faulting application name: php-cgi.exe, version: 7.1.13.0, time stamp: 0x5a4d3a49
Faulting module name: ntdll.dll, version: 10.0.16299.192, time stamp: 0x16e7ff7f
Exception code: 0xc0000374
Fault offset: 0x000da8b9
Faulting process id: 0x1ecc
Faulting application start time: 0x01d38bd593ca174a
Faulting application path: C:\PHP\php-cgi.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: c4b5c9e2-dcb6-4f21-9b32-457689bce66a
Faulting package full name: 
Faulting package-relative application ID:

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2018-01-12 19:14 UTC] laurinkeithdavis at gmail dot com

Confirmed this does not occur in 7.1.12.

[2018-01-12 19:36 UTC] laurinkeithdavis at gmail dot com

I'm pretty sure the change made for https://bugs.php.net/bug.php?id=75574 is the "cause", as getenv was modified, not just putenv. 

I don't know C well enough. I am trying to decipher the change that might be an issue, but no luck so far.

[2018-01-12 20:23 UTC] ab@php.net

-Status: Open +Status: Feedback

[2018-01-12 20:23 UTC] ab@php.net

Thanks for the report. Looks pretty much like bug #75794. What is your exact PHP. Please post your php.ini. If possible, also a crash dump.

Thanks.

[2018-01-12 20:32 UTC] laurinkeithdavis at gmail dot com

Ah, I searched for the bug using 7.1.13, but didn't think about the fact that 7.2.1 was also just released. Should I move my notes to that bug?

PHP 7.1.3 - VC14 x86 Non Thread Safe (2018-Jan-04 00:43:34) (from windows.php.net)

I tried to post my php.ini file, but I get this message when I do:

"Your comment looks like SPAM by its content. Please consider rewording."

[2018-01-12 21:29 UTC] ab@php.net

You could pastebin it somewhere and just put the link, otherwise it'd be anyway too big for a comment.

Thanks.

[2018-01-12 21:36 UTC] laurinkeithdavis at gmail dot com

Oh, duh. :)

https://gist.github.com/laurin1/a7ea63c2b8bc68a845a1b50e01c9c173

[2018-01-13 14:16 UTC] ab@php.net

I've pushed a fix for this issue, could you check the latest snap, please?

Thanks.

[2018-01-13 17:04 UTC] laurinkeithdavis at gmail dot com

Tested this snapshot:

7.1.14-dev Revision: r05c4f72 (January 13 2018, 16:37:57)

Works!

[2018-01-13 21:30 UTC] ab@php.net

-Status: Feedback +Status: Open

[2018-01-13 21:30 UTC] ab@php.net

Thanks for the checks! Waiting for the feedback in other tickets yet. The fix should be available in RCs.

Thanks.

[2018-01-15 16:52 UTC] ab@php.net

-Status: Open +Status: Duplicate

[2018-01-15 16:52 UTC] ab@php.net

Same as bug #75794.

Thanks.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 17:01:32 2024 UTC