|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2018-05-14 04:30 UTC] requinix@php.net
-Status: Open
+Status: Feedback
[2018-05-14 04:30 UTC] requinix@php.net
[2018-05-14 06:41 UTC] ab@php.net
[2018-05-15 01:08 UTC] webmaster_20180513 at cubiclesoft dot com
-Status: Feedback
+Status: Closed
[2018-05-15 01:08 UTC] webmaster_20180513 at cubiclesoft dot com
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Tue Jul 01 04:01:36 2025 UTC |
Description: ------------ I've spent hours tracking down and replicating this bug as best as possible with a simple example. I can replicate the crash much more reliably with significantly more complex userland code, fewer concurrent connections, and without the .htaccess file. That is, approximately 1 in 5,000 requests at a concurrency level of 10 instead of 1 in 150,000 requests at a concurrency level of 70. As a result, replicating the crash on a regular basis has proven to be quite difficult but a crash bug does exist somewhere. Given the rarity of the bug and the requirement for concurrency to be high, I strongly suspect a race condition or a buffer overflow is causing PHP to crash (and, of course, take Apache with it). When there is more code that PHP has to process, the likelihood of a crash increases. PHP doesn't even have to execute any userland code beyond basic loading of PHP files. I ran into this bug while attempting to perform some simple application benchmarks on a Windows 10 Pro 64-bit PC. It's a Core i7, 32GB RAM, SSD storage. Apache and PHP are both 32-bit. I don't know why, but both the .htaccess file and the commented lines in the $config array improve the chance of encountering the crash bug. Currently enabled PHP modules: extension=php_curl.dll extension=php_gd2.dll extension=php_imagick.dll extension=php_ldap.dll extension=php_mysqli.dll extension=php_openssl.dll extension=php_pdo_mysql.dll extension=php_pdo_pgsql.dll extension=php_pdo_sqlite.dll Test script: --------------- test_config.php: <?php $config = array( "rootpath" => __DIR__, // "something" => "asdfasdfsadf", // "something" => "asdfasdfsadf", // "something" => "asdfasdfsadf", // "something" => "asdfasdfsadf", // "something" => "asdfasdfsadf", // "something" => "asdfasdfsadf", // "something" => "asdfasdfsadf", // "something" => "asdfasdfsadf", // "something" => "asdfasdfsadf", // "something" => "asdfasdfsadf", // "something" => "asdfasdfsadf", // "something" => "asdfasdfsadf", // "something" => "asdfasdfsadf", // "something" => "asdfasdfsadf", // "something" => "asdfasdfsadf", // "something" => "asdfasdfsadf", // "something" => "asdfasdfsadf", // "something" => "asdfasdfsadf", // "something" => "asdfasdfsadf", // "something" => "asdfasdfsadf", // "something" => "asdfasdfsadf", // "something" => "asdfasdfsadf", // "something" => "asdfasdfsadf", // "something" => "asdfasdfsadf", // "something" => "asdfasdfsadf", // "something" => "asdfasdfsadf", // "something" => "asdfasdfsadf", // "something" => "asdfasdfsadf", // "something" => "asdfasdfsadf", // "something" => "asdfasdfsadf", // "something" => "asdfasdfsadf", // "something" => "asdfasdfsadf", // "something" => "asdfasdfsadf", // "something" => "asdfasdfsadf", // "something" => "asdfasdfsadf", // "something" => "asdfasdfsadf", // "something" => "asdfasdfsadf", // "something" => "asdfasdfsadf", // "something" => "asdfasdfsadf", // "something" => "asdfasdfsadf", ); ?> test_class.php: <?php class MyTestClass { public static function MyTestFunction() { echo "Hi!\n"; } public static function MyTestFunction2() { echo "Hi!\n"; } public static function MyTestFunction3() { echo "Hi!\n"; } } ?> test_main.php: <?php require_once "test_config.php"; require_once $config["rootpath"] . "/test_class.php"; MyTestClass::MyTestFunction(); ?> .htaccess: RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . index.php [L] Expected result: ---------------- PHP should not crash. Actual result: -------------- ab.exe -t 30 -c 70 -n 1000000 http://localhost/bugtest/test_main.php This is ApacheBench, Version 2.3 <$Revision: 1826891 $> Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ Licensed to The Apache Software Foundation, http://www.apache.org/ Benchmarking localhost (be patient) Completed 100000 requests apr_socket_recv: An existing connection was forcibly closed by the remote host. (730054) Total of 113255 requests completed The Apache logs show: [Sun May 13 20:02:03.882411 2018] [mpm_winnt:notice] [pid 12996:tid 656] AH00428: Parent: child process 20688 exited with status 3221226356 -- Restarting. [Sun May 13 20:02:03.910856 2018] [mpm_winnt:notice] [pid 12996:tid 656] AH00455: Apache/2.4.33 (Win32) PHP/7.1.17 configured -- resuming normal operations [Sun May 13 20:02:03.910856 2018] [mpm_winnt:notice] [pid 12996:tid 656] AH00456: Apache Lounge VC14 Server built: Mar 22 2018 10:55:30 [Sun May 13 20:02:03.910856 2018] [core:notice] [pid 12996:tid 656] AH00094: Command line: 'apache/bin/httpd.exe -d C:/webserver/apache' [Sun May 13 20:02:03.913362 2018] [mpm_winnt:notice] [pid 12996:tid 656] AH00418: Parent: Created child process 4304 [Sun May 13 20:02:04.315200 2018] [mpm_winnt:notice] [pid 4304:tid 688] AH00354: Child: Starting 64 worker threads.