php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #22059 ftp_chdir crashes apache
Submitted: 2003-02-04 17:11 UTC Modified: 2003-04-24 15:45 UTC
From: equilantang at ti dot com Assigned:
Status: Closed Package: FTP related
PHP Version: 4CVS-2003-02-04 (stable) OS: win2k/apache
Private report: No CVE-ID:
 [2003-02-04 17:11 UTC] equilantang at ti dot com
Apache1 and Apache2 crashes when executing ftp_chdir().
I'm using win32 snap from Feb04.
Maybe similar Bug #4171



ini_set('display_errors',1);
$ftp = ftp_connect('server');
print_r($ftp);
$res = ftp_login($ftp, 'uid', 'pwd');
print_r($res);
$res = ftp_chdir($ftp, '/'); // crashes
print_r($res);




Microsoft (R) Windows 2000 (TM) Version 5.00 DrWtsn32
Copyright (C) 1985-1999 Microsoft Corp. All rights reserved.



Application exception occurred:
        App:  (pid=2724)
        When: 2/4/2003 @ 17:06:38.996
        Exception number: c0000005 (access violation)

*----> System Information <----*
        Computer Name: DNA0216352
        User Name: SYSTEM
        Number of Processors: 1
        Processor Type: x86 Family 6 Model 5 Stepping 2
        Windows 2000 Version: 5.0
        Current Build: 2195
        Service Pack: 3
        Current Type: Uniprocessor Free
        Registered Organization: TI
        Registered Owner: TI

*----> Task List <----*
   0 Idle.exe
   8 System.exe
 136 SMSS.exe
 164 CSRSS.exe
 184 WINLOGON.exe
 212 SERVICES.exe
 224 LSASS.exe
 412 svchost.exe
 448 spoolsv.exe
 520 CBRegCap.exe
 552 clisvcl.exe
 568 CBLaunch.exe
 592 crons.exe
 612 cvsservice.exe
 624 cvslock.exe
 640 defwatch.exe
 656 svchost.exe
 680 mysqld-nt.exe
 728 ndserv.exe
 748 rtvscan.exe
 784 regsvc.exe
 800 mstask.exe
 844 cygrunsrv.exe
 888 WinMgmt.exe
 920 sshd.exe
 924 winvnc.exe
 972 svchost.exe
1016 Wuser32.exe
1036 SMSAPM32.exe
1044 XMail.exe
2164 MSGSYS.exe
2428 explorer.exe
2568 launch32.exe
2596 vptray.exe
2636 ApacheMonitor.e.exe
2656 CBSysTray.exe
2664 SMSMon32.exe
2724 Apache.exe
2088 sshd.exe
2472 bash.exe
2648 DRWTSN32.exe
   0 _Total.exe

(00400000 - 00405000) 
<<< LINES REMOVED >>>
(10000000 - 10006000) 

State Dump for Thread Id 0x418

eax=00000000 ebx=00000000 ecx=00000000 edx=004979b8 esi=004979b8 edi=ffffffff
eip=100020c6 esp=0006f8d8 ebp=6ff0d7b0 iopl=0         nv up ei pl nz ac po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000             efl=00000216


function: <nosymbols>
        100020ad 90               nop
        100020ae 90               nop
        100020af 90               nop
        100020b0 a140310010       mov     eax,[10003140]         ds:10003140=007180f0
        100020b5 8b542408         mov     edx,[esp+0x8]          ss:00bfceab=????????
        100020b9 8b08             mov     ecx,[eax]              ds:00000000=????????
        100020bb 8b02             mov     eax,[edx]              ds:004979b8=005111c8
        100020bd 8b4488fc         mov     eax,[eax+ecx*4+0xfc]   ds:00b8d5d3=????????
        100020c1 8b08             mov     ecx,[eax]              ds:00000000=????????
        100020c3 8b4074           mov     eax,[eax+0x74]         ds:00b8d5d2=????????
FAULT ->100020c6 8b5104           mov     edx,[ecx+0x4]          ds:00b8d5d2=????????
        100020c9 894244           mov     [edx+0x44],eax         ds:01024f8a=00000000
        100020cc b801000000       mov     eax,0x1
        100020d1 c3               ret
        100020d2 90               nop
        100020d3 90               nop
        100020d4 90               nop
        100020d5 90               nop
        100020d6 90               nop
        100020d7 90               nop
        100020d8 90               nop
        100020d9 90               nop

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
6FF0D7B0 1424548B 1C24448D 24448B50 4C8B5114 006A1424 !<nosymbols> 
18244C8B 00000000 00000000 00000000 00000000 00000000 <nosymbols> 

*----> Raw Stack Dump <----*
0006f8d8  bc d8 5e 00 00 33 49 00 - b8 79 49 00 00 00 00 00  ..^..3I..yI.....
0006f8e8  b8 79 49 00 fc f8 06 00 - 00 00 00 00 fc a4 f8 77  .yI............w
0006f8f8  03 01 00 00 98 bb 07 00 - 98 bb 07 00 14 f9 06 00  ................
0006f908  00 00 00 00 fc a4 f8 77 - 03 01 00 00 5c f9 06 00  .......w....\...
0006f918  74 77 e8 77 e5 03 00 00 - 98 bb 07 00 fa 02 e9 77  tw.w...........w
0006f928  03 01 00 00 98 bb 07 00 - 68 bb 07 00 00 ba 07 00  ........h.......
0006f938  00 00 83 01 19 00 00 00 - 98 bb 07 00 80 08 83 01  ................
0006f948  60 01 83 01 00 00 00 00 - 14 00 00 00 98 bb 07 00  `...............
0006f958  00 bb 07 00 00 20 00 00 - 20 09 83 01 e8 09 83 01  ..... .. .......
0006f968  e0 02 83 01 80 08 83 01 - 88 08 83 01 a0 00 00 00  ................
0006f978  00 00 00 00 98 00 00 00 - 98 00 00 00 b0 ff 06 00  ................
0006f988  95 2b f8 77 08 36 f8 77 - ff ff ff ff 81 00 00 00  .+.w.6.w........
0006f998  22 84 69 00 00 00 83 01 - 01 00 00 00 98 00 00 00  ".i.............
0006f9a8  80 00 00 00 08 fa 06 00 - b0 d7 f0 6f b8 79 49 00  ...........o.yI.
0006f9b8  54 86 69 00 81 00 00 00 - 80 00 00 00 08 fa 06 00  T.i.............
0006f9c8  b0 d7 f0 6f 00 00 00 00 - 73 e4 5e 00 00 00 00 00  ...o....s.^.....
0006f9d8  81 00 00 00 00 00 00 00 - b8 79 49 00 08 fa 06 00  .........yI.....
0006f9e8  00 00 00 00 b0 d7 f0 6f - 55 f0 69 00 0c 00 00 00  .......oU.i.....
0006f9f8  92 83 63 00 b8 79 49 00 - 00 00 00 00 00 00 00 00  ..c..yI.........
0006fa08  b8 79 49 00 d7 7e 5e 00 - b8 79 49 00 b8 79 49 00  .yI..~^..yI..yI.

State Dump for Thread Id 0xa44

eax=ffffff9f ebx=00000000 ecx=0059fd90 edx=00000000 esi=00000000 edi=000000a8
eip=77f839eb esp=0059fc44 ebp=0059fcb4 iopl=0         nv up ei pl zr na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000             efl=00000246


function: NtReadFile
        77f839e0 b8a1000000       mov     eax,0xa1
        77f839e5 8d542404         lea     edx,[esp+0x4]          ss:0112d217=????????
        77f839e9 cd2e             int     2e
        77f839eb c22400           ret     0x24

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
0059FCB4 77DB2252 000000A8 0059FD7C 00000216 0059FCDC ntdll!NtReadFile 
0059FCE0 77DB20F2 000000A8 0059FD7C 00000216 0059FD18 advapi32!StartServiceCtrlDispatcherW 
0059FD5C 77DB27A0 000000A8 0059FD7C 00000216 00000018 advapi32!StartServiceCtrlDispatcherW 
0059FF98 6FF1E659 0059FFA8 77F82B95 6FF35FF0 6FF1E6A0 advapi32!StartServiceCtrlDispatcherA 
0059FFEC 00000000 00000000 00000000 00000000 00000000 !ap_mpm_run 

State Dump for Thread Id 0x984

eax=77db2430 ebx=00000000 ecx=ffffffff edx=00000000 esi=77f8377b edi=000000a0
eip=77f83786 esp=005dff54 ebp=005dff78 iopl=0         nv up ei pl zr na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000             efl=00000246


function: NtWaitForSingleObject
        77f8377b b8ea000000       mov     eax,0xea
        77f83780 8d542404         lea     edx,[esp+0x4]          ss:0116d527=????????
        77f83784 cd2e             int     2e
        77f83786 c20c00           ret     0xc

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
005DFF78 77E87837 000000A0 FFFFFFFF 00000000 6FF1E7ED ntdll!NtWaitForSingleObject 
00075B18 63617041 00326568 00650068 00000032 00000000 kernel32!WaitForSingleObject 
00075B1C 00326568 00650068 00000032 00000000 00000000 <nosymbols> 
63617041 00000000 00000000 00000000 00000000 00000000 <nosymbols> 

*----> Raw Stack Dump <----*
005dff54  0f 78 e8 77 a0 00 00 00 - 00 00 00 00 00 00 00 00  .x.w............
005dff64  5c 8f f3 6f 10 5b 07 00 - 01 00 00 00 a0 00 00 00  \..o.[..........
005dff74  a0 00 00 00 18 5b 07 00 - 37 78 e8 77 a0 00 00 00  .....[..7x.w....
005dff84  ff ff ff ff 00 00 00 00 - ed e7 f1 6f a0 00 00 00  ...........o....
005dff94  ff ff ff ff 10 5b 07 00 - 00 00 00 00 10 5b 07 00  .....[.......[..
005dffa4  ec ff 5d 00 3e 24 db 77 - 01 00 00 00 00 84 42 00  ..].>$.w......B.
005dffb4  d8 f9 59 00 dd 87 e8 77 - 10 5b 07 00 00 00 00 00  ..Y....w.[......
005dffc4  d8 f9 59 00 10 5b 07 00 - 00 b0 fd 7f ff ff ff ff  ..Y..[..........
005dffd4  c0 ff 5d 00 ff ff ff ff - ff ff ff ff 56 18 ea 77  ..].........V..w
005dffe4  88 ae e8 77 00 00 00 00 - 00 00 00 00 00 00 00 00  ...w............
005dfff4  30 24 db 77 10 5b 07 00 - 00 00 00 00 4d 5a 90 00  0$.w.[......MZ..
005e0004  03 00 00 00 04 00 00 00 - ff ff 00 00 b8 00 00 00  ................
005e0014  00 00 00 00 40 00 00 00 - 00 00 00 00 00 00 00 00  ....@...........
005e0024  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  ................
005e0034  00 00 00 00 00 00 00 00 - 18 01 00 00 0e 1f ba 0e  ................
005e0044  00 b4 09 cd 21 b8 01 4c - cd 21 54 68 69 73 20 70  ....!..L.!This p
005e0054  72 6f 67 72 61 6d 20 63 - 61 6e 6e 6f 74 20 62 65  rogram cannot be
005e0064  20 72 75 6e 20 69 6e 20 - 44 4f 53 20 6d 6f 64 65   run in DOS mode
005e0074  2e 0d 0d 0a 24 00 00 00 - 00 00 00 00 65 63 0a 9b  ....$.......ec..
005e0084  21 02 64 c8 21 02 64 c8 - 21 02 64 c8 5a 1e 68 c8  !.d.!.d.!.d.Z.h.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-02-13 13:52 UTC] pollita@php.net
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.

And thank you for the detailed bug submission with the simple and relevant test script.


 [2003-04-24 11:39 UTC] lionelenkaoua at chez dot com
I have the same problem with the last CVS version of PHP
php4-win32-STABLE-200304241630.

I am under xp with Apache 2.0.45(I had the problem with 2.0.44 also)
 [2003-04-24 12:09 UTC] lionelenkaoua at chez dot com
This simple connexion script crashes my apache.

$ftp = ftp_connect('my ftp server');
ftp_login($ftp, 'xx', 'xx');
ftp_chdir($ftp, '/'); // crashes

My ftp server is U-serv from RhinoSoftware. It's running under Windows XP also.

Could you give login and password to test on ftp.funet.fi
 [2003-04-24 15:45 UTC] pollita@php.net
Re: the previous comment.

lionelenkaoua at chez dot com reports in Bug 23335 that in his case it was user error (failure to correctly update PHP version)
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 17 03:01:55 2014 UTC