php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #32957 putenv("A=A");putenv("A="); CRASH
Submitted: 2005-05-05 16:22 UTC Modified: 2005-05-08 21:50 UTC
From: ukm at servplus dot ru Assigned: wez (profile)
Status: Closed Package: Reproducible crash
PHP Version: 4.3.11 OS: win xp sp2
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: ukm at servplus dot ru
New email:
PHP Version: OS:

 

 [2005-05-05 16:22 UTC] ukm at servplus dot ru 
Description:
------------
During the execution on this fragment with php.exe this application error occures:

The instruction at "0x..." referenced memory at "0x....".
The memory could not be "written".



Reproduce code:
---------------
<?php

for($i = 0; $i < 100; ++$i)
{
	putenv("VAR=VALUE");
	putenv("VAR=");
}

?>

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-05-05 22:09 UTC] wez@php.net 
tony2001: ms libc putenv function does have at least one segfault bug that we have a workaround for.  Someone needs to check a debug build of 4.3 on windows; preferably someone with MS VC 6 installed, as the libc has changed between releases.  I'd check it myself, but I only have vs.net installed, so it would be a bogus check.
 [2005-05-08 03:45 UTC] sniper@php.net 
Wez, here's the callstack:

NTDLL! 77f57ec4()
MSVCRT! 77c1ac14()
MSVCRT! 77c1ac2a()
MSVCRT! 77c241a7()
zif_putenv(int 1, _zval_struct * 0x01299878, _zval_struct * 0x00000000, int 0, void * * * 0x01172948) line 1433 + 12 bytes
execute(_zend_op_array * 0x01298f88, void * * * 0x01172948) line 1654 + 47 bytes
zend_execute_scripts(int 8, void * * * 0x01172948, _zval_struct * * 0x00000000, int 3) line 926 + 34 bytes
php_execute_script(_zend_file_handle * 0x0012ff54, void * * * 0x01172948) line 1747 + 27 bytes
main(int 2, char * * 0x01172580) line 828 + 14 bytes
mainCRTStartup() line 338 + 17 bytes
KERNEL32! 77e8141a()

Let me know if you need something else..I'm not very good with debugging under win32. :)
 [2005-05-08 04:07 UTC] wez@php.net 
Not such a useful trace :-/
You should be able to link against the debug version of the libc or download the .pdb files for the release version to get more info.
I've just glanced at the putenv code in the 4.3 branch, and it doesn't have my workaround that's in the 5.x branches.

Can you try merging the two places where we have:
#if _MSC_VER >= 1300
        /* VS.Net has a bug in putenv() when setting a variable that
         * is already set; if the SetEnvironmentVariable() API call
         * fails, the Crt will double free() a string.
         * We try to avoid this by setting our own value first */
        SetEnvironmentVariable(pe.key, "bugbug");
#endif

from basic_functions.c back into the 4.3 branch, but change the "#if _MSC_VER >= 1300" into just "#if _MSC_VER", so that it is used regardless of which version of the MS compiler is being used?
 [2005-05-08 21:50 UTC] sniper@php.net 
Yes, that fixed it. Committed.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Apr 18 18:01:28 2024 UTC