php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #34883 crash when accessing superglobals
Submitted: 2005-10-16 13:30 UTC Modified: 2005-11-20 13:07 UTC
From: sveta at microbecal dot com Assigned:
Status: Closed Package: Apache2 related
PHP Version: 5CVS-2005-10-16 (snap) OS: Windows XP SP1
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: sveta at microbecal dot com
New email:
PHP Version: OS:

 

 [2005-10-16 13:30 UTC] sveta at microbecal dot com
Description:
------------
Apache 2 craches when I navigate to the page containing request to superglobals

Reproduce code:
---------------
<?php phpinfo(); ?>

Expected result:
----------------
Correct work

Actual result:
--------------
Page with info information and next backtrace:
(gdb) run -X
The program being debugged has been started already.
Start it from the beginning? (y or n) y

Starting program: /cygdrive/d/Program Files/Apache Group/Apache2/bin/Apache.exe
-X
---Type <return> to continue, or q <return> to quit---

Program received signal SIGSEGV, Segmentation fault.
[Switching to thread 2276.0xee0]
0x7801b674 in TowerExplode () from /cygdrive/c/WINDOWS/system32/rpcrt4.dll
(gdb) bt
#0  0x7801b674 in TowerExplode () from /cygdrive/c/WINDOWS/system32/rpcrt4.dll
#1  0x77dd8de5 in ElfNumberOfRecords ()
   from /cygdrive/c/WINDOWS/system32/advapi32.dll
#2  0x77ded830 in CredWriteA () from /cygdrive/c/WINDOWS/system32/advapi32.dll
#3  0x77dd8d9b in DestroyPrivateObjectSecurity ()
   from /cygdrive/c/WINDOWS/system32/advapi32.dll
#4  0x00000000 in ?? () from
(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
0x7801b674 in TowerExplode () from /cygdrive/c/WINDOWS/system32/rpcrt4.dll
(gdb) bt
#0  0x7801b674 in TowerExplode () from /cygdrive/c/WINDOWS/system32/rpcrt4.dll
#1  0x77dd8de5 in ElfNumberOfRecords ()
   from /cygdrive/c/WINDOWS/system32/advapi32.dll
#2  0x77ded830 in CredWriteA () from /cygdrive/c/WINDOWS/system32/advapi32.dll
#3  0x77dd8d9b in DestroyPrivateObjectSecurity ()
   from /cygdrive/c/WINDOWS/system32/advapi32.dll
#4  0x00000000 in ?? () from
(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
[Switching to thread 2276.0xa18]
0x7801b674 in TowerExplode () from /cygdrive/c/WINDOWS/system32/rpcrt4.dll
(gdb) bt
#0  0x7801b674 in TowerExplode () from /cygdrive/c/WINDOWS/system32/rpcrt4.dll
#1  0x77dd8de5 in ElfNumberOfRecords ()
   from /cygdrive/c/WINDOWS/system32/advapi32.dll
#2  0x77ded830 in CredWriteA () from /cygdrive/c/WINDOWS/system32/advapi32.dll
#3  0x77dd8d9b in DestroyPrivateObjectSecurity ()
   from /cygdrive/c/WINDOWS/system32/advapi32.dll
#4  0x00000000 in ?? () from
(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
[Switching to thread 2276.0xee0]
0x10003383 in TurnOnPreHandle ()
(gdb) bt
#0  0x10003383 in TurnOnPreHandle ()
#1  0x00000005 in ?? ()
#2  0x010631b4 in ?? ()
#3  0x011c2ad8 in ?? ()
#4  0xbaadf00d in ?? ()
#5  0xbaadf00d in ?? ()
#6  0xbaadf00d in ?? ()
#7  0xbaadf00d in ?? ()
#8  0xbaadf00d in ?? ()
#9  0xbaadf00d in ?? ()
#10 0xbaadf00d in ?? ()
#11 0xbaadf00d in ?? ()
#12 0xbaadf00d in ?? ()
#13 0xbaadf00d in ?? ()
#14 0xbaadf00d in ?? ()
#15 0xbaadf00d in ?? ()
#16 0xbaadf00d in ?? ()
#17 0xbaadf00d in ?? ()
#18 0xbaadf00d in ?? ()
#19 0xbaadf00d in ?? ()
#20 0x011bc248 in ?? ()
#21 0x6eed0cbf in libapr!_apr_array_pop@4 ()
   from /cygdrive/d/Program Files/Apache Group/Apache2/bin/libapr.dll
#22 0x011bc248 in ?? ()
#23 0x00000008 in ?? ()
#24 0x00000004 in ?? ()
#25 0x00000002 in ?? ()
#26 0x00000002 in ?? ()
#27 0x6eed0c8e in libapr!_apr_array_pop@4 ()
   from /cygdrive/d/Program Files/Apache Group/Apache2/bin/libapr.dll
#28 0x009e36c8 in ?? ()
#29 0x011c2ad8 in ?? ()
#30 0x00000000 in ?? () from
(gdb)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-10-18 12:18 UTC] tony2001@php.net
Works fine with Apache2 on linux.
Any chance to get the real backtrace (that starts somewhere in PHP)?
 [2005-10-18 12:45 UTC] sveta at microbecal dot com
PHP Version 5.1.0RC4-dev
Build Date 	Oct 18 2005 04:22:53
Sorry, not clean php.ini
To recreate somitimes I am reloading page 2-3 times after server restarting.
(gdb) run -X
Starting program: /cygdrive/d/Program Files/Apache Group/Apache2/bin/Apache.exe
-X
---Type <return> to continue, or q <return> to quit---
---Type <return> to continue, or q <return> to quit---
---Type <return> to continue, or q <return> to quit---
---Type <return> to continue, or q <return> to quit---

Program received signal SIGSEGV, Segmentation fault.
[Switching to thread 2088.0x924]
0x00b7d22f in php_info_print_hr ()
(gdb) bt
#0  0x00b7d22f in php_info_print_hr ()
#1  0x01fa9e90 in ?? ()
#2  0x05e7f8dc in ?? ()
#3  0x01a31107 in php_mime_magic!get_module ()
   from /cygdrive/d/Program Files/PHP4/ext/php_mime_magic.dll
#4  0x00000002 in ?? ()
#5  0x01a34338 in php_mime_magic!get_module ()
#6  0xbaadf00d in ?? ()
#7  0x00b7cb3e in php_output_startup ()
#8  0x0208b590 in ?? ()
#9  0x01fa9e90 in ?? ()
#10 0x0208b548 in ?? ()
#11 0x00aa9c45 in zend_hash_apply_with_argument ()
   from /cygdrive/d/Program Files/PHP4/php5ts.dll
#12 0x05e7f974 in ?? ()
#13 0x01fa9e90 in ?? ()
#14 0x01fa9e90 in ?? ()
#15 0x000000ff in ?? ()
#16 0x0634ad00 in ?? ()
#17 0x00c8c49f in php5ts!lex_scan ()
#18 0x05e7f9a0 in ?? ()
#19 0x00b7cb00 in php_output_startup ()
#20 0x05e7f974 in ?? ()
#21 0x01fa9e90 in ?? ()
---Type <return> to continue, or q <return> to quit---
#22 0x00000000 in ?? () from
 [2005-10-18 13:07 UTC] tony2001@php.net
Are you able to reproduce it without php_mime_magic.dll loaded ?
 [2005-10-18 13:20 UTC] sveta at microbecal dot com
I can reproduce crash with php.ini-recommended. But I can not reproduce backtrace "that starts somewhere in PHP".
 [2005-10-18 14:42 UTC] tony2001@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip

Please try next Win32 snapshot.
 [2005-10-18 23:38 UTC] sveta at microbecal dot com
Same result. Same stack with php.ini-recommended. 
From Windows system alert:
---
szAppName : Apache.exe     szAppVer : 2.0.54.0     szModName : php5apache2.dll
szModVer : 5.1.0.0     offset : 00003383     
---
With my custom php.ini stack is other:
---
(gdb) run -X
Starting program: /cygdrive/d/Program Files/Apache Group/Apache2/bin/Apache.exe
-X
---Type <return> to continue, or q <return> to quit---
---Type <return> to continue, or q <return> to quit---

Program received signal SIGSEGV, Segmentation fault.
[Switching to thread 3840.0xfe8]
0x7801b674 in TowerExplode () from /cygdrive/c/WINDOWS/system32/rpcrt4.dll
(gdb) bt
#0  0x7801b674 in TowerExplode () from /cygdrive/c/WINDOWS/system32/rpcrt4.dll
#1  0x77dd8de5 in ElfNumberOfRecords ()
   from /cygdrive/c/WINDOWS/system32/advapi32.dll
#2  0x77ded830 in CredWriteA () from /cygdrive/c/WINDOWS/system32/advapi32.dll
#3  0x77dd8d9b in DestroyPrivateObjectSecurity ()
   from /cygdrive/c/WINDOWS/system32/advapi32.dll
#4  0x00000000 in ?? () from
(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
0x00aa9b95 in zend_hash_apply ()
   from /cygdrive/d/Program Files/PHP4/php5ts.dll
(gdb) bt
#0  0x00aa9b95 in zend_hash_apply ()
   from /cygdrive/d/Program Files/PHP4/php5ts.dll
#1  0x01d71475 in php_runkit!get_module ()
   from /cygdrive/d/Program Files/PHP4/ext/php_runkit.dll
#2  0xbaadf00d in ?? ()
#3  0x01d726c0 in php_runkit!get_module ()
   from /cygdrive/d/Program Files/PHP4/ext/php_runkit.dll
#4  0x01fb6180 in ?? ()
#5  0x00e0e800 in ?? ()
#6  0x010f7600 in ?? ()
#7  0x00a16cc0 in zend_get_module_started ()
   from /cygdrive/d/Program Files/PHP4/php5ts.dll
#8  0x01fb6180 in ?? ()
#9  0x00a16cdc in zend_get_module_started ()
   from /cygdrive/d/Program Files/PHP4/php5ts.dll
#10 0x00000001 in ?? ()
#11 0x0000002e in ?? ()
#12 0x01fb6180 in ?? ()
#13 0x00aa9bd2 in zend_hash_apply ()
   from /cygdrive/d/Program Files/PHP4/php5ts.dll
#14 0x01fb6180 in ?? ()
#15 0x05f7fb54 in ?? ()
#16 0x01fb6180 in ?? ()
#17 0x0202e1d0 in ?? ()
#18 0x05f7fb50 in ?? ()
#19 0x00a1246d in php5ts!get_active_class_name ()
   from /cygdrive/d/Program Files/PHP4/php5ts.dll
#20 0x00e0e800 in ?? ()
#21 0x00a16cc0 in zend_get_module_started ()
   from /cygdrive/d/Program Files/PHP4/php5ts.dll
#22 0x01fb6180 in ?? ()
#23 0x0202e1d0 in ?? ()
#24 0x05f7fcec in ?? ()
#25 0x01fb6180 in ?? ()
#26 0xbaadf00d in ?? ()
#27 0xbaadf00d in ?? ()
#28 0xbaadf00d in ?? ()
#29 0xbaadf00d in ?? ()
#30 0xbaadf00d in ?? ()
#31 0xbaadf00d in ?? ()
#32 0xbaadf00d in ?? ()
#33 0xbaadf00d in ?? ()
#34 0xbaadf00d in ?? ()
#35 0xbaadf00d in ?? ()
#36 0xbaadf00d in ?? ()
#37 0xbaadf00d in ?? ()
#38 0xbaadf00d in ?? ()
#39 0xbaadf00d in ?? ()
#40 0xbaadf00d in ?? ()
#41 0xbaadf00d in ?? ()
#42 0x0002e1d0 in ?? ()
#43 0x05f7fdfc in ?? ()
#44 0x00ad1849 in php_register_variable_safe ()
Previous frame inner to this frame (corrupt stack?)
 [2005-10-18 23:48 UTC] tony2001@php.net
Sveta, please rename your php.ini to something else to be sure you're not loading any modules and restart the web-server.
And try to reproduce it again.
 [2005-10-19 00:06 UTC] sveta at microbecal dot com
Same result after renaming php.ini.

I experience with different sets of modules.

Above stack with usefull information was created with option: extension=php_runkit.dll

Below stack with option: extension=php_xdebug.dll
---
(gdb) run -X
Starting program: /cygdrive/d/Program Files/Apache Group/Apache2/bin/Apache.exe
-X
---Type <return> to continue, or q <return> to quit---
Program received signal SIGSEGV, Segmentation fault.
[Switching to thread 2016.0x42c]
0x7801b674 in TowerExplode () from /cygdrive/c/WINDOWS/system32/rpcrt4.dll
(gdb) c
Continuing.
warning: HEAP[Apache.exe]:
warning: Invalid Address specified to RtlFreeHeap( 05D70000, 01220650 )


Program received signal SIGTRAP, Trace/breakpoint trap.
0x77f76491 in ntdll!DbgUiConnectToDbg () from ntdll.dll
(gdb) bt
#0  0x77f76491 in ntdll!DbgUiConnectToDbg () from ntdll.dll
#1  0x77fa1699 in ntdll!RtlpNtMakeTemporaryKey () from ntdll.dll
#2  0x77f87c1b in ntdll!RtlCheckRegistryKey () from ntdll.dll
#3  0x05d70000 in ?? ()
#4  0x01220650 in ?? ()
#5  0x0582f980 in ?? ()
#6  0x77fa2400 in ntdll!RtlpNtMakeTemporaryKey () from ntdll.dll
#7  0x05d70000 in ?? ()
#8  0x01220648 in ?? ()
#9  0x77fb152c in wcstombs () from ntdll.dll
Previous frame inner to this frame (corrupt stack?)
(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
0x7801b674 in TowerExplode () from /cygdrive/c/WINDOWS/system32/rpcrt4.dll
(gdb) bt
#0  0x7801b674 in TowerExplode () from /cygdrive/c/WINDOWS/system32/rpcrt4.dll
#1  0x77dd8de5 in ElfNumberOfRecords ()
   from /cygdrive/c/WINDOWS/system32/advapi32.dll
#2  0x77ded830 in CredWriteA () from /cygdrive/c/WINDOWS/system32/advapi32.dll
#3  0x77dd8d9b in DestroyPrivateObjectSecurity ()
   from /cygdrive/c/WINDOWS/system32/advapi32.dll
#4  0x00000000 in ?? () from
(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
[Switching to thread 2016.0xb60]
0x7801b674 in TowerExplode () from /cygdrive/c/WINDOWS/system32/rpcrt4.dll
(gdb) c
Continuing.
warning: HEAP[Apache.exe]:
warning: Invalid Address specified to RtlFreeHeap( 05F30000, 01220650 )


Program received signal SIGTRAP, Trace/breakpoint trap.
0x77f76491 in ntdll!DbgUiConnectToDbg () from ntdll.dll
(gdb) bt
#0  0x77f76491 in ntdll!DbgUiConnectToDbg () from ntdll.dll
#1  0x77fa1699 in ntdll!RtlpNtMakeTemporaryKey () from ntdll.dll
#2  0x77f87c1b in ntdll!RtlCheckRegistryKey () from ntdll.dll
#3  0x05f30000 in ?? ()
#4  0x01220650 in ?? ()
#5  0x053ef980 in ?? ()
#6  0x77fa2400 in ntdll!RtlpNtMakeTemporaryKey () from ntdll.dll
#7  0x05f30000 in ?? ()
#8  0x01220648 in ?? ()
#9  0x77fb152c in wcstombs () from ntdll.dll
Previous frame inner to this frame (corrupt stack?)
(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
[Switching to thread 2016.0x42c]
0x10003383 in crc32_table ()
(gdb) bt
#0  0x10003383 in crc32_table ()
#1  0x00000005 in ?? ()
#2  0x010631b4 in ?? ()
#3  0x0121b0c0 in ?? ()
#4  0xbaadf00d in ?? ()
#5  0xbaadf00d in ?? ()
#6  0xbaadf00d in ?? ()
#7  0xbaadf00d in ?? ()
#8  0xbaadf00d in ?? ()
#9  0xbaadf00d in ?? ()
#10 0xbaadf00d in ?? ()
#11 0xbaadf00d in ?? ()
#12 0xbaadf00d in ?? ()
#13 0xbaadf00d in ?? ()
#14 0xbaadf00d in ?? ()
#15 0xbaadf00d in ?? ()
#16 0xbaadf00d in ?? ()
#17 0xbaadf00d in ?? ()
#18 0xbaadf00d in ?? ()
#19 0xbaadf00d in ?? ()
#20 0x01214830 in ?? ()
#21 0x6eed0cbf in libapr!_apr_array_pop@4 ()
   from /cygdrive/d/Program Files/Apache Group/Apache2/bin/libapr.dll
#22 0x01214830 in ?? ()
#23 0x00000008 in ?? ()
#24 0x00000004 in ?? ()
#25 0x00000002 in ?? ()
#26 0x00000002 in ?? ()
#27 0x6eed0c8e in libapr!_apr_array_pop@4 ()
   from /cygdrive/d/Program Files/Apache Group/Apache2/bin/libapr.dll
#28 0x009e36c8 in ?? ()
#29 0x0121b0c0 in ?? ()
#30 0x00000000 in ?? () from
----
(gdb) c
Continuing.

Program exited with code 0200.
 [2005-10-19 00:15 UTC] tony2001@php.net
Cool. I was asking you to remove all modules and you loaded runkit and xdebug instead..
Now *please* try it without *ANY* additional modules.
Just PHP itself.
 [2005-10-19 00:24 UTC] sveta at microbecal dot com
I did it. Simple I have noticed what with some modules backtrace contains more info and localized they.
 [2005-10-21 09:08 UTC] sniper@php.net
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.


 [2005-10-21 11:31 UTC] sveta at microbecal dot com
If so why previous versions of PHP 5.1 brunch worked fine?
 [2005-10-23 23:23 UTC] edink@php.net
Just verified with the latest CVS and the phpinfo page displays just fine when using PHP without any additional extensions. You must have mixed up dlls from several different PHP versions, or are loading some extension which is causing the crash.
 [2005-10-23 23:36 UTC] sveta at microbecal dot com
I have tried without any dlls too. First trace (TowerExplode () ) without any dll's.
I have access to 3 Windows XP machine: one with SP2 (worked fine, but builds not same: some hours differents) and 2 with SP1 (works with crashes).
 [2005-10-23 23:54 UTC] edink@php.net
I can only assume that there is something wrong with your environment since it does work on all of my test systems and we have not recieved any reports of PHP crashing on simple phpinfo().
 [2005-11-20 13:07 UTC] sveta at microbecal dot com
In RC7 works fine in my environment
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Fri Dec 09 06:03:45 2022 UTC