php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #39606 Use of com.typelib_file in PHP.ini STILL causes A/V
Submitted: 2006-11-23 13:15 UTC Modified: 2006-12-09 10:54 UTC
From: willw at applied dot co dot uk Assigned: wez
Status: Closed Package: COM related
PHP Version: 5CVS-2006-11-23 (snap) OS: Windows XP SP2
Private report: No CVE-ID:
 [2006-11-23 13:15 UTC] willw at applied dot co dot uk
Description:
------------
Use of the com.typelib_file to set a text file containing a list of typelibs causes PHP to crash with an A/V at startup.

This is a sequel to Bug #38400 which was raised 09/08/2006 and closed 18/10/2006 with report 'fixed in CVS'. Although very similar, it is a different bug. 

Reproduce code:
---------------
Alter a working PHP.ini so that it sets com.typelib_file to point to a text file. To see the bug, the named file must exist, and contain at least one entry, and the entry *must* be a valid type library. (If it points to, eg, a text file, then the bug doesn't show.)

My example uses a Windows type library I found in the Windows directory activeds.tlb. I chose this so that there is no need for the tester/fixer to search out a COM component, and so that suspicion didn't fall on my type library. (The tester may wish to check that his choice of test type library loads without problem in PHP 4; this one does.)

PHP.ini:
...
[COM]
com.typelib_file = "C:/PHP/typelib_files.txt"
...

contents of typelib_files.txt:
C:\WinNt\System32\activeds.tlb



Expected result:
----------------
I had hoped for no crash :-(

Actual result:
--------------
Here is a backtrace made with php5.2-win32-200611221530.zip

5d8b53ec()	
php5ts.dll!php_com_load_typelib_via_cache(char * search_string=0x0086761c, int codepage=0, int * cached=0x0140fd3c, void * * * tsrm_ls=0x012412f0)  Line 242	C
php5ts.dll!OnTypeLibFileUpdate(_zend_ini_entry * entry=0x0129d830, char * new_value=0x00000003, unsigned int new_value_length=54, void * mh_arg1=0x00000000, void * mh_arg2=0x00000000, void * mh_arg3=0x00000000, int stage=1, void * * * tsrm_ls=0x012412f0)  Line 155 + 0x1f bytes	C
php5ts.dll!zend_ini_refresh_cache(_zend_ini_entry * p=0x0129d830, int stage=1, void * * * tsrm_ls=0x012412f0)  Line 220 + 0x21 bytes	C
php5ts.dll!zend_hash_apply_with_argument(_hashtable * ht=0x0129a5d0, int (void *, void *, void * * *)* apply_func=0x00af9560, void * argument=0x00000001, void * * * tsrm_ls=0x012412f0)  Line 692 + 0xa bytes	C
php5ts.dll!zend_ini_refresh_caches(int stage=1, void * * * tsrm_ls=0x012412f0)  Line 227 + 0x26 bytes	C
php5ts.dll!zend_new_thread_end_handler(unsigned long thread_id=3676, void * * * tsrm_ls=0x012412f0)  Line 526 + 0x8 bytes	C
php5ts.dll!allocate_new_resource(_tsrm_tls_entry * * thread_resources_ptr=0x0082244c, unsigned long thread_id=3676)  Line 300 + 0x6 bytes	C
php5ts.dll!ts_resource_ex(int id=0, unsigned long * th_id=0x00000e5c)  Line 362	C
php5apache.dll!send_php(request_rec * r=0x00a07040, int display_source_mode=0, char * filename=0x00000000)  Line 583	C
php5apache.dll!send_parsed_php(request_rec * r=0x00a07040)  Line 677 + 0xe bytes	C
ApacheCore.dll!6ff64bc7() 	
[Frames below may be incorrect and/or missing, no symbols loaded for ApacheCore.dll]	
ApacheCore.dll!6ff74a73() 	
ApacheCore.dll!6ff74746() 	
ApacheCore.dll!6ff6be0f() 	
ws2_32.dll!_WSASocketW@24()  + 0xc6 bytes	
ws2_32.dll!_WSASocketA@24()  + 0x40 bytes	

This snapshot version differed from PHP5.2 in that it did not die until I tried to run some code (PHP5.2 dies at startup, preventing Apache from starting. The snapshot only kills one thread.) So I suspect some lazy initialisation has been introduced since PHP5.2 was released. But I am confident it is the same bug between 5.2 and the snapshot.

The com.typelib_file directive has not worked since V5.0 of PHP was released. Please, may I politely ask if there is any chance of whoever makes any further fix testing that it with some imported constants in PHP code before rereleasing? 


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-12-09 10:54 UTC] rrichards@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Mon Apr 21 04:01:57 2014 UTC