php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #39825 foreach produces memory error
Submitted: 2006-12-13 23:29 UTC Modified: 2006-12-25 19:23 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: krejci at ped dot muni dot cz Assigned: dmitry
Status: Closed Package: Scripting Engine problem
PHP Version: 5CVS-2006-12-13 (snap) OS: WinXP, Win2003
Private report: No CVE-ID:
 [2006-12-13 23:29 UTC] krejci at ped dot muni dot cz
Description:
------------
Our production site with LMS Moodle is haunted by this PHP crash since upgrade to php 5.20.

tested on:
IIS 5.1, IIS 6.0
PHP 5.20, PHP 5.21dev 2006-12-13
all modules except php_mysql.dll turned off

I was able to track it down to one "foreach" line, that is processing mysql object.



Reproduce code:
---------------
http://moodlinka.ped.muni.cz/data/moodle2.sql.txt
http://moodlinka.ped.muni.cz/data/mod2.php.txt


Expected result:
----------------
standard error message

Actual result:
--------------
ISAPI:
PHP has encountered an Access Violation at 010256E3

CGI:
php-cgi.exe - Application Error
The instruction at "0x10015613" referenced memory at "0x00000001". The
memory could not be "read".


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-12-18 10:38 UTC] tony2001@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.


 [2006-12-18 13:21 UTC] krejci at ped dot muni dot cz
Unhandled exception at 0x100156e3 (php5ts.dll) in php-win.exe: 0xC0000005: Access violation reading location 0x00000000.

>	php5ts.dll!zend_unmangle_property_name(char * mangled_property=0x00000000, int len=222407, char * * class_name=0x00c0fae4, char * * prop_name=0x00c0fae8)  Line 2925 + 0xb bytes	C
 	php5ts.dll!zend_check_property_access(_zend_object * zobj=0x011ed090, char * prop_info_name=0x00000000, int prop_info_name_len=222407, void * * * tsrm_ls=0x00033fe0)  Line 255	C
 	php5ts.dll!ZEND_FE_RESET_SPEC_CV_HANDLER(_zend_execute_data * execute_data=0x00c0fb20, void * * * tsrm_ls=0x011ed0d8)  Line 19956 + 0x16 bytes	C
 	php5ts.dll!execute(_zend_op_array * op_array=0x01ae9e80, void * * * tsrm_ls=0x00030178)  Line 92 + 0xc bytes	C
 	ntdll.dll!7c911ad6() 	
 	[Frames below may be incorrect and/or missing, no symbols loaded for ntdll.dll]	
 	php5ts.dll!_emalloc(unsigned int size=12647496)  Line 1706 + 0x18 bytes	C
 	php5ts.dll!php_execute_script(_zend_file_handle * primary_file=0x00c0fe9c, void * * * tsrm_ls=0x00033fe0)  Line 1752 + 0xd bytes	C
 	php-win.exe!WinMain(HINSTANCE__ * hInstance=0x00400000, HINSTANCE__ * hPrevInstance=0x00000000, char * lpCmdLine=0x000522d0, int nShowCmd=10)  Line 1109	C
 	php-win.exe!_WinMainCRTStartup()  + 0x134 bytes	
 	kernel32.dll!7c816fd7()
 [2006-12-25 19:23 UTC] dmitry@php.net
Fixed in CVS HEAD and PHP_5_2.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 16 04:02:11 2014 UTC