php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #49767 estrdup crash
Submitted: 2009-10-04 17:04 UTC Modified: 2009-10-16 23:33 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: mb at smartftp dot com Assigned: pajoye (profile)
Status: Closed Package: Reproducible crash
PHP Version: 5.3.0 OS: win32 only -Windows 2008 SP2 x86
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: mb at smartftp dot com
New email:
PHP Version: OS:

 

 [2009-10-04 17:04 UTC] mb at smartftp dot com 
Description:
------------
The following crash occurs every minute:

unction     Arg 1     Arg 2     Arg 3   Source 
php5!_estrdup+10     00000000     00c0de74     00c0de74    
php5!UpdateIniFromRegistry+141     00000000     00c0d400     100ab2e0    
php5!php_execute_script+b1     00c0de74     0040a500     00000001    
php_cgi!main+ab0     00000001     01871300     018717c8    
php_cgi!memset+160     7ffdf000     00c0ffd4     776919bb    
kernel32!BaseThreadInitThunk+e     7ffdf000     79a4bd48     00000000    
ntdll!__RtlUserThreadStart+23     004062ca     7ffdf000     00000000    
ntdll!_RtlUserThreadStart+1b     004062ca     7ffdf000     00000000    

Find complete crash report at:
http://rapidshare.com/files/288635650/CrashHang_Report__PID_3112__PID_3728__PID_4460__PID_472__PID_5168__PID_5216__PID_5276__PID_5388__100.html


Reproduce code:
---------------
not available

Expected result:
----------------
no crash

Actual result:
--------------
crash

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-10-04 17:09 UTC] mb at smartftp dot com 
Trimmed URL:
http://trim-url.com/?gW
 [2009-10-04 17:21 UTC] pajoye@php.net 
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.
 [2009-10-04 17:23 UTC] pajoye@php.net 
Btw, can you also zip the report and send it to me or provide a link to the zip (pls not one of these radidshare thing) :)
 [2009-10-04 17:28 UTC] mb at smartftp dot com 
I don't think you need a script. A little bit of time and motivation would do as well:

Please review your code:

File: main.c
PHPAPI int php_execute_script(zend_file_handle *primary_file TSRMLS_DC)
{
...
#ifdef PHP_WIN32
		UpdateIniFromRegistry(primary_file->filename TSRMLS_CC);
#endif
..
}

Then:
File: registry.c
void UpdateIniFromRegistry(char *path TSRMLS_DC)
{
-> BUG: missing check for argument

// here comes the check for Per Directory registry value. If it is not found the function exists and never comes to the estrdup and hence no crash.
...
	orig_path = path = estrdup(path);
..
}

The problem only happens if the "Per Directory Values" registry key is present. In this case estrdup(NULL) is called and you get the crash.

So I think the argument (path) should be checked for NULL. And when I look at the main.c I also noticed that you sometimes expect the primary_file->filename to be null, so maybe you add a check before the UpdateIniFromRegistry() call.

Proposed FIX:
#ifdef PHP_WIN32
if(primary_file->filename)
{
		UpdateIniFromRegistry(primary_file->filename TSRMLS_CC);
}
#endif

+ Add argument check for UpdateIniFromRegistry

Workaround:
Remove "Per Directories Values" registry key.

Regards,
Mat
 [2009-10-04 19:25 UTC] pajoye@php.net 
I corrected myself about the script by asking for the full bt (the one on RS was not readable).

The diagnostic sounds good, I have to reproduce it to be sure. Assigned to me.
 [2009-10-04 19:35 UTC] mb at smartftp dot com 
I have also sent you the crash report by email. Open the .mht file (RS removed the .mth extension for some reason) with IE.
 [2009-10-13 22:25 UTC] danielc@php.net 
Bug #47627 marked duplicate of this.
 [2009-10-16 23:33 UTC] stas@php.net 
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

This should be fixed now.
 [2009-10-16 23:34 UTC] svn@php.net 
Automatic comment from SVN on behalf of stas
Revision: http://svn.php.net/viewvc/?view=revision&revision=289706
Log: improve fix for #49767 and #47627 - make PHP report
"no script" on 404 again
 [2009-10-19 17:04 UTC] svn@php.net 
Automatic comment from SVN on behalf of pajoye
Revision: http://svn.php.net/viewvc/?view=revision&revision=289757
Log: - Merge: improve fix for #49767 and #47627 - make PHP report 'no script' on 404 again
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sun May 05 03:01:29 2024 UTC