php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #53070 enchant_broker_get_path crashes if no path is set
Submitted: 2010-10-14 22:53 UTC Modified: 2017-10-15 11:55 UTC
From: iwanluijks at gmail dot com Assigned: cmb (profile)
Status: Closed Package: Enchant related
PHP Version: 5.3.3 OS: Windows 7 Home Premium
Private report: No CVE-ID: None
 [2010-10-14 22:53 UTC] iwanluijks at gmail dot com
Description:
------------
Whenever I try to call (the undocumented function) enchant_broker_get_dict_path before enchant_broker_set_dict_path my PHP instance crashes.

My php.ini contains the following entries:
enchant support	enabled
Version 	1.1.0
Libenchant Version 	1.5.0 or later
Revision 	$Revision: 298870 $

ispell    Ispell Provider 	C:\PHP\libenchant_ispell.dll
myspell   Myspell Provider 	C:\PHP\libenchant_myspell.dll 

Test script:
---------------
<?php
$broker = enchant_broker_init();

enchant_broker_get_dict_path($broker, ENCHANT_ISPELL);
?>

Expected result:
----------------
Either false because no dictionary path is set yet or an empty string or some kind.

Actual result:
--------------
Report for php__PID__892__Date__10_14_2010__Time_10_40_17PM__834__Second_Chance_Exception_C0000005.dmp

Report for php__PID__892__Date__10_14_2010__Time_10_40_17PM__834__Second_Chance_Exception_C0000005.dmp
Type of Analysis Performed   Crash Analysis 
Machine Name   IWANLUIJKS-PC 
Operating System   Unexpected  
Number Of Processors   4 
Process ID   892 
Process Image   C:\PHP\php.exe 
System Up-Time   03:30:23 
Process Up-Time   00:00:31 

Thread 0 - System ID 5160
Entry point   php+2dda 
Create time   14-10-2010 22:39:46 
Time spent in user mode   0 Days 0:0:0.717 
Time spent in kernel mode   0 Days 0:0:0.93 

Function     Arg 1     Arg 2     Arg 3   Source 
php_enchant!get_module+6f0     00000002     027ce2b0     00000000    
php5!execute+cdf     02800080     027cdc80     02800080    
php5!execute+4c25     00c0ebe8     00c0fe9c     00c0fc84    
php5!execute+1f0     00000000     00000000     00000000    

PHP_ENCHANT!GET_MODULE+6F0WARNING - DebugDiag was not able to locate debug symbols for php_enchant.dll, so the information below may be incomplete.

In php__PID__892__Date__10_14_2010__Time_10_40_17PM__834__Second_Chance_Exception_C0000005.dmp the assembly instruction at php_enchant!get_module+6f0 in C:\PHP\ext\php_enchant.dll from The PHP Group has caused an access violation exception (0xC0000005) when trying to read from memory location 0x00000000 on thread 0

Module Information 
Image Name: C:\PHP\ext\php_enchant.dll   Symbol Type:  Export 
Base address: 0x003d0000   Time Stamp:  Wed Jul 21 21:35:15 2010  
Checksum: 0x00012284   Comments:  Thanks to Pierre-Alain Joye, Ilia Alshanetsky 
COM DLL: False   Company Name:  The PHP Group 
ISAPIExtension: False   File Description:  enchant 
ISAPIFilter: False   File Version:  5.3.3 
Managed DLL: False   Internal Name:  ENCHANT extension 
VB DLL: False   Legal Copyright:  Copyright © 1997-2009 The PHP Group 
Loaded Image Name:  php_enchant.dll   Legal Trademarks:  PHP 
Mapped Image Name:     Original filename:  php_enchant.dll 
Module name:  php_enchant   Private Build:   
Single Threaded:  False   Product Name:  PHP 
Module Size:  32,00 KBytes   Product Version:  5.3.3 
Symbol File Name:  php_enchant.dll   Special Build:  & 


Patches

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-10-14 23:15 UTC] felipe@php.net
I can't reproduce it on linux.
 [2010-10-14 23:32 UTC] pajoye@php.net
-Status: Open +Status: Feedback
 [2010-10-14 23:32 UTC] pajoye@php.net
Can you replace the libenchant.dll with libenchant_52841.zip, restart
apache and try again please?


http://windows.php.net/downloads/qa/test/libenchant_52841.zip

Also please try using the CLI as well.
 [2010-10-14 23:43 UTC] iwanluijks at gmail dot com
-Status: Feedback +Status: Open
 [2010-10-14 23:43 UTC] iwanluijks at gmail dot com
Replaced the file as you requested, restarted Apache and running the file from CLI and Apache still crashed PHP. I was able to generate the following backtrace, seems to be different from the others (run 3 others before it to compare all and this is the only different one, as expected):

Report for php__PID__3232__Date__10_14_2010__Time_11_37_32PM__970__Second_Chance_Exception_C0000005.dmp

Report for php__PID__3232__Date__10_14_2010__Time_11_37_32PM__970__Second_Chance_Exception_C0000005.dmp
Type of Analysis Performed   Crash Analysis 
Machine Name   IWANLUIJKS-PC 
Operating System   Unexpected  
Number Of Processors   4 
Process ID   3232 
Process Image   C:\PHP\php.exe 
System Up-Time   04:27:38 
Process Up-Time   00:00:01 

Thread 0 - System ID 4164
Entry point   php+2dda 
Create time   14-10-2010 23:37:32 
Time spent in user mode   0 Days 0:0:0.546 
Time spent in kernel mode   0 Days 0:0:0.78 

Function     Arg 1     Arg 2     Arg 3   Source 
php_enchant!get_module+6f0     00000001     695f0001     00000000    
0x00c0fb30     695f0001     00000000     6e20736e    

PHP_ENCHANT!GET_MODULE+6F0WARNING - DebugDiag was not able to locate debug symbols for php_enchant.dll, so the information below may be incomplete.

In php__PID__3232__Date__10_14_2010__Time_11_37_32PM__970__Second_Chance_Exception_C0000005.dmp the assembly instruction at php_enchant!get_module+6f0 in C:\PHP\ext\php_enchant.dll from The PHP Group has caused an access violation exception (0xC0000005) when trying to read from memory location 0x00000000 on thread 0

Module Information 
Image Name: C:\PHP\ext\php_enchant.dll   Symbol Type:  Export 
Base address: 0x00d50000   Time Stamp:  Wed Jul 21 21:35:15 2010  
Checksum: 0x00012284   Comments:  Thanks to Pierre-Alain Joye, Ilia Alshanetsky 
COM DLL: False   Company Name:  The PHP Group 
ISAPIExtension: False   File Description:  enchant 
ISAPIFilter: False   File Version:  5.3.3 
Managed DLL: False   Internal Name:  ENCHANT extension 
VB DLL: False   Legal Copyright:  Copyright © 1997-2009 The PHP Group 
Loaded Image Name:  php_enchant.dll   Legal Trademarks:  PHP 
Mapped Image Name:     Original filename:  php_enchant.dll 
Module name:  php_enchant   Private Build:   
Single Threaded:  False   Product Name:  PHP 
Module Size:  32,00 KBytes   Product Version:  5.3.3 
Symbol File Name:  php_enchant.dll   Special Build:  &
 [2010-10-15 00:01 UTC] iwanluijks at gmail dot com
I just generated an extended backtrace:

Report for php__PID__2596__Date__10_14_2010__Time_11_56_44PM__699__Second_Chance_Exception_C0000005.dmp

Report for php__PID__2596__Date__10_14_2010__Time_11_56_44PM__699__Second_Chance_Exception_C0000005.dmp
Type of Analysis Performed   Crash Analysis 
Machine Name   IWANLUIJKS-PC 
Operating System   Unexpected  
Number Of Processors   4 
Process ID   2596 
Process Image   C:\PHP\php.exe 
System Up-Time   04:46:49 
Process Up-Time   00:00:01 

Thread 0 - System ID 1496
Entry point   php!mainCRTStartup 
Create time   14-10-2010 23:56:43 
Time spent in user mode   0 Days 0:0:0.452 
Time spent in kernel mode   0 Days 0:0:0.140 

Function     Arg 1     Arg 2     Arg 3   Source 
php_enchant!zif_enchant_broker_get_dict_path+b0     00000002     0249e2a8     00000000    
php5!execute+cdf     024d0080     0249dc80     024d0080    
php5!execute+4c25     00c0ebe8     00c0fe9c     00c0fc84    
php5!execute+1f0     0249dc80     00c0fe9c     00000000    
php5!zend_execute_scripts+be     00000008     00000000     00000003    
php5!php_execute_script+1e2     00c0fe9c     0040642c     00000001    
php!main+a9a     00000003     025f1b10     025f1eb8    
php!memcpy+160     7efde000     00c0ffd4     776f9d72    
kernel32!BaseThreadInitThunk+e     7efde000     76ba527b     00000000    
ntdll!__RtlUserThreadStart+70     00402dda     7efde000     00000000    
ntdll!_RtlUserThreadStart+1b     00402dda     7efde000     00000000    

PHP_ENCHANT!ZIF_ENCHANT_BROKER_GET_DICT_PATH+B0In php__PID__2596__Date__10_14_2010__Time_11_56_44PM__699__Second_Chance_Exception_C0000005.dmp the assembly instruction at php_enchant!zif_enchant_broker_get_dict_path+b0 in C:\PHP\ext\php_enchant.dll from The PHP Group has caused an access violation exception (0xC0000005) when trying to read from memory location 0x00000000 on thread 0

Module Information 
Image Name: C:\PHP\ext\php_enchant.dll   Symbol Type:  PDB 
Base address: 0x02440000   Time Stamp:  Wed Jul 21 21:35:15 2010  
Checksum: 0x00012284   Comments:  Thanks to Pierre-Alain Joye, Ilia Alshanetsky 
COM DLL: False   Company Name:  The PHP Group 
ISAPIExtension: False   File Description:  enchant 
ISAPIFilter: False   File Version:  5.3.3 
Managed DLL: False   Internal Name:  ENCHANT extension 
VB DLL: False   Legal Copyright:  Copyright © 1997-2009 The PHP Group 
Loaded Image Name:  php_enchant.dll   Legal Trademarks:  PHP 
Mapped Image Name:     Original filename:  php_enchant.dll 
Module name:  php_enchant   Private Build:   
Single Threaded:  False   Product Name:  PHP 
Module Size:  32,00 KBytes   Product Version:  5.3.3 
Symbol File Name:  C:\PHP\ext\php_enchant.pdb   Special Build:  &
 [2010-10-16 19:52 UTC] felipe@php.net
Automatic comment from SVN on behalf of felipe
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=304447
Log: - Fixed bug #53070 (Calling enchant_broker_get_dict_path before set_path crashes php)
 [2010-10-16 19:53 UTC] felipe@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: felipe
 [2010-10-16 19:53 UTC] felipe@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 [2010-11-15 21:12 UTC] felipe@php.net
-Package: *Spelling functions +Package: Enchant related
 [2017-10-12 11:20 UTC] cmb@php.net
-Status: Closed +Status: Re-Opened -Assigned To: felipe +Assigned To: cmb
 [2017-10-12 11:20 UTC] cmb@php.net
Re-opening, because this is has not really been fixed. Actually,
enchant_broker_get_param() may return NULL, what has to be caught.
 [2017-10-15 11:55 UTC] cmb@php.net
-Summary: Calling enchant_broker_get_dict_path before set_path crashes php +Summary: enchant_broker_get_path crashes if no path is set
 [2017-10-15 12:12 UTC] cmb@php.net
Automatic comment on behalf of jelle@vdwaa.nl
Revision: http://git.php.net/?p=php-src.git;a=commit;h=5acb8381b22f4acf629d8fc89b4e0872f1a0825c
Log: Fixed bug #53070 (enchant_broker_get_path crashes if no path is set)
 [2017-10-15 12:12 UTC] cmb@php.net
-Status: Re-Opened +Status: Closed
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC