php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #53292 imap_header crashes when too may To: addresses exist
Submitted: 2010-11-10 23:40 UTC Modified: 2011-03-03 11:30 UTC
Votes:3
Avg. Score:4.7 ± 0.5
Reproduced:2 of 3 (66.7%)
Same Version:2 (100.0%)
Same OS:1 (50.0%)
From: mmitchell at riccagroup dot com Assigned: pajoye (profile)
Status: Closed Package: IMAP related
PHP Version: 5.2.14 OS: Windows
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2010-11-10 23:40 UTC] mmitchell at riccagroup dot com 
Description:
------------
Seems that bug http://bugs.php.net/19280 is happening again.

When I try to read a mail message with a long list of To: addresses PHP crashes every time. The email I have issues with has a 168 "To:" addresses in it. 

Test script:
---------------
$mbox = imap_open($imapLocation.'INBOX', $user, $pass);
$headerInfo = imap_header($mbox, $mailID);
// Above will crash if the message being read has too many To: addresses 


Expected result:
----------------
Should not crash, should parse as many To: addresses as possible

Actual result:
--------------
PHP exists with a status other then zero. This status changes each time the script crashes.

Windows error log shows 

Faulting application php.exe, version 5.2.13.13, faulting module php_imap.dll, version 5.2.13.13, fault address 0x00046144.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-11-11 00:10 UTC] cataphract@php.net
-Status: Open +Status: Feedback
 [2010-11-11 00:10 UTC] cataphract@php.net 
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.
 [2010-11-11 16:47 UTC] mmitchell at riccagroup dot com
-Status: Feedback +Status: Open
 [2010-11-11 16:47 UTC] mmitchell at riccagroup dot com 
I did a backtrace but it seems to crash in ntdll.dll and I don't know if any of this is useful. I'm not sure how to upload the backtrace file so I will just paste the parts that seem to be important here. 


Thread 0 - System ID 11372
Entry point   php+2f72 
Create time   11/11/2010 1:15:22 AM 
Time spent in user mode   0 Days 0:0:3.843 
Time spent in kernel mode   0 Days 0:0:0.312 

Function     Arg 1     Arg 2     Arg 3   Source 
ntdll!RtlSubtreePredecessor+195     00411028     00411044     00411028   
super long list here.....

NTDLL!RTLSUBTREEPREDECESSOR+195WARNING - DebugDiag was not able to locate debug symbols for ntdll.dll, so the information below may be incomplete.




In php__PID__3540__Date__11_11_2010__Time_01_15_39AM__469__Second_Chance_Exception_C0000005.dmp the assembly instruction at ntdll!RtlSubtreePredecessor+195 in C:\WINDOWS\system32\ntdll.dll from Microsoft Corporation has caused an access violation exception (0xC0000005) when trying to write to memory location 0x00410fb0 on thread 0

Module Information 
Image Name: C:\WINDOWS\system32\ntdll.dll   Symbol Type:  Export 
Base address: 0x7c800000   Time Stamp:  Mon Feb 09 06:02:56 2009  
Checksum: 0x000c2b9d   Comments:   
COM DLL: False   Company Name:  Microsoft Corporation 
ISAPIExtension: False   File Description:  NT Layer DLL 
ISAPIFilter: False   File Version:  5.2.3790.4455 (srv03_sp2_gdr.090203-1205) 
Managed DLL: False   Internal Name:  ntdll.dll 
VB DLL: False   Legal Copyright:  © Microsoft Corporation. All rights reserved. 
Loaded Image Name:  ntdll.dll   Legal Trademarks:   
Mapped Image Name:     Original filename:  ntdll.dll 
Module name:  ntdll   Private Build:   
Single Threaded:  False   Product Name:  Microsoft® Windows® Operating System 
Module Size:  776.00 KBytes   Product Version:  5.2.3790.4455 
Symbol File Name:  ntdll.dll   Special Build:  &
 [2010-11-11 18:06 UTC] mmitchell at riccagroup dot com 
I tried to do a better back trace this time. I was missing the entry in the debug symbol path this time that downloads the microsoft debug symbols.

My Symbol search path is 
"C:\php;C:\php\ext;SRV*c:\symbols*http://msdl.microsoft.com/download/symbols"

For some reason I still get 

"WARNING - DebugDiag was not able to locate debug symbols for C:\php\ext\php_imap.dll, so the information below may be incomplete."

But the .pdb file is at C:\php\ext\php_imap.pdb so I'm not sure why it can't find it. Any ideas?
 [2010-11-11 18:30 UTC] pajoye@php.net 
Try with 5.3.3 please.
 [2010-11-11 18:30 UTC] pajoye@php.net
-Status: Open +Status: Feedback
 [2010-11-11 18:32 UTC] pajoye@php.net 
I mean the bug not to get a backtrace.
 [2010-11-11 18:51 UTC] mmitchell at riccagroup dot com
-Status: Feedback +Status: Open
 [2010-11-11 18:51 UTC] mmitchell at riccagroup dot com 
Works with 5.3.3 VC6 Thread Safe!
Works with 5.3.3 VC9 Thread Safe!

Still fails with 5.2.14 even with minimal config where php_imap is the only ext loaded.

I guess whatever change in 5.3 fixed this should be back ported to 5.2?
 [2011-03-03 11:25 UTC] chrisst at carmel dot ac dot uk 
Agreed with mmitchell, I am also experiencing this issue.  Would be great if this could be ported to 5.2.x.
 [2011-03-03 11:30 UTC] pajoye@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: pajoye
 [2011-03-03 11:30 UTC] pajoye@php.net 
5.2 is a dead branch and it is actually a c-client problem. 5.3 has the newest 
version of c-client, which seems to fix this problem.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Apr 20 01:01:28 2024 UTC