php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #54935 php_win_err can lead to crash
Submitted: 2011-05-26 14:32 UTC Modified: 2011-05-26 16:37 UTC
From: freddy77 at gmail dot com Assigned: pajoye
Status: Closed Package: Unknown/Other Function
PHP Version: 5.3.6 OS: Windows
Private report: No CVE-ID:
 [2011-05-26 14:32 UTC] freddy77 at gmail dot com
Description:
------------
Under Windows if php fail to load an extension apache crash.

Looking at code I discovered that php_win_err is wrong (I don't know if this fix my problem).

In win32/winutil.c

PHPAPI char *php_win_err(int error)
{
        char *buf = NULL;

        FormatMessage(
                FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM |   FORMAT_MESSAGE_IGNORE_INSERTS,
                NULL, error, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR)&buf, 0, NULL
        );

        return (buf ? (char *) buf : "");
}

now if FormatMessage fails buf is NULL and a "" is returned however in ext/standard/dl.c a LocalFree is called if err (php_win_err result) is not NULL.

Expected result:
----------------
Program should report error and not crash


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-05-26 16:37 UTC] pajoye@php.net
Automatic comment from SVN on behalf of pajoye
Revision: http://svn.php.net/viewvc/?view=revision&revision=311444
Log: -fix bug 54935, php_win_err can lead to crash
 [2011-05-26 16:37 UTC] pajoye@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: pajoye
 [2011-05-26 16:37 UTC] pajoye@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Fri Apr 18 18:01:58 2014 UTC