php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #55070 SHMOP not working / crash
Submitted: 2011-06-29 16:52 UTC Modified: 2020-04-12 04:22 UTC
From: ricardo dot nuno dot rodrigues at hotmail dot com Assigned: cmb (profile)
Status: No Feedback Package: *Extensibility Functions
PHP Version: 5.3.6 OS: Windows 7 64bit
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: ricardo dot nuno dot rodrigues at hotmail dot com
New email:
PHP Version: OS:

 

 [2011-06-29 16:52 UTC] ricardo dot nuno dot rodrigues at hotmail dot com
Description:
------------
If I make such a intensive read of something saved by shmop, the apache will 
crash.

If it was intensive write, the crash is sooner.

This only happens in Win32 (not in Linux)

Test script:
---------------
<?php

$key = 1;
$value = 1000;
$nbr_of_read_tests = 100000;

$shm_id = shmop_open( $key, "c", 0644, strlen($value));
shmop_write ( $shm_id , $value , 0);
shmop_close($shm_id);

for ($i = 1; $i <= $nbr_of_read_tests; $i++) {
 $shm_id = shmop_open($key, "a", 0, 0);
 shm_size = shmop_size($shm_id);
 $returnedValue = shmop_read ( $shm_id , 0 , $shm_size );
 shmop_close($shm_id);
}
shmop_delete($shm_id);
shmop_close($shm_id);
?>

Expected result:
----------------
work without any problem.

In Linux it works.

Actual result:
--------------
Crash of Apache

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-06-29 18:42 UTC] felipe@php.net
-Status: Open +Status: Feedback
 [2011-06-29 18:42 UTC] felipe@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.


 [2011-06-29 19:15 UTC] ricardo dot nuno dot rodrigues at hotmail dot com
-Status: Feedback +Status: Open
 [2011-06-29 19:15 UTC] ricardo dot nuno dot rodrigues at hotmail dot com
I tried on CLI mode and have the following error (in attach complete):

Function	 Arg 1	 Arg 2	 Arg 3	 Source
msvcr90!memcpy+158	02ed3cd8	00000000	00000004	
php_shmop!get_module+37f	00000003	02ed38f8	00000000	
php5ts!execute_internal+3a	02f00080	00000001	02eb1bc0	
php_xdebug_2_1_1_5_3_vc9!get_module+20bc	02f00080	00000001	
00000000	
php5ts!execute+1122	02f00080	02eb1b00	02eb1bc0	
php5ts!execute+583a	02ed3600	038c2ef0	00000000	
php5ts!execute+2e8	00000000	00000000	00000000	


More:

Analysis Summary
 	
Type	Description	Recommendation
  Error	In php__PID__10980__Date__06_14_2011__Time_10_59_20PM__98__First chance 
exception 0XC0000005.dmp the assembly instruction at msvcr90!memcpy+158 in 
C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_50
9463cabcb6ef2a\msvcr90.dll from Microsoft Corporation has caused an access 
violation exception (0xC0000005) when trying to read from memory location 
0x00000000 on thread 0
Please follow up with the vendor Microsoft Corporation for 
C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_50
9463cabcb6ef2a\msvcr90.dll
  Error	In 
php__PID__10276__Date__06_14_2011__Time_10_57_54PM__835__Second_Chance_Exception
_C0000005.dmp the assembly instruction at msvcr90!memcpy+158 in 
C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_50
9463cabcb6ef2a\msvcr90.dll from Microsoft Corporation has caused an access 
violation exception (0xC0000005) when trying to read from memory location 
0x00000000 on thread 0
Please follow up with the vendor Microsoft Corporation for 
C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_50
9463cabcb6ef2a\msvcr90.dll
  Error	In 
php__PID__10980__Date__06_14_2011__Time_10_59_25PM__862__Second_Chance_Exception
_C0000005.dmp the assembly instruction at msvcr90!memcpy+158 in 
C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_50
9463cabcb6ef2a\msvcr90.dll from Microsoft Corporation has caused an access 
violation exception (0xC0000005) when trying to read from memory location 
0x00000000 on thread 0
Please follow up with the vendor Microsoft Corporation for 
C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_50
9463cabcb6ef2a\msvcr90.dll
  Error	In php__PID__10276__Date__06_14_2011__Time_10_57_48PM__990__First chance 
exception 0XC0000005.dmp the assembly instruction at msvcr90!memcpy+158 in 
C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_50
9463cabcb6ef2a\msvcr90.dll from Microsoft Corporation has caused an access 
violation exception (0xC0000005) when trying to read from memory location 
0x00000000 on thread 0
Please follow up with the vendor Microsoft Corporation for 
C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_50
9463cabcb6ef2a\msvcr90.dll
  Information	DebugDiag determined that this dump file 
(php__PID__10980__Date__06_14_2011__Time_10_59_25PM__862__Second_Chance_Exceptio
n_C0000005.dmp) is a crash dump and did not perform any hang analysis. If you 
wish to enable combined crash and hang analysis for crash dumps, edit the 
CrashHangAnalysis.asp script (located in the DebugDiag\Scripts folder) and set 
the g_DoCombinedAnalysis constant to True.
 [2011-07-08 18:27 UTC] kalle@php.net
-Status: Open +Status: Feedback
 [2011-07-08 18:27 UTC] kalle@php.net
Can you try to disable xdebug and re-generate the backtrace if it still happens?
 [2012-05-04 23:04 UTC] ricardo dot nuno dot rodrigues at hotmail dot com
-Status: Feedback +Status: Open
 [2012-05-04 23:04 UTC] ricardo dot nuno dot rodrigues at hotmail dot com
with xdedug and PHP 5.4.1 VC9
-----------------------------
Thread 0 - System ID 2204
Entry point   httpd+2155 
Create time   04-05-2012 23:57:08 
Time spent in user mode   0 Days 0:0:1.123 
Time spent in kernel mode   0 Days 0:0:0.280 






Function     Arg 1     Arg 2     Arg 3   Source 
ntdll!NtClose+12     00000005     00000005     000cfe20    
KERNELBASE!CloseHandle+2d     00000005     025eaa10     025e2098    
kernel32!CloseHandleImplementation+3f     00000005     00000002     048a0020    
php_xcache+277f     025eaa10     01ea3368     01b269b0    
php_xcache+16b95     025e2098     01530500     00000000    
php_xcache+16dda     01b269b0     6ec53b4e     609aac01    
php5ts!zend_hash_graceful_reverse_destroy+d     00bff858     00405370     
00000001    
httpd+1c9d     00000003     00901b20     00901d88    
httpd+2034     7efde000     000cffd4     76ef9ef2    
kernel32!BaseThreadInitThunk+e     7efde000     7e7f92b1     00000000    
ntdll!__RtlUserThreadStart+70     00402155     7efde000     00000000    
ntdll!_RtlUserThreadStart+1b     00402155     7efde000     00000000    




In 
httpd__PID__3236__Date__05_04_2012__Time_11_58_55PM__105__Second_Chance_Exceptio
n_C0000008.dmp the assembly instruction at 0x76d312f7 which does not correspond 
to any known native module in the process has caused an unknown exception 
(0xc0000008) on thread 0


 Report for 
httpd__PID__2292__Date__05_04_2012__Time_11_58_44PM__616__Second_Chance_Exceptio
n_C0000005.dmp




Report for 
httpd__PID__2292__Date__05_04_2012__Time_11_58_44PM__616__Second_Chance_Exceptio
n_C0000005.dmp
Type of Analysis Performed   Crash Analysis 
Machine Name   QUAD 
Operating System   Unexpected Service Pack 1 
Number Of Processors   4 
Process ID   2292 
Process Image   C:\AppServ\Apache2.2\bin\httpd.exe 
System Up-Time   1 day(s) 15:55:15 
Process Up-Time   00:01:34 


Thread 5 - System ID 6928
Entry point   msvcr100!_endthreadex+6a 
Create time   04-05-2012 23:57:12 
Time spent in user mode   0 Days 0:0:0.15 
Time spent in kernel mode   0 Days 0:0:0.62 






Function     Arg 1     Arg 2     Arg 3   Source 
msvcr90!memcpy+158     3d57ffb8     00000000     00000004    
php_shmop_rsr!get_module+37f     2c709508     3d5620d0     2c709508    
php5ts!zval_add_ref+17b5     0e8efe10     0e8efb64     00000000    
php5ts!execute+1fd     3d57f458     2c709501     2c709508    
php5ts!zend_execute_scripts+119     00000650     00000401     0e8efb80    
user32!PostThreadMessageA+e1     0e8eff6c     00000000     56433230    
php5ts!php_execute_script+a7     00000000     00000000     00000000    
php5ts!zend_hash_quick_add_or_update+66     764d1194     0000026c     ffffffff    
KERNELBASE!WaitForSingleObjectEx+cb     00000020     609dc7f4     609f2cc6    
php5ts!xmlGetGlobalState+11     00a68968     00000000     01755700    
libhttpd!ap_regexec+d6     00959690     0174cb47     0e8efe30    
mod_rewrite+6387     0174b538     00000000     0174b538    
libhttpd!ap_run_handler+25     0174b538     0174b538     0174b538    
libhttpd!ap_invoke_handler+a2     00000000     017136e0     0e8efefc    
libhttpd!ap_die+26e     0174b538     00000000     00984918    
libhttpd!ap_psignature+15b2     017136e0     00000001     017136e0    
libhttpd!ap_run_process_connection+25     017136e0     009e9f80     0e8eff44    
libhttpd!ap_process_connection+33     017136e0     01713568     00000000    
libhttpd!ap_regkey_value_remove+fe7     017136d8     6559efcc     00000000    
msvcr100!_endthreadex+3f     00000000     0e8eff94     764d339a    
msvcr100!_endthreadex+ce     01660488     0e8effd4     76ef9ef2    
kernel32!BaseThreadInitThunk+e     01660488     70fd886c     00000000    
ntdll!__RtlUserThreadStart+70     730bc59c     01660488     00000000    
ntdll!_RtlUserThreadStart+1b     730bc59c     01660488     00000000    




MSVCR90!MEMCPY+158In 
httpd__PID__2292__Date__05_04_2012__Time_11_58_44PM__616__Second_Chance_Exceptio
n_C0000005.dmp the assembly instruction at msvcr90!memcpy+158 in 
C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50
934f2ebcb7eb57\msvcr90.dll from Microsoft Corporation has caused an access 
violation exception (0xC0000005) when trying to read from memory location 
0x00000000 on thread 5
 [2012-05-04 23:08 UTC] felipe@php.net
Try disabling xcache.
 [2012-05-04 23:08 UTC] felipe@php.net
-Status: Open +Status: Feedback
 [2012-05-04 23:20 UTC] ricardo dot nuno dot rodrigues at hotmail dot com
-Status: Feedback +Status: Open
 [2012-05-04 23:20 UTC] ricardo dot nuno dot rodrigues at hotmail dot com
without xdebug & xcache
--------------------------

Thread 27 - System ID 3292
Entry point   msvcr100!_endthreadex+6a 
Create time   05-05-2012 00:11:55 
Time spent in user mode   0 Days 0:0:0.0 
Time spent in kernel mode   0 Days 0:0:0.124 






Function     Arg 1     Arg 2     Arg 3   Source 
php5ts!shmget+17a     00000001     00000000     00000000    
php_shmop_rsr!get_module+1a2     0c7d5398     0eb220d0     0c7d5398    
php5ts!zval_add_ref+17b5     0504fe10     0504fb64     00000000    
php5ts!execute+1fd     0eb3f458     0c7d5301     0c7d5398    
php5ts!zend_execute_scripts+119     00000001     0eb3f4e9     0504fb80    
user32!PostThreadMessageA+e1     0504ff6c     00000000     56433230    
php5ts!php_execute_script+a7     764d1194     0000027c     ffffffff    
KERNELBASE!WaitForSingleObjectEx+cb     00000020     609dc7f4     609f2cc6    
php5ts!xmlGetGlobalState+11     00888968     00000000     014c1738    
libhttpd!ap_regexec+d6     00ba9690     014927e7     0504fe30    
mod_rewrite+6387     014911d8     00000000     014911d8    
libhttpd!ap_run_handler+25     014911d8     014911d8     014911d8    
libhttpd!ap_invoke_handler+a2     00000000     01485330     0504fefc    
libhttpd!ap_die+26e     014911d8     00000000     00bd4918    
libhttpd!ap_psignature+15b2     01485330     00000018     01485330    
libhttpd!ap_run_process_connection+25     01485330     00c397c8     0504ff44    
libhttpd!ap_process_connection+33     01485330     014851b8     00000000    
libhttpd!ap_regkey_value_remove+fe7     01485328     9f1b9813     00000000    
msvcr100!_endthreadex+3f     00000000     0504ff94     764d339a    
msvcr100!_endthreadex+ce     01444ce0     0504ffd4     76ef9ef2    
kernel32!BaseThreadInitThunk+e     01444ce0     7b64113e     00000000    
ntdll!__RtlUserThreadStart+70     730bc59c     01444ce0     00000000    
ntdll!_RtlUserThreadStart+1b     730bc59c     01444ce0     00000000    




PHP5TS!SHMGET+17AWARNING - DebugDiag was not able to locate debug symbols for php5ts.dll, so the information below may be incomplete.



In httpd__PID__7336__Date__05_05_2012__Time_12_15_19AM__621__Second_Chance_Exception_C0000005.dmp the assembly instruction at php5ts!shmget+17a in 
C:\AppServ\php5\php5ts.dll from The PHP Group has caused an access violation exception (0xC0000005) when trying to read from memory location 0x00000000 on thread 
27

Module Information 
Image Name: C:\AppServ\php5\php5ts.dll   Symbol Type:  Export 
Base address: 0x608e0000   Time Stamp:  Wed Apr 25 21:55:05 2012  
Checksum: 0x005d9775   Comments:   
COM DLL: False   Company Name:  The PHP Group 
ISAPIExtension: False   File Description:  PHP Script Interpreter 
ISAPIFilter: False   File Version:  5.4.1 
Managed DLL: False   Internal Name:  PHP Script Interpreter 
VB DLL: False   Legal Copyright:  Copyright © 1997-2010 The PHP Group 
Loaded Image Name:  php5ts.dll   Legal Trademarks:  PHP 
Mapped Image Name:     Original filename:  php5ts.dll 
Module name:  php5ts   Private Build:   
Single Threaded:  False   Product Name:  PHP 
Module Size:  5,96 MBytes   Product Version:  5.4.1 
Symbol File Name:  php5ts.dll   Special Build:  &
 [2012-05-04 23:22 UTC] ricardo dot nuno dot rodrigues at hotmail dot com
attention to:

msvcr100!_endthreadex+6a 

what vc10?!? this is compiled with vc9!
 [2016-10-07 13:01 UTC] cmb@php.net
-Package: Semaphore related +Package: *Extensibility Functions
 [2020-03-29 15:11 UTC] cmb@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb
 [2020-03-29 15:11 UTC] cmb@php.net
I cannot reproduce the reported access violation.  Can anybody
else with any of the actively supported PHP versions[1]?

[1] <https://www.php.net/supported-versions.php>
 [2020-04-12 04:22 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sun Dec 05 09:03:36 2021 UTC