PHP :: Bug #58985 :: Possible crash in error recovery

Bug #58985	Possible crash in error recovery
Submitted:	2009-12-13 19:20 UTC	Modified:	2009-12-21 12:32 UTC
From:	donraman@php.net	Assigned:	DonRaman (profile)
Status:	Closed	Package:	WinCache (PECL)
PHP Version:	5.2.11	OS:	Windows
Private report:	No	CVE-ID:	None

View Developer Edit

[2009-12-13 19:20 UTC] donraman@php.net

Description:
------------
If for some reason the function PHP_MINIT_FUNCTION in the file php_wincache.c fails, WINCACHE crashes in the PHP_MSHUTDOWN_FUNCTION function.

Reproduce code:
---------------
There is no code to reproduce. I just changed the PHP_MINIT_FUNCTION to force an error. Recompile the WINCACHE code and use any small PHP file like the one below:

<?php
echo 'My name is Don';
?>

A crash can be seen.

Expected result:
----------------
The code should handle failure in WINCACHE and exit gracefully.

Actual result:
--------------
An access violation.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-12-13 19:30 UTC] don dot raman at microsoft dot com

The problem is happening because in the function PHP_MINIT_FUNCTION inside file php_wincache.c we also need to set these two lines so that value sets to NULL.

WCG(lfcache) = NULL;
WCG(locache) = NULL;

If we do not set it to NULL, it will get deleted again in PHP_MSHUTDOWN_FUNCTION.

[2009-12-13 20:30 UTC] don dot raman at microsoft dot com

Attaching possible patch. Please review and let me know.

Index: php_wincache.c
===================================================================
--- php_wincache.c	(revision 291858)
+++ php_wincache.c	(working copy)
@@ -570,6 +570,8 @@
 
             plcache2 = NULL;
         }
+		WCG(lfcache) = NULL;
+		WCG(locache) = NULL;
     }
 
     dprintverbose("end php_minit");

[2009-12-14 19:45 UTC] don dot raman at microsoft dot com

Assigning it to myself.

[2009-12-21 12:32 UTC] don dot raman at microsoft dot com

This bug has been fixed in SVN.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on pecl.php.net.

In case this was a pecl.php.net website problem, the change will show
up on the website in short time.
 
Thank you for the report, and for helping us make PECL better.

I have created a branch named futures and the fix for the crash is committed there. To view the changes look at:

http://svn.php.net/viewvc/pecl/wincache/branches/futures/php_wincache.c?r1=291828&r2=292428
http://svn.php.net/viewvc/pecl/wincache/branches/futures/php_wincache.h?r1=290891&r2=292428

At some point of time, this should be merged to mainline release.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue Nov 26 20:01:33 2024 UTC