php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #61339 is_readable() causes crash in special cases
Submitted: 2012-03-10 09:47 UTC Modified: 2013-08-02 04:18 UTC
From: ziegenberg at web dot de Assigned: yohgaki (profile)
Status: Closed Package: Filesystem function related
PHP Version: 5.3.10 OS: Windows 7 Pro 64bit
Private report: No CVE-ID: None
 [2012-03-10 09:47 UTC] ziegenberg at web dot de
Description:
------------
While I was working on some simple HTML templates I suddently got an error. Apache (2.2.22 or 2.4.1, both from apachelounge.com) didn't reply my request anymore. 

I spend hours with debugging and found the cause for the bug: a call of the is_readable() function, which checked the template file I have been working on.

After further checks I found the "problem" in the file: 
8 simple spaces, added by the editor as line indent.

If I remove the spaces, everything works fine. If I add the spaces, php ends processing when calling is_readable() on the file. I can repeat it as often as I want - it's the same file, in the same directory, with the same rights.

I wanted to create an example for you, but if I copy the file to another path, the error doesn't occur anymore. So the problem seems to be dependent of the file's path and content. Also PHP doesn't create an error, it just aborts the request (and the shutdown function isn't called).

Test script:
---------------
sorry, not possible

Expected result:
----------------
TRUE for the call of is_readable(), as the file exists and is readable

Actual result:
--------------
crash

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-03-10 10:13 UTC] pajoye@php.net
And how is the path? 

Are you sure it is is_readable and not the include/require function which crashes?
 [2012-03-10 11:29 UTC] ziegenberg at web dot de
Yes, it's the is_readable() function:

...
$path = APPLICATION_PATH . DIRECTORY_SEPARATOR . $theme . 
        DIRECTORY_SEPARATOR . 'layout' . DIRECTORY_SEPARATOR . 
        str_replace('_', DIRECTORY_SEPARATOR, $layout) . '.layout.php';

if (!is_readable($path))
{
    $host = self::getHost();
    throw new Cz_Request_Exception("Action configuration error: layout file '$path' for action '$action' and host '$host' does not exist or is not readable.");
}
...

The path seems to be a part of the problem, but the error depends on more factors. Here are some details of my research:

1) Not 8 spaces are required to create the error, one additional space is enough. This single space can be inserted somewhere in the file to produce the error.

2) I could reproduce it with two different paths, because the Apache directories in my tests where not the same. One is "C:\apache2" and the other is "C:\Apache24". The error occurred in both versions.

3) When I try to create a script to reproduce the bug I don't get an error. Also when I call is_readable() on the original file from there.

4) I renamed the template file. Same behaviour.

5) file_get_contents(), readfile(), file_exists(), file(), fopen() on the same file work as expected (no error).

6) include() and require() behave like is_readable() (error)


Is there a way to get more debug information?
 [2012-03-10 11:33 UTC] pajoye@php.net
-Status: Open +Status: Feedback
 [2012-03-10 11:33 UTC] pajoye@php.net
is_readable does not read the file, so no, it is not what can causes a crash if 
the contents of the file changed or not.

include and require may have a problem due to a bug in the parsing code, which is 
fixed in svn. Please try using a 5.3 snapshot.
 [2012-03-10 12:00 UTC] ziegenberg at web dot de
-Status: Feedback +Status: Open
 [2012-03-10 12:00 UTC] ziegenberg at web dot de
I tested all the current Windows VC9 TS snapshots. 

Results:
5.3 -> error still present, also when using include() instead of is_readable().
5.4 -> okay, no error.
Trunk (5.5-dev?) -> okay, no error.
 [2012-03-10 12:06 UTC] ziegenberg at web dot de
Here is a crash report I found, perhaps this helps:

-----

Version=1
EventType=APPCRASH
EventTime=129758533564007575
ReportType=2
Consent=1
ReportIdentifier=214d7de4-6aa6-11e1-bd6c-4c8093870ef0
IntegratorReportIdentifier=214d7de3-6aa6-11e1-bd6c-4c8093870ef0
WOW64=1
Response.type=4
Sig[0].Name=Anwendungsname
Sig[0].Value=httpd.exe
Sig[1].Name=Anwendungsversion
Sig[1].Value=2.2.22.0
Sig[2].Name=Anwendungszeitstempel
Sig[2].Value=4f4a84ad
Sig[3].Name=Fehlermodulname
Sig[3].Value=php5ts.dll
Sig[4].Name=Fehlermodulversion
Sig[4].Value=5.3.9.0
Sig[5].Name=Fehlermodulzeitstempel
Sig[5].Value=4f591617
Sig[6].Name=Ausnahmecode
Sig[6].Value=c0000005
Sig[7].Name=Ausnahmeoffset
Sig[7].Value=000a57a0
DynamicSig[1].Name=Betriebsystemversion
DynamicSig[1].Value=6.1.7601.2.1.0.256.48
DynamicSig[2].Name=Gebietsschema-ID
DynamicSig[2].Value=1031
DynamicSig[22].Name=Zusatzinformation 1
DynamicSig[22].Value=0a9e
DynamicSig[23].Name=Zusatzinformation 2
DynamicSig[23].Value=0a9e372d3b4ad19135b953a78882e789
DynamicSig[24].Name=Zusatzinformation 3
DynamicSig[24].Value=0a9e
DynamicSig[25].Name=Zusatzinformation 4
DynamicSig[25].Value=0a9e372d3b4ad19135b953a78882e789
UI[2]=C:\apache2\bin\httpd.exe
UI[3]=Apache HTTP Server funktioniert nicht mehr
UI[4]=Windows kann online nach einer Lösung für das Problem suchen.
UI[5]=Online nach einer Lösung suchen (empfohlen)
UI[6]=Später nach einer Lösung suchen (empfohlen)
UI[7]=Schließen
UI[8]=Apache HTTP Server wurde beendet und geschlossen.
UI[9]=Die Anwendung wird aufgrund eines Problems nicht mehr richtig ausgeführt. Sie erhalten Nachricht, wenn eine Lösung verfügbar ist.
UI[10]=S&chließen
LoadedModule[0]=C:\apache2\bin\httpd.exe
LoadedModule[1]=C:\Windows\SysWOW64\ntdll.dll
LoadedModule[2]=C:\Windows\syswow64\kernel32.dll
LoadedModule[3]=C:\Windows\syswow64\KERNELBASE.dll
LoadedModule[4]=C:\apache2\bin\libhttpd.dll
LoadedModule[5]=C:\Windows\syswow64\WS2_32.dll
LoadedModule[6]=C:\Windows\syswow64\msvcrt.dll
LoadedModule[7]=C:\Windows\syswow64\RPCRT4.dll
LoadedModule[8]=C:\Windows\syswow64\SspiCli.dll
LoadedModule[9]=C:\Windows\syswow64\CRYPTBASE.dll
LoadedModule[10]=C:\Windows\SysWOW64\sechost.dll
LoadedModule[11]=C:\Windows\syswow64\NSI.dll
LoadedModule[12]=C:\Windows\system32\MSWSOCK.dll
LoadedModule[13]=C:\Windows\syswow64\user32.dll
LoadedModule[14]=C:\Windows\syswow64\GDI32.dll
LoadedModule[15]=C:\Windows\syswow64\LPK.dll
LoadedModule[16]=C:\Windows\syswow64\USP10.dll
LoadedModule[17]=C:\Windows\syswow64\ADVAPI32.dll
LoadedModule[18]=C:\apache2\bin\libaprutil-1.dll
LoadedModule[19]=C:\apache2\bin\libapriconv-1.dll
LoadedModule[20]=C:\apache2\bin\libapr-1.dll
LoadedModule[21]=C:\Windows\syswow64\SHELL32.dll
LoadedModule[22]=C:\Windows\syswow64\SHLWAPI.dll
LoadedModule[23]=C:\Windows\system32\MSVCR100.dll
LoadedModule[24]=C:\Windows\system32\IMM32.DLL
LoadedModule[25]=C:\Windows\syswow64\MSCTF.dll
LoadedModule[26]=C:\Windows\SysWOW64\nvinit.dll
LoadedModule[27]=C:\Windows\System32\wship6.dll
LoadedModule[28]=C:\Windows\System32\wshtcpip.dll
LoadedModule[29]=C:\apache2\modules\mod_actions.so
LoadedModule[30]=C:\apache2\modules\mod_alias.so
LoadedModule[31]=C:\apache2\modules\mod_asis.so
LoadedModule[32]=C:\apache2\modules\mod_auth_basic.so
LoadedModule[33]=C:\apache2\modules\mod_authn_default.so
LoadedModule[34]=C:\apache2\modules\mod_authn_file.so
LoadedModule[35]=C:\apache2\modules\mod_authz_default.so
LoadedModule[36]=C:\apache2\modules\mod_authz_groupfile.so
LoadedModule[37]=C:\apache2\modules\mod_authz_host.so
LoadedModule[38]=C:\apache2\modules\mod_authz_user.so
LoadedModule[39]=C:\apache2\modules\mod_autoindex.so
LoadedModule[40]=C:\apache2\modules\mod_cgi.so
LoadedModule[41]=C:\apache2\modules\mod_deflate.so
LoadedModule[42]=C:\apache2\bin\zlib1.dll
LoadedModule[43]=C:\apache2\modules\mod_dir.so
LoadedModule[44]=C:\apache2\modules\mod_env.so
LoadedModule[45]=C:\apache2\modules\mod_expires.so
LoadedModule[46]=C:\apache2\modules\mod_include.so
LoadedModule[47]=C:\apache2\modules\mod_isapi.so
LoadedModule[48]=C:\apache2\modules\mod_log_config.so
LoadedModule[49]=C:\apache2\modules\mod_mime.so
LoadedModule[50]=C:\apache2\modules\mod_negotiation.so
LoadedModule[51]=C:\apache2\modules\mod_rewrite.so
LoadedModule[52]=C:\apache2\modules\mod_setenvif.so
LoadedModule[53]=C:\PHP\php5apache2_2.dll
LoadedModule[54]=C:\PHP\php5ts.dll
LoadedModule[55]=C:\Windows\syswow64\OLEAUT32.dll
LoadedModule[56]=C:\Windows\syswow64\ole32.dll
LoadedModule[57]=C:\Windows\system32\ODBC32.dll
LoadedModule[58]=C:\Windows\system32\DNSAPI.dll
LoadedModule[59]=C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
LoadedModule[60]=C:\Windows\system32\odbcint.dll
LoadedModule[61]=C:\PHP\ext\php_bz2.dll
LoadedModule[62]=C:\PHP\ext\php_curl.dll
LoadedModule[63]=C:\apache2\bin\LIBEAY32.dll
LoadedModule[64]=C:\apache2\bin\SSLEAY32.dll
LoadedModule[65]=C:\Windows\syswow64\WLDAP32.dll
LoadedModule[66]=C:\PHP\ext\php_fileinfo.dll
LoadedModule[67]=C:\PHP\ext\php_gd2.dll
LoadedModule[68]=C:\PHP\ext\php_gettext.dll
LoadedModule[69]=C:\PHP\ext\php_gmp.dll
LoadedModule[70]=C:\PHP\ext\php_mbstring.dll
LoadedModule[71]=C:\PHP\ext\php_mysql.dll
LoadedModule[72]=C:\PHP\ext\php_mysqli.dll
LoadedModule[73]=C:\PHP\ext\php_openssl.dll
LoadedModule[74]=C:\PHP\ext\php_pdo_mysql.dll
LoadedModule[75]=C:\PHP\ext\php_pdo_sqlite.dll
LoadedModule[76]=C:\PHP\ext\php_soap.dll
LoadedModule[77]=C:\PHP\ext\php_sockets.dll
LoadedModule[78]=C:\PHP\ext\php_sqlite3.dll
LoadedModule[79]=C:\PHP\ext\php_tidy.dll
LoadedModule[80]=C:\PHP\ext\php_xmlrpc.dll
LoadedModule[81]=C:\PHP\ext\php_xsl.dll
LoadedModule[82]=C:\PHP\ext\php_exif.dll
LoadedModule[83]=C:\PHP\ext\php_xdebug.dll
FriendlyEventName=Nicht mehr funktionsfähig
ConsentKey=APPCRASH
AppName=Apache HTTP Server
AppPath=C:\apache2\bin\httpd.exe

-----

After installing the 5.3 snapshot the version named there is 5.3.9, but for 5.3.10 it's the same.
 [2012-03-10 16:54 UTC] pajoye@php.net
-Status: Open +Status: Feedback
 [2012-03-10 16:54 UTC] pajoye@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.


 [2012-03-10 18:57 UTC] ziegenberg at web dot de
It's not possible to ue the Debug Diagnostic Tools on Windows 7 (you can install it but only use it for analysis).

The newer version 1.2 doesn't run on non-English systems (known problem). A workaround helped to fix the first errors with the installation, but there are other errors that don't allow an installation.

For two hours I tried everything to get it working, but the only result I get are innumerable error pop ups. I have to give it up now, sorry.
 [2012-03-10 18:57 UTC] ziegenberg at web dot de
-Status: Feedback +Status: Open
 [2012-03-10 19:15 UTC] pajoye@php.net
-Status: Open +Status: Feedback
 [2012-03-10 19:15 UTC] pajoye@php.net
hi,

Well, without a script (or set of scripts), a sample path you use (aka the string 
itself like "c:\foo\bar\somescrpt.php") or anything like that, there is no chance 
for us to have a remote idea about what could be the issue.
 [2012-03-11 08:36 UTC] ziegenberg at web dot de
I could reproduce the problem on Windows XP SP3 and get debug information from there:

Type of Analysis Performed   Crash Analysis 
Machine Name   VIRTUALXP-55431 
Operating System   Windows XP Service Pack 3 
Number Of Processors   1 
Process ID   3828 
Process Image   C:\apache2\bin\httpd.exe 
System Up-Time   00:23:00 
Process Up-Time   00:00:22 


Thread 29 - System ID 1664
Entry point   msvcr100!_endthreadex+6a 
Create time   11.03.2012 09:28:48 
Time spent in user mode   0 Days 0:0:0.30 
Time spent in kernel mode   0 Days 0:0:0.10 


Function     Arg 1     Arg 2     Arg 3   Source 
php5ts!lex_scan+29b0     01b1e410     011e8978     011e8978    
php5ts!zend_register_auto_global+ae     01b1e408     011e8978     02670cd8    
php5ts!zend_iterator_unwrap+584     01b1e524     00000001     00000000    
ntdll!RtlIntegerToUnicode+11d     00099414     7c9120f5     01b1e90c    
kernel32!BasepInitializeFindFileHandle+4b     000005f4     01b1ebac     00000000    
kernel32!FindFirstFileExW+49b     7c91e920     7c920228     ffffffff    
0x01b1eafc     01b1e944     0126fd40     01b1eb01    
ntdll!RtlCreateUnicodeString+1c     00000003     00924881     00000000    


PHP5TS!LEX_SCAN+29B0WARNING - DebugDiag was not able to locate debug symbols for php5ts.dll, so the information below may be incomplete.


In httpd__PID__3828__Date__03_11_2012__Time_09_29_09AM__843__Second_Chance_Exception_C0000005.dmp the assembly instruction at php5ts!lex_scan+29b0 in C:\PHP\php5ts.dll from The PHP Group has caused an access violation exception (0xC0000005) when trying to read from memory location 0x027a2000 on thread 29

Module Information 
Image Name: C:\PHP\php5ts.dll   Symbol Type:  Export 
Base address: 0x00840000   Time Stamp:  Thu Feb 02 20:36:49 2012  
Checksum: 0x005a3fb6   Comments:   
COM DLL: False   Company Name:  The PHP Group 
ISAPIExtension: False   File Description:  PHP Script Interpreter 
ISAPIFilter: False   File Version:  5.3.10 
Managed DLL: False   Internal Name:  PHP Script Interpreter 
VB DLL: False   Legal Copyright:  Copyright © 1997-2010 The PHP Group 
Loaded Image Name:  php5ts.dll   Legal Trademarks:  PHP 
Mapped Image Name:     Original filename:  php5ts.dll 
Module name:  php5ts   Private Build:   
Single Threaded:  False   Product Name:  PHP 
Module Size:  5,77 MBytes   Product Version:  5.3.10 
Symbol File Name:  php5ts.dll   Special Build:  &
 [2012-03-11 08:36 UTC] ziegenberg at web dot de
-Status: Feedback +Status: Open
 [2013-08-02 04:18 UTC] yohgaki@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: yohgaki
 [2013-08-02 04:18 UTC] yohgaki@php.net
>I tested all the current Windows VC9 TS snapshots. 
>
>Results:
>5.3 -> error still present, also when using include() instead of is_readable().
>5.4 -> okay, no error.
>Trunk (5.5-dev?) -> okay, no error.

Closing. 5.3 is security fix only now.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 19:01:29 2024 UTC