PHP :: Bug #62837 :: ISAPI方式使用PHP,会导致web服务器崩溃.

Bug #62837	ISAPI方式使用PHP,会导致web服务器崩溃.
Submitted:	2012-08-16 09:02 UTC	Modified:	2013-06-26 06:38 UTC
From:	175384354 at qq dot com	Assigned:
Status:	No Feedback	Package:	*General Issues
PHP Version:	5.3.15	OS:	windows server 2003
Private report:	No	CVE-ID:	None

View Developer Edit

[2012-08-16 09:02 UTC] 175384354 at qq dot com

Description:
------------
php post

Test script:
---------------
<?php
 setcookie("myup","tgy_cookie_up",time()+3600);
?>
<form action="" method="post" enctype="multipart/form-data">
        <input type="hidden" name="MAX_FILE_SIZE"    value="">
        <input type="file" name="pic" /><br>
        <input type="file" name="text" /><br>
        <input type="file" name="doc" /><br>
        <input type="file" name="pdf" /><br>
        <input type="submit" value="开始上传"/>
    </form>
<?
    $up_info=$_FILES;
    $upload_dir="upload/";  
    $typelist=array("image/gif","image/jpeg","image/pjpeg","image/png"); 
if (!is_dir( $upload_dir)) {
if (!mkdir($upload_dir))
   die ("upload_files directory doesn't exist and creation failed");
if (!chmod($upload_dir,0755))
die ("change permission to 755 failed.");
}
$handle=opendir($upload_dir);
$filelist = "";
    foreach($up_info as $k_name=>$value){   //用foreach循环 处理多个文件的上传
    //2.判断文件是否上传错误

    if($up_info[$k_name]['error']>0){
        switch($up_info['error'][$i]){
            case 1:
                $err_info="上传的文件超过了 php.ini 中 upload_max_filesize 选项限制的值";
                break;
            case 2:
                $err_info="上传文件的大小超过了 HTML 表单中 MAX_FILE_SIZE 选项指定的值";
                break;
            case 3:
                $err_info="文件只有部分被上传";
                break;
            case 4:
                $err_info="没有文件被上传";
                break;
            case 6:
                $err_info="找不到临时文件夹";
                break;
            case 7:
                $err_info="文件写入失败";
                break;
            default:
                $err_info="未知的上传错误";
                break;
        }
        continue($err_info);
    }
    $exten_name=pathinfo($up_info[$k_name]['name'],PATHINFO_EXTENSION);

        do{
            $main_name=date('YmHis'.'--'.rand(100,999));        
            $new_name=$main_name.'.'.$exten_name;
        }while(file_exists($to_path.'/'.$new_name));


    //6.判断是否是上传的文件，并执行上传

    if(is_uploaded_file($up_info[$k_name]['tmp_name'])){

            if(move_uploaded_file($up_info[$k_name]['tmp_name'],$upload_dir.'/'.$new_name)){
                echo '上传成功!<br>';
                }else{
                echo '上传文件移动失败!';
                }
        }else{
            echo '文件不是上传的文件';
            }

    }   //for循环的括号

while ($file = readdir($handle)) {
   if(!is_dir($file) && !is_link($file)) {
      $filelist .= "<a href='$upload_dir$file'>".$file."</a>";
      if ($DELETABLE)
        $filelist .= " <a href='?del=$upload_dir$file' title='delete'>x</a>";
      $filelist .= "<sub><small><small><font color=grey> ".date("d-m H:i", filemtime($upload_dir.$file))."</font></small></small></sub>";
      $filelist .="<br>";
   }
}
echo "COOKIE:".$HTTP_COOKIE_VARS['myup']."<br>";
echo  $filelist;

?>

Expected result:
----------------
PHP从PHP5.2.17到5.3.15 都存在一个问题,会导致WEB服务器程序崩溃。
BUG描述:
服务器操作系统：windows server 2003
浏览器：MS IE 7.0
PHP使用方式:isapi

打开一个POST上传文件的PHP页面并上传一个文件,如果让这个上传页面闲置十几分钟以上，再次提交上传，会导致WEB服务器崩溃，而且没有任何提示。

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2012-08-16 09:09 UTC] 175384354 at qq dot com

其它版本的PHP没有测试过,估计也有这个问题

[2012-08-16 10:27 UTC] laruence@php.net

-Status: Open +Status: Feedback

[2012-08-16 10:27 UTC] laruence@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

[2012-08-17 08:05 UTC] 175384354 at qq dot com

-Status: Feedback +Status: Open

[2012-08-17 08:05 UTC] 175384354 at qq dot com

Analysis Summary  
  Type Description Recommendation 
  Error In IOCP_HTTP_SERVER__PID__2468__Date__08_17_2012__Time_03_45_11PM__582__Second_Chance_Exception_C0000008.dmp the assembly instruction at ntdll!KiRaiseUserExceptionDispatcher+37 in C:\WINDOWS\system32\ntdll.dll has caused an unknown exception (0xc0000008) on thread 2

This exception originated from IOCP_HTTP_SERVER+ce93.  This exception occured as a result of an invalid handle passed to KERNEL32!CLOSEHANDLE by the following function:

IOCP_HTTP_SERVER+ce93

Please follow up with the vendor of this module for further assistance with this issue. 
  Information DebugDiag determined that this dump file (IOCP_HTTP_SERVER__PID__2468__Date__08_17_2012__Time_03_45_11PM__582__Second_Chance_Exception_C0000008.dmp) is a crash dump and did not perform any hang analysis. If you wish to enable combined crash and hang analysis for crash dumps, edit the CrashHangAnalysis.asp script (located in the DebugDiag\Scripts folder) and set the g_DoCombinedAnalysis constant to True.   
 
 

 
 Analysis Details  
  


 Your browser settings are currently prohibiting this report's scripts from running.
This is preventing some features of this analysis report from displaying properly. To enable scripts to run, right-click the security warning above and choose "Allow Blocked Content..." or enable the "Allow active content to run in files on My Computer*" setting on the Advanced tab of your "Internet Options" dialog to avoid being prompted in the future 



Table Of Contents
IOCP_HTTP_SERVER__PID__2468__Date__08_17_2012__Time_03_45_11PM__582__Second_Chance_Exception_C0000008.dmp
   Faulting Thread
   Faulting Module Information

 Report for IOCP_HTTP_SERVER__PID__2468__Date__08_17_2012__Time_03_45_11PM__582__Second_Chance_Exception_C0000008.dmp



Report for IOCP_HTTP_SERVER__PID__2468__Date__08_17_2012__Time_03_45_11PM__582__Second_Chance_Exception_C0000008.dmp
Type of Analysis Performed   Crash Analysis 
Machine Name   WS-YY-WEB 
Operating System   Windows Server 2003 Service Pack 2 
Number Of Processors   4 
Process ID   2468 
Process Image   D:\I\IOCP_HTTP_SERVER.exe 
System Up-Time   31 day(s) 16:44:41 
Process Up-Time   00:00:06 


Thread 2 - System ID 3992
Entry point   IOCP_HTTP_SERVER+8407 
Create time   2012-8-17 15:45:06 
Time spent in user mode   0 Days 0:0:0.15 
Time spent in kernel mode   0 Days 0:0:0.15 




Function     Arg 1     Arg 2     Arg 3   Source 
ntdll!KiRaiseUserExceptionDispatcher+37     7c956d49     7c823eb3     01c00000    
ntdll!KiFastSystemCall+3     7c823eb3     01c00000     0124fd4c    
ntdll!ZwClose+c     01c00000     0124fd4c     0040ce93    
kernel32!CloseHandle+59     01c00000     00000000     01c00000    
IOCP_HTTP_SERVER+ce93     0124fd58     00ae2cc4     00000000    
IOCP_HTTP_SERVER+a6ed     0000019c     00ae2724     0124ff08    
IOCP_HTTP_SERVER+8871     00ae260c     00000261     00000000    
IOCP_HTTP_SERVER+853c     0000017c     00000000     00000000    
kernel32!BaseThreadStart+34     00408407     0000017c     00000000    


In IOCP_HTTP_SERVER__PID__2468__Date__08_17_2012__Time_03_45_11PM__582__Second_Chance_Exception_C0000008.dmp the assembly instruction at ntdll!KiRaiseUserExceptionDispatcher+37 in C:\WINDOWS\system32\ntdll.dll has caused an unknown exception (0xc0000008) on thread 2

This exception originated from IOCP_HTTP_SERVER+ce93. Module Information 
Image Name: D:\I\IOCP_HTTP_SERVER.exe   Symbol Type:  None 
Base address: 0x00400000   Time Stamp:  Thu Jan 01 11:25:45 1970  
Checksum: 0x00000000   Comments:   
COM DLL: False   Company Name:   
ISAPIExtension: False   File Description:   
ISAPIFilter: False   File Version:   
Managed DLL: False   Internal Name:   
VB DLL: False   Legal Copyright:   
Loaded Image Name:  IOCP_HTTP_SERVER.exe   Legal Trademarks:   
Mapped Image Name:     Original filename:   
Module name:  IOCP_HTTP_SERVER   Private Build:   
Single Threaded:  False   Product Name:   
Module Size:  128.00 KBytes   Product Version:   
Symbol File Name:  IOCP_HTTP_SERVER.exe   Special Build:  & 


 
 

 
 Script Summary  
  Script Name Status Error Code Error Source Error Description Source Line 
CrashHangAnalysis.asp Completed

[2013-06-20 09:52 UTC] ab@php.net

-Status: Open +Status: Feedback

[2013-06-20 09:52 UTC] ab@php.net

Besides I don't see any php related information, do you experience the same with 
5.4? Please get the debug symbols as well to produce a useful BT.

[2013-06-26 06:38 UTC] ab@php.net

-Status: Feedback +Status: No Feedback

[2013-06-26 06:38 UTC] ab@php.net

No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Thu Jan 02 17:01:28 2025 UTC