PHP :: Bug #62910 :: intern string crash with phpts

Bug #62910	intern string crash with phpts
Submitted:	2012-08-23 17:41 UTC	Modified:	2012-12-05 15:25 UTC
From:	mattficken@php.net	Assigned:	ab (profile)
Status:	Closed	Package:	APC (PECL)
PHP Version:	5.4.6	OS:	Windows
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	mattficken@php.net
New email:
PHP Version:		OS:

New/Additional Comment:

[2012-08-23 17:41 UTC] mattficken@php.net

Description:
------------
I ran the phpunit tests for standard Symfony components and found 3 tests that crash PHP when APC is enabled (interned strings related).

I have translated those 3 tests to PHPTs now in APC, which crash (AV) PHP on Windows with APC 3.1.11 and php 5.4.6 nts.



Test script:
---------------
See symfony_* PHPTs

Expected result:
----------------
== doesn't crash ==

Actual result:
--------------
00 00c0d9fc 10007e5c 025edb90 0000001d 10008994 php_apc!apc_new_interned_string(char * arKey = 0x025edb90 "/Extensions/RepeatedTest.php", int nKeyLength = 0n29)+0x184 (FPO: [2,1,0]) (CONV: cdecl) [c:\php-sdk\php54\vc9\x86\php-src\ext\apc\apc_string.c @ 91]
01 00c0da08 10008994 025fa520 0351d470 0351eb68 php_apc!apc_string_pmemcpy(char * str = 0x931c35b3 "--- memory read error at address 0x931c35b3 ---", unsigned int len = 0x3115148, struct _apc_pool * pool = 0x0351c2b0)+0xc (FPO: [0,0,0]) (CONV: cdecl) [c:\php-sdk\php54\vc9\x86\php-src\ext\apc\apc_compile.c @ 284]
02 00c0da20 10009323 0351d470 0351c570 02fa6598 php_apc!my_copy_zval(struct _zval_struct * dst = 0x0351d470, struct _zval_struct * src = 0x000035b3, struct _apc_context_t * ctxt = 0x03115110)+0xf4 (FPO: [1,1,0]) (CONV: cdecl) [c:\php-sdk\php54\vc9\x86\php-src\ext\apc\apc_compile.c @ 342]
03 00c0db60 10009ea8 0351c4e8 02fa6510 00c0dbe0 php_apc!apc_copy_op_array(struct _zend_op_array * dst = 0x0351c4e8, struct _zend_op_array * src = 0x02fa6510, struct _apc_context_t * ctxt = 0x00c0dbe0)+0x1f3 (FPO: [3,74,0]) (CONV: cdecl) [c:\php-sdk\php54\vc9\x86\php-src\ext\apc\apc_compile.c @ 1105]
04 00c0db80 1000a424 00000000 02fa6510 00c0dbe0 php_apc!my_copy_function(union _zend_function * dst = 0x00000000, union _zend_function * src = 0x02fa6510, struct _apc_context_t * ctxt = 0x00c0dbe0)+0x78 (FPO: [3,0,0]) (CONV: cdecl) [c:\php-sdk\php54\vc9\x86\php-src\ext\apc\apc_compile.c @ 474]
05 00c0dbb0 1000cab4 00000011 00c0dbe0 00c0e0ac php_apc!apc_copy_new_functions(int old_count = 0n17, struct _apc_context_t * ctxt = 0x00c0dbe0)+0x124 (FPO: [2,4,0]) (CONV: cdecl) [c:\php-sdk\php54\vc9\x86\php-src\ext\apc\apc_compile.c @ 1380]
06 00c0e090 1000cf2d 00c0e250 00c0e344 00000008 php_apc!apc_compile_cache_entry(struct apc_cache_key_t * key = 0x00c0e250, struct _zend_file_handle * h = 0x00c0e344, int type = 0n8, long t = 0n1345743493, struct _zend_op_array ** op_array = 0x00c0e110, struct apc_cache_entry_t ** cache_entry = 0x00c0e114)+0x1e4 (FPO: [6,305,0]) (CONV: cdecl) [c:\php-sdk\php54\vc9\x86\php-src\ext\apc\apc_main.c @ 454]
07 00c0e284 7140ad41 00c0e344 00000008 025ee5f8 php_apc!my_compile_file(struct _zend_file_handle * h = 0x00c0e344, int type = 0n8)+0x3bd (FPO: [Non-Fpo]) (CONV: cdecl) [c:\php-sdk\php54\vc9\x86\php-src\ext\apc\apc_main.c @ 610]
08 00c0e328 715a163a 00c0e344 00000008 025ee4e0 php5!zend_compare_file_handles+0xc1
09 00c0e394 713b8424 00c0e3f8 00c0f69c 00c0e3e0 php5!libiconv_open+0x7bd6a
0a 00c0e3b0 7141f3a1 025ec628 00000000 00c0f69c php5!execute+0x164
0b 00c0e3e0 7138c64e 00000008 00000000 00000003 php5!zend_execute_scripts+0xc1
0c 00c0f544 00241738 029ab048 0024b754 00000006 php5!php_execute_script+0x14e
0d 00000000 00000000 00000000 00000000 00000000 php!sapi_cli_single_write+0x5a8

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2012-12-05 15:25 UTC] ab@php.net

The bug was intl related, fixed by Gustavo Lopes in this commit

http://git.php.net/?p=php-src.git;a=commitdiff;h=a5d0c1e21b9fa166d8fe5ec7d52a24a5f7adc107

[2012-12-05 15:25 UTC] ab@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: ab

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 26 05:01:30 2024 UTC