php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #63002 Access Violation 0xc0000005 errors caused by Wincache
Submitted: 2012-09-03 03:24 UTC Modified: 2012-10-23 16:50 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: pvasilevich at parallels dot com Assigned: ericsten (profile)
Status: Closed Package: WinCache (PECL)
PHP Version: 5.4.6 OS: Windows 2008R2
Private report: No CVE-ID: None
 [2012-09-03 03:24 UTC] pvasilevich at parallels dot com
Description:
------------
Wincache 1.3.4 and PHP 5.4.6

There is reliability problem caused by incorrect handling of memory allocation errors.



Test script:
---------------
Unfortunately, there are no test script to reproduce this problem. This problem appears suddenly, only if memory cannot be allocated in specified code areas.

I can provide 2 crash dumps for both problems if necessary.

Please review and apply provided patch. After applying this patch I haven't found any reliability issues anymore.

Expected result:
----------------
No Access Violation errors

Actual result:
--------------
Crash of PHP process

Patches

wincache-1.3.4-500-error-updated.patch (last revision 2012-10-09 02:59 UTC) by pvasilevich at parallels dot com)
wincache-1.3.4-500-error (last revision 2012-09-03 03:24 UTC) by pvasilevich at parallels dot com)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-10-08 22:42 UTC] ericsten@php.net
-Assigned To: +Assigned To: ericsten
 [2012-10-23 16:49 UTC] ericsten@php.net
Fix applied to PHP 5.4.x branch with SVN revision 328115
 [2012-10-23 16:50 UTC] ericsten@php.net
-Status: Assigned +Status: Closed
 [2012-10-23 16:50 UTC] ericsten@php.net
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.


 [2012-10-23 16:58 UTC] ericsten@php.net
Automatic comment from SVN on behalf of ericsten
Revision: http://svn.php.net/viewvc/?view=revision&revision=328118
Log: Updating version number for fix of bug 63002
 [2012-10-23 18:18 UTC] pvasilevich at parallels dot com
Hello ericsten, 

as I see you have commited 2 of 3 changes proposed in patch. There is still problem that could bring access violation crash:

--- wincache_opcopy.c	(revision 328119)
+++ wincache_opcopy.c	(working copy)
@@ -3316,6 +3316,12 @@
         if(ozendcl->parent != NULL)
         {
             clvalue[index].pcname = OSTRDUP(popcopy, ozendcl->parent->name);
+			if (clvalue[index].pcname == NULL)
+			{
+				result = popcopy->oomcode;
+				goto Finished;
+			}
+
             zend_str_tolower(clvalue[index].pcname, strlen(clvalue[index].pcname));
         }
         else


It will be nice if you add this patch as well.
 
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Tue Nov 13 05:01:25 2018 UTC