php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #64359 strftime crash with php/vc11
Submitted: 2013-03-05 18:16 UTC Modified: 2013-03-06 09:29 UTC
From: ab@php.net Assigned:
Status: Closed Package: Date/time related
PHP Version: Irrelevant OS: Windows
Private report: No CVE-ID:
 [2013-03-05 18:16 UTC] ab@php.net
Description:
------------
PHP crashes only when compiled with VC11. I could track it back with 5.4.1 compiled with VC11. Another not obvious crash happens with 5.5/VC9 using O+. Here's the backtrace 5.5/VC11:

 msvcr110d.dll!_invoke_watson(const wchar_t * pszExpression, const wchar_t * pszFunction, const wchar_t * pszFile, unsigned int nLine, unsigned int pReserved) Line 131C++
 msvcr110d.dll!_invoke_watson_if_error(int _ExpressionError, const wchar_t * _Expression, const wchar_t * _Function, const wchar_t * _File, unsigned int _Line, unsigned int _Reserved) Line 730C
 msvcr110d.dll!_W_expandtime(localeinfo_struct * plocinfo, wchar_t specifier, const tm * timeptr, wchar_t * * string, unsigned int * left, __lc_time_data * lc_time, unsigned int alternate_form) Line 722C++
 msvcr110d.dll!_Wcsftime_l(wchar_t * string, unsigned int maxsize, const wchar_t * format, const tm * timeptr, void * lc_time_arg, localeinfo_struct * plocinfo) Line 323C++
 msvcr110d.dll!_Strftime_l(char * string, unsigned int maxsize, const char * format, const tm * timeptr, void * lc_time_arg, localeinfo_struct * plocinfo) Line 285C++
 msvcr110d.dll!strftime(char * string, unsigned int maxsize, const char * format, const tm * timeptr) Line 189C++
 php5_debug.dll!php_strftime(int ht, _zval_struct * return_value, _zval_struct * * return_value_ptr, _zval_struct * this_ptr, int return_value_used, int gmt) Line 1631C
 php5_debug.dll!zif_strftime(int ht, _zval_struct * return_value, _zval_struct * * return_value_ptr, _zval_struct * this_ptr, int return_value_used) Line 1657C
 php5_debug.dll!zend_do_fcall_common_helper_SPEC(_zend_execute_data * execute_data) Line 542C
 php5_debug.dll!ZEND_DO_FCALL_SPEC_CONST_HANDLER(_zend_execute_data * execute_data) Line 2321C
 php5_debug.dll!execute_ex(_zend_execute_data * execute_data) Line 356C
 php5_debug.dll!zend_execute(_zend_op_array * op_array) Line 381C
 php5_debug.dll!zend_eval_stringl(char * str, int str_len, _zval_struct * retval_ptr, char * string_name) Line 1181C
 php5_debug.dll!zend_eval_stringl_ex(char * str, int str_len, _zval_struct * retval_ptr, char * string_name, int handle_exceptions) Line 1228C
 php5_debug.dll!zend_eval_string_ex(char * str, _zval_struct * retval_ptr, char * string_name, int handle_exceptions) Line 1239C
 php.exe!do_cli(int argc, char * * argv) Line 1028C
 php.exe!main(int argc, char * * argv) Line 1364C
 php.exe!__tmainCRTStartup() Line 536C
 php.exe!mainCRTStartup() Line 377C
 kernel32.dll!@BaseThreadInitThunk@12()Unknown
 ntdll.dll!___RtlUserThreadStart@8()Unknown
 ntdll.dll!__RtlUserThreadStart@8()Unknown


Test script:
---------------
ext/date/tests/009_win32.phpt 

or this snippet

var_dump(strftime('%a %A %b %B %c %d %H %I %j %m %M %p %S %U %W %w %x %X %y %Y %Z %z %%', mktime(0,0,0, 6, 27, 2013)));

Expected result:
----------------
no crash

Actual result:
--------------
PHP crash

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-03-06 09:29 UTC] ab@php.net
vc9/o+ can be ignored. The cause of this issue a bug in vc11 crt. Here is the ticket from the MS knowledge base http://connect.microsoft.com/VisualStudio/feedback/details/759720/vs2012-strftime-crash-with-z-formatting-code
The crash is caused only by %z and %Z formats. Here are two simple snippets

strftime(str_repeat('%z', 10000), mktime(0,0,0, 6, 27, 2013)); /* crash */
strftime(str_repeat('%B', 10000), mktime(0,0,0, 6, 27, 2013)); /* bool(false) */
 [2013-03-06 11:39 UTC] ab@php.net
-Status: Open +Status: Closed
 [2013-03-06 11:39 UTC] ab@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=371000a877c91cfc11ff3c75ce83826797478569
Log: Fixed bug #64359 strftime crash with VS2012
 [2013-11-17 09:31 UTC] laruence@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=371000a877c91cfc11ff3c75ce83826797478569
Log: Fixed bug #64359 strftime crash with VS2012
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Fri Apr 18 18:01:58 2014 UTC