PHP :: Bug #67952 :: strncasecmp() crashes on CLI sapi NTS builds with Opcache

Bug #67952	strncasecmp() crashes on CLI sapi NTS builds with Opcache
Submitted:	2014-09-02 21:32 UTC	Modified:	2014-09-19 19:55 UTC
From:	mattficken@php.net	Assigned:	dmitry (profile)
Status:	Closed	Package:	Reproducible crash
PHP Version:	master-Git-2014-09-02 (snap)	OS:	Windows
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2014-09-02 21:32 UTC] mattficken@php.net

Description:
------------
PHPTs using strncasecmp() (in ext/standard/tests/string) crash NTS builds when CLI SAPI is used. Builtin_web, Apache or TS builds are not affected.

Initially found by automated test run on rb9514bb, still repros on latest r5138f3b snapshot.

This is after the phpng and AST merges, but initially, before the new memory manager merge. Maybe its a phpng bug?

Crashes in 3 places. See BTs below.

Test script:
---------------
Run the strncasecmp*phpt PHPTs from ext/standard/tests/string. Not a stress test. Repros every time I run it.

Expected result:
----------------
Test pass

Actual result:
--------------
050be7f8 6f01d509 php7!_zend_mm_free_int+0x11c [c:\php-sdk\snap_master\vc11\x86\nts-windows-vc11-x86\zend\zend_alloc.c @ 2116]
050be804 6f0d651c php7!_efree+0x19 [c:\php-sdk\snap_master\vc11\x86\nts-windows-vc11-x86\zend\zend_alloc.c @ 2451]
050be810 6f048677 php7!_zval_dtor_func_for_ptr+0x3c [c:\php-sdk\snap_master\vc11\x86\nts-windows-vc11-x86\zend\zend_variables.c @ 97]
050be840 6f041960 php7!ZEND_DO_FCALL_SPEC_HANDLER+0x287 [c:\php-sdk\snap_master\vc11\x86\nts-windows-vc11-x86\zend\zend_vm_execute.h @ 600]
050be848 6f041932 php7!execute_ex+0x20 [c:\php-sdk\snap_master\vc11\x86\nts-windows-vc11-x86\zend\zend_vm_execute.h @ 354]
050be86c 6f012aea php7!zend_execute+0x272 [c:\php-sdk\snap_master\vc11\x86\nts-windows-vc11-x86\zend\zend_vm_execute.h @ 383]
050be8c0 6f0df05e php7!zend_execute_scripts+0xaa [c:\php-sdk\snap_master\vc11\x86\nts-windows-vc11-x86\zend\zend.c @ 1319]
*** WARNING: Unable to verify checksum for C:\php-sdk\php-master-nts-windows-vc11-x86-rb9514bb\php.exe
050bfad0 00ff2314 php7!php_execute_script+0x1de [c:\php-sdk\snap_master\vc11\x86\nts-windows-vc11-x86\main\main.c @ 2567]
050bfd90 00ff2ec8 php!do_cli+0x874 [c:\php-sdk\snap_master\vc11\x86\nts-windows-vc11-x86\sapi\cli\php_cli.c @ 981]
050bfe28 00ffab3c php!main+0x488 [c:\php-sdk\snap_master\vc11\x86\nts-windows-vc11-x86\sapi\cli\php_cli.c @ 1358]
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\Windows\syswow64\kernel32.dll - 
050bfe68 76bf3677 php!__tmainCRTStartup+0xfd [f:\dd\vctools\crt_bld\self_x86\crt\src\crtexe.c @ 536]
WARNING: Stack unwind information not available. Following frames may be wrong.
050bfe74 775e9d72 kernel32!BaseThreadInitThunk+0x12
050bfeb4 775e9d45 ntdll!RtlInitializeExceptionChain+0x63
050bfecc 00000000 ntdll!RtlInitializeExceptionChain+0x36


050fe818 6f01d509 php7!_zend_mm_free_int+0x283 [c:\php-sdk\snap_master\vc11\x86\nts-windows-vc11-x86\zend\zend_alloc.c @ 2121]
050fe824 6f0d651c php7!_efree+0x19 [c:\php-sdk\snap_master\vc11\x86\nts-windows-vc11-x86\zend\zend_alloc.c @ 2451]
050fe830 6f048677 php7!_zval_dtor_func_for_ptr+0x3c [c:\php-sdk\snap_master\vc11\x86\nts-windows-vc11-x86\zend\zend_variables.c @ 97]
050fe860 6f041960 php7!ZEND_DO_FCALL_SPEC_HANDLER+0x287 [c:\php-sdk\snap_master\vc11\x86\nts-windows-vc11-x86\zend\zend_vm_execute.h @ 600]
050fe868 6f041932 php7!execute_ex+0x20 [c:\php-sdk\snap_master\vc11\x86\nts-windows-vc11-x86\zend\zend_vm_execute.h @ 354]
050fe88c 6f012aea php7!zend_execute+0x272 [c:\php-sdk\snap_master\vc11\x86\nts-windows-vc11-x86\zend\zend_vm_execute.h @ 383]
050fe8e0 6f0df05e php7!zend_execute_scripts+0xaa [c:\php-sdk\snap_master\vc11\x86\nts-windows-vc11-x86\zend\zend.c @ 1319]
*** WARNING: Unable to verify checksum for C:\php-sdk\php-master-nts-windows-vc11-x86-rb9514bb\php.exe
050ffae8 00ff2314 php7!php_execute_script+0x1de [c:\php-sdk\snap_master\vc11\x86\nts-windows-vc11-x86\main\main.c @ 2567]
050ffda8 00ff2ec8 php!do_cli+0x874 [c:\php-sdk\snap_master\vc11\x86\nts-windows-vc11-x86\sapi\cli\php_cli.c @ 981]
050ffe40 00ffab3c php!main+0x488 [c:\php-sdk\snap_master\vc11\x86\nts-windows-vc11-x86\sapi\cli\php_cli.c @ 1358]
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\Windows\syswow64\kernel32.dll - 
050ffe80 76bf3677 php!__tmainCRTStartup+0xfd [f:\dd\vctools\crt_bld\self_x86\crt\src\crtexe.c @ 536]
WARNING: Stack unwind information not available. Following frames may be wrong.
050ffe8c 775e9d72 kernel32!BaseThreadInitThunk+0x12
050ffecc 775e9d45 ntdll!RtlInitializeExceptionChain+0x63
050ffee4 00000000 ntdll!RtlInitializeExceptionChain+0x36



0508f82c 6f015649 php7!zend_hash_del+0x78 [c:\php-sdk\snap_master\vc11\x86\nts-windows-vc11-x86\zend\zend_hash.c @ 697]
0508f858 6f0144c1 php7!zend_unregister_functions+0x79 [c:\php-sdk\snap_master\vc11\x86\nts-windows-vc11-x86\zend\zend_api.c @ 2461]
0508f86c 6f0132dd php7!module_destructor+0x81 [c:\php-sdk\snap_master\vc11\x86\nts-windows-vc11-x86\zend\zend_api.c @ 2536]
0508f878 6f0a67b1 php7!module_destructor_zval+0xd [c:\php-sdk\snap_master\vc11\x86\nts-windows-vc11-x86\zend\zend.c @ 613]
0508f8a4 6f015ca2 php7!zend_hash_graceful_reverse_destroy+0x151 [c:\php-sdk\snap_master\vc11\x86\nts-windows-vc11-x86\zend\zend_hash.c @ 990]
0508f8b4 6f0114b5 php7!zend_destroy_modules+0x22 [c:\php-sdk\snap_master\vc11\x86\nts-windows-vc11-x86\zend\zend_api.c @ 2026]
0508f8c0 6f0dec23 php7!zend_shutdown+0x15 [c:\php-sdk\snap_master\vc11\x86\nts-windows-vc11-x86\zend\zend.c @ 819]
*** WARNING: Unable to verify checksum for C:\php-sdk\php-master-nts-windows-vc11-x86-rb9514bb\php.exe
0508f8c4 00ff2f1e php7!php_module_shutdown+0x23 [c:\php-sdk\snap_master\vc11\x86\nts-windows-vc11-x86\main\main.c @ 2449]
0508f954 00ffab3c php!main+0x4de [c:\php-sdk\snap_master\vc11\x86\nts-windows-vc11-x86\sapi\cli\php_cli.c @ 1375]
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\Windows\syswow64\kernel32.dll - 
0508f994 76bf3677 php!__tmainCRTStartup+0xfd [f:\dd\vctools\crt_bld\self_x86\crt\src\crtexe.c @ 536]
WARNING: Stack unwind information not available. Following frames may be wrong.
0508f9a0 775e9d72 kernel32!BaseThreadInitThunk+0x12
0508f9e0 775e9d45 ntdll!RtlInitializeExceptionChain+0x63
0508f9f8 00000000 ntdll!RtlInitializeExceptionChain+0x36

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2014-09-02 21:35 UTC] mattficken@php.net

Opcache must be enabled to repro the crashes. It does not crash without opcache.

[2014-09-02 21:39 UTC] mattficken@php.net

-Summary: strncasecmp() crashes on CLI sapi NTS builds +Summary: strncasecmp() crashes on CLI sapi NTS builds with Opcache

[2014-09-03 18:26 UTC] mattficken@php.net

I'm using VC CRT:
VC11 x86 11.0.51106

Also has these CRTs installed:
VC10 x86 10.0.40219
VC9 x86 9.0.21022

This only repros on NTS builds with CLI sapi with Opcache enabled. It repros for me every time I run the ext/standard/tests/string/*strncasecmp* PHPTs.

TS builds, builtin web SAPI or Opcache disabled and it doesn't repro. I haven't tried IIS/FastCGI.

And, I'm doing this on Windows VMs. I haven't tried on bare-metal, but that shouldn't matter (memory should act the same).

[2014-09-03 18:30 UTC] mattficken@php.net

Opcache specific directives (pretty standard/recommended values):

opcache.enable=1
opcache.enable_cli=1
opcache.enable_file_override=1
opcache.fast_shutdown=1
opcache.force_restart_timeout=180
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=4000
opcache.memory_consumption=128
opcache.revalidate_freq=60
opcache.save_comments=0

The entire INI I used (basically the same standard INI included with PHP):

auto_append_file=
auto_prepend_file=
disable_defs=Off
display_errors=On
display_startup_errors=Off
docref_ext=.html
docref_root=
error_append_string=
error_prepend_string=
error_reporting=-1
extension=php_bz2.dll
extension=php_com_dotnet.dll
extension=php_curl.dll
extension=php_enchant.dll
extension=php_fileinfo.dll
extension=php_gd2.dll
extension=php_gettext.dll
extension=php_gmp.dll
extension=php_intl.dll
extension=php_imap.dll
extension=php_ldap.dll
extension=php_mbstring.dll
extension=php_exif.dll
extension=php_mysql.dll
extension=php_mysqli.dll
extension=php_openssl.dll
extension=php_pdo_mysql.dll
extension=php_pdo_pgsql.dll
extension=php_pdo_sqlite.dll
extension=php_pdo_odbc.dll
extension=php_pgsql.dll
extension=php_shmop.dll
extension=php_soap.dll
extension=php_sockets.dll
extension=php_sqlite3.dll
extension=php_tidy.dll
extension=php_xmlrpc.dll
extension=php_xsl.dll
extension_dir=C:\php-sdk\php-master-nts-windows-vc11-x86-rb9514bb\ext
html_errors=Off
ignore_repeated_errors=Off
log_errors=On
magic_quotes_runtime=Off
max_execution_time=60
opcache.enable=1
opcache.enable_cli=1
opcache.enable_file_override=1
opcache.fast_shutdown=1
opcache.force_restart_timeout=180
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=4000
opcache.memory_consumption=128
opcache.revalidate_freq=60
opcache.save_comments=0
open_basedir=
output_buffering=On
output_handler=
precision=14
report_memleaks=On
report_zend_debug=Off
safe_mode=0
session.auto_start=Off
sys_temp_dir=C:\php-sdk\temp\
track_errors=On
unicode.from_error_mode=U_INVALID_SUBSTITUTE
unicode.output_encoding=UTF-8
unicode.runtime_encoding=ISO-8859-1
unicode.script_encoding=UTF-8
zend_extension=C:\php-sdk\php-master-nts-windows-vc11-x86-rb9514bb\ext\php_opcache.dll

[2014-09-04 09:36 UTC] dmitry@php.net

-Status: Open +Status: Assigned -Assigned To: +Assigned To: dmitry

[2014-09-19 19:55 UTC] mattficken@php.net

-Status: Assigned +Status: Closed

[2014-09-19 19:55 UTC] mattficken@php.net

The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

No longer reproducable (fixed by a recent revision, probably unintentional but its fixed)

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue May 07 07:01:32 2024 UTC