PHP :: Bug #68001 :: php crashes with enabled php

Bug #68001	php crashes with enabled php_snmp.dll
Submitted:	2014-09-10 17:50 UTC	Modified:	2014-10-04 12:27 UTC
From:	xbolshe at mail dot ru	Assigned:
Status:	Not a bug	Package:	SNMP related
PHP Version:	5.6.0	OS:	Windows 2008 R2
Private report:	No	CVE-ID:	None

View Developer Edit

[2014-09-10 17:50 UTC] xbolshe at mail dot ru

Description:
------------
http://windows.php.net/downloads/releases/php-5.6.0-Win32-VC11-x86.zip
PHP crashes with enabled php_snmp.dll with or without lauched Apache HTTPD (command like php -version).

Faulting application name: php.exe, version: 5.6.0.0, time stamp: 0x53fe29da
Faulting module name: php_snmp.dll, version: 5.6.0.0, time stamp: 0x53fe2c15
Exception code: 0xc0000409
Fault offset: 0x00042085
Faulting process id: 0xa70
Faulting application start time: 0x01cfcd1d08a2994b
Faulting application path: d:\php\php.exe
Faulting module path: d:\php\ext\php_snmp.dll
Report Id: 46884532-3910-11e4-8a3c-a0481cb82cc1

c0000409 means STATUS_ACCESS_VIOLATION.

Probably need to check /GS option of VC11 compiler.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2014-09-10 18:53 UTC] xbolshe at mail dot ru

Microsoft (R) Windows Debugger Version 6.3.9600.17200 X86
Copyright (c) Microsoft Corporation. All rights reserved.

CommandLine: D:\php\php.exe
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path.           *
* Use .symfix to have the debugger choose a symbol path.                   *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is: 
ModLoad: 000d0000 000e4000   php.exe 
ModLoad: 77c60000 77de0000   ntdll.dll
ModLoad: 770a0000 771b0000   C:\Windows\syswow64\kernel32.dll
ModLoad: 77810000 77857000   C:\Windows\syswow64\KERNELBASE.dll
ModLoad: 651a0000 65804000   D:\php\php5ts.dll
ModLoad: 769e0000 76a80000   C:\Windows\syswow64\ADVAPI32.dll
ModLoad: 771b0000 7725c000   C:\Windows\syswow64\msvcrt.dll
ModLoad: 77260000 77279000   C:\Windows\SysWOW64\sechost.dll
ModLoad: 76c80000 76d70000   C:\Windows\syswow64\RPCRT4.dll
ModLoad: 75650000 756b0000   C:\Windows\syswow64\SspiCli.dll
ModLoad: 75640000 7564c000   C:\Windows\syswow64\CRYPTBASE.dll
ModLoad: 77060000 77095000   C:\Windows\syswow64\WS2_32.dll
ModLoad: 75bd0000 75bd6000   C:\Windows\syswow64\NSI.dll
ModLoad: 66310000 6639c000   C:\Windows\SysWOW64\ODBC32.dll
ModLoad: 774e0000 775e0000   C:\Windows\syswow64\USER32.dll
ModLoad: 75a10000 75aa0000   C:\Windows\syswow64\GDI32.dll
ModLoad: 77c30000 77c3a000   C:\Windows\syswow64\LPK.dll
ModLoad: 76920000 769bd000   C:\Windows\syswow64\USP10.dll
ModLoad: 758b0000 75a0c000   C:\Windows\syswow64\ole32.dll
ModLoad: 751f0000 75234000   C:\Windows\SysWOW64\DNSAPI.dll
ModLoad: 650c0000 65196000   C:\Windows\SysWOW64\MSVCR110.dll
(450.25c): Break instruction exception - code 80000003 (first chance)
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntdll.dll - 
eax=00000000 ebx=00000000 ecx=afb60000 edx=001be028 esi=fffffffe edi=00000000
eip=77d0103b esp=00b5f4c0 ebp=00b5f4ec iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
ntdll!LdrVerifyImageMatchesChecksum+0x96c:
77d0103b cc              int     3







0:000> !analyze -v
*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************


FAULTING_IP: 
ntdll!LdrpDoDebuggerBreak+2c
77d0103b cc              int     3

EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 77d0103b (ntdll!LdrpDoDebuggerBreak+0x0000002c)
   ExceptionCode: 80000003 (Break instruction exception)
  ExceptionFlags: 00000000
NumberParameters: 1
   Parameter[0]: 00000000

CONTEXT:  00000000 -- (.cxr 0x0;r)
eax=00000000 ebx=00000000 ecx=afb60000 edx=001be028 esi=fffffffe edi=00000000
eip=77d0103b esp=00b5f4c0 ebp=00b5f4ec iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
ntdll!LdrpDoDebuggerBreak+0x2c:
77d0103b cc              int     3

FAULTING_THREAD:  0000025c

PROCESS_NAME:  php.exe

ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION}  Breakpoint  A breakpoint has been reached.

EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid

EXCEPTION_PARAMETER1:  00000000

NTGLOBALFLAG:  70

APPLICATION_VERIFIER_FLAGS:  0

APP:  php.exe

ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) x86fre

ADDITIONAL_DEBUG_TEXT:  Followup set based on attribute [OsBuildNumber] from Frame:[ffffffff] on thread:[PSEUDO_THREAD] ; Followup set based on attribute [Is_ChosenCrashFollowupThread] from Frame:[0] on thread:[PSEUDO_THREAD]

LAST_CONTROL_TRANSFER:  from 77ce13d3 to 77d0103b

BUGCHECK_STR:  APPLICATION_FAULT_LOADER_INIT_FAILURE_80000003

PRIMARY_PROBLEM_CLASS:  LOADER_INIT_FAILURE_80000003

DEFAULT_BUCKET_ID:  LOADER_INIT_FAILURE_80000003

STACK_TEXT:  
00000000 00000000 php.exe!Unknown+0x0


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  php.exe!Unknown

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: php

IMAGE_NAME:  php.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  53fe29da

STACK_COMMAND:  dt ntdll!LdrpLastDllInitializer BaseDllName ; dt ntdll!LdrpFailureData ; ** Pseudo Context ** ; kb

FAILURE_BUCKET_ID:  LOADER_INIT_FAILURE_80000003_80000003_php.exe!Unknown

BUCKET_ID:  APPLICATION_FAULT_LOADER_INIT_FAILURE_80000003_php.exe!Unknown

ANALYSIS_SOURCE:  UM

FAILURE_ID_HASH_STRING:  um:loader_init_failure_80000003_80000003_php.exe!unknown

FAILURE_ID_HASH:  {67b205bf-3cd0-c31b-c123-f975196730a5}

Followup: MachineOwner
---------

[2014-09-11 05:23 UTC] xbolshe at mail dot ru

See a picture: http://i57.tinypic.com/2mmef5j.png
As shown on the picture int 3 CPU command is executed as a reason of stack buffer overrun and cause an exception shown previously. It seems that stack buffer size is not enough. 

A possible reason of this problem may be usage of char strings with fixed size which are overrun. I guess need to to check buffers in /php-src/ext/snmp/snmp.c

[2014-09-12 19:20 UTC] xbolshe at mail dot ru

I have found a point of crash: when php.exe(php_snmp.dll) searches for c:\usr\snmp\persist\mib_indexes\ and finds two files with names "0" and "1", it crashes. After deleting of these files "0" and "1" the problem is disappeared.

[2014-09-12 21:14 UTC] xbolshe at mail dot ru

I have repeated the problem with my build of PHP.
The PHP crash is performed here:

File: php-src\ext\snmp\snmp.c 

PHP_MINIT_FUNCTION(snmp)
{
	netsnmp_log_handler *logh;
	zend_class_entry ce, cex;

	le_snmp_session = zend_register_list_destructors_ex(php_snmp_session_destructor, NULL, PHP_SNMP_SESSION_RES_NAME, module_number);
	init_snmp("snmpapp");       <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< HERE

[2014-09-12 22:11 UTC] johannes@php.net

-Status: Open +Status: Feedback

[2014-09-12 22:11 UTC] johannes@php.net

This is an issue in net-snmp outside our control. Please report at http://sourceforge.net/p/net-snmp/

[2014-09-12 23:20 UTC] xbolshe at mail dot ru

Partially agree with you. 

1. Crashing of PHP may be fixed. A SEH handler installation for "init_snmp("snmpapp");" with writing a PHP log about trouble with Net-SNMP and possible ways to fix like re-installation of Net-SNMP, removing MIB indexes will make PHP more user friendly.

2. The main reason of my trouble was that one MIB index file was filled with zeros (!). And there was no check for zeros in Net-SNMP! I have fixed Net-SNMP, and now there is no problem with PHP crashing. I will try to report about.

[2014-10-04 12:27 UTC] lytboris@php.net

-Status: Feedback +Status: Not a bug

[2014-10-04 12:27 UTC] lytboris@php.net

This is a really bad idea to wrap some external library calls with crash-preventing/recovering techniques.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sun May 04 07:01:30 2025 UTC