php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #69115 crash in mail
Submitted: 2015-02-24 16:08 UTC Modified: 2015-03-02 14:35 UTC
From: mberchtold at gmail dot com Assigned:
Status: Closed Package: Reproducible crash
PHP Version: master-Git-2015-02-24 (snap) OS: Windows Server 2012 R2
Private report: No CVE-ID: None
 [2015-02-24 16:08 UTC] mberchtold at gmail dot com
Description:
------------
crash in mail()

The mail is sent but then process crashes

Faulting application name: php-cgi.exe, version: 7.0.0.0, time stamp: 0x54e4c52a
Faulting module name: php7.dll, version: 7.0.0.0, time stamp: 0x54e4c592
Exception code: 0xc0000005
Fault offset: 0x000776fe
Faulting process id: 0x2030
Faulting application start time: 0x01d0504a957ac408
Faulting application path: C:\php\php-cgi.exe
Faulting module path: C:\php\php7.dll

Test script:
---------------
$message = "Line 1\r\nLine 2\r\nLine 3";
mail('caffeinated@example.com', 'My Subject', $message);


Expected result:
----------------
no crash

Actual result:
--------------
crash

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-02-24 18:14 UTC] requinix@php.net
-Status: Open +Status: Feedback
 [2015-02-24 18:14 UTC] requinix@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.


 [2015-02-24 18:21 UTC] mberchtold at gmail dot com
-Status: Feedback +Status: Open
 [2015-02-24 18:21 UTC] mberchtold at gmail dot com
You can reproduce the problem with the provided sample script. A backtrace is not necessary to fix the problem.
 [2015-02-26 20:10 UTC] aharvey@php.net
Looks Windows-only; I can't reproduce this on OS X or Linux. (Not a huge shock, given how much code is platform specific in mail()).

Also, we don't ask for backtraces for the hell of it: they genuinely are useful for crash bugs, because behaviour often varies significantly between different systems. You don't have to provide one, but not doing so diminishes the chances that someone will investigate your bug.
 [2015-02-26 20:41 UTC] mberchtold at gmail dot com
Yes it only happens on Windows. From what I looks (from my previous pull requests) it seems that the mail function has not been tested on Windows yet.
 [2015-02-27 09:48 UTC] ab@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=30830bcefd080cf58231aa195418a4223497ea91
Log: Fixed bug #69115 crash in mail
 [2015-02-27 09:48 UTC] ab@php.net
-Status: Open +Status: Closed
 [2015-03-02 14:34 UTC] mberchtold at gmail dot com
The pdb are matching in today's x86 snapshot and I was able to reproduce the crash with x86. The result is a more meaning stack trace:

 	php7.dll!_emalloc(unsigned int size) Line 2200	C
>	php7.dll!lex_scan(_zval_struct * zendlval) Line 1919	C
 	php7.dll!zendlex(_zend_parser_stack_elem * elem) Line 1382	C
 	php7.dll!zendparse() Line 4341	C
 	php7.dll!compile_file(_zend_file_handle * file_handle, int type) Line 592	C
 	php7.dll!phar_compile_file(_zend_file_handle * file_handle, int type) Line 3311	C
 	php_opcache.dll!compile_and_cache_file(_zend_file_handle * file_handle, int type, char * key, unsigned int key_length, _zend_op_array * * op_array_p, int * from_shared_memory) Line 1392	C
 	php_opcache.dll!persistent_compile_file(_zend_file_handle * file_handle, int type) Line 1611	C
 	php7.dll!compile_filename(int type, _zval_struct * filename) Line 640	C
 	php7.dll!ZEND_INCLUDE_OR_EVAL_SPEC_CV_HANDLER(_zend_execute_data * execute_data) Line 24729	C
 	php7.dll!execute_ex(_zend_execute_data * execute_data) Line 352	C
 	php7.dll!zend_call_function(_zend_fcall_info * fci, _zend_fcall_info_cache * fci_cache) Line 847	C
 	php7.dll!zend_call_method(_zval_struct * object, _zend_class_entry * obj_ce, _zend_function * * fn_proxy, const char * function_name, unsigned int function_name_len, _zval_struct * retval_ptr, int param_count, _zval_struct * arg1, _zval_struct * arg2) Line 101	C
 	php7.dll!zif_spl_autoload_call(_zend_execute_data * execute_data, _zval_struct * return_value) Line 426	C
 	php7.dll!zend_call_function(_zend_fcall_info * fci, _zend_fcall_info_cache * fci_cache) Line 866	C
 	php7.dll!zend_lookup_class_ex(_zend_string * name, const _zval_struct * key, int use_autoload) Line 1029	C
 	php7.dll!zend_fetch_class_by_name(_zend_string * class_name, const _zval_struct * key, int fetch_type) Line 1343	C
 	php7.dll!ZEND_NEW_SPEC_CONST_HANDLER(_zend_execute_data * execute_data) Line 2881	C
 	php7.dll!execute_ex(_zend_execute_data * execute_data) Line 352	C
 	php7.dll!zend_call_function(_zend_fcall_info * fci, _zend_fcall_info_cache * fci_cache) Line 847	C
 	php7.dll!zif_call_user_func(_zend_execute_data * execute_data, _zval_struct * return_value) Line 4725	C
 	php7.dll!ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER(_zend_execute_data * execute_data) Line 649	C
 	php7.dll!execute_ex(_zend_execute_data * execute_data) Line 352	C
 	php7.dll!zend_call_function(_zend_fcall_info * fci, _zend_fcall_info_cache * fci_cache) Line 847	C
 	php7.dll!zif_call_user_func(_zend_execute_data * execute_data, _zval_struct * return_value) Line 4725	C
 	php7.dll!ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER(_zend_execute_data * execute_data) Line 649	C
 	php7.dll!execute_ex(_zend_execute_data * execute_data) Line 352	C
 	php7.dll!zend_execute(_zend_op_array * op_array, _zval_struct * return_value) Line 381	C
 	php7.dll!zend_execute_scripts(int type, _zval_struct * retval, int file_count, ...) Line 1310	C
 	php7.dll!php_execute_script(_zend_file_handle * primary_file) Line 2527	C
 	php-cgi.exe!main(int argc, char * * argv) Line 2439	C
 	php-cgi.exe!__tmainCRTStartup() Line 536	C
 	kernel32.dll!@BaseThreadInitThunk@12()	Unknown
 	ntdll.dll!__RtlUserThreadStart()	Unknown
 	ntdll.dll!__RtlUserThreadStart@8()	Unknown

I have sent the dump by email as well.
 [2015-03-02 14:35 UTC] mberchtold at gmail dot com
Please disregard the last comment. It should have posted to another bug id.
 [2016-07-20 11:39 UTC] davey@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=30830bcefd080cf58231aa195418a4223497ea91
Log: Fixed bug #69115 crash in mail
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Mon Jan 27 19:01:24 2020 UTC