php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #69183 Access violation in php7.dll!_emalloc
Submitted: 2015-03-04 13:13 UTC Modified: 2019-01-30 19:11 UTC
From: mberchtold at gmail dot com Assigned:
Status: Closed Package: opcache
PHP Version: master-Git-2015-03-04 (snap) OS: Windows Server 2012 R2
Private report: No CVE-ID: None
 [2015-03-04 13:13 UTC] mberchtold at gmail dot com
Description:
------------
stack trace:
>	php7.dll!_emalloc(unsigned int size) Line 2200	C
 	php7.dll!concat_function(_zval_struct * result, _zval_struct * op1, _zval_struct * op2) Line 1582	C
 	php7.dll!zend_eval_const_expr(_zend_ast * * ast_ptr) Line 6687	C
 	php7.dll!zend_try_ct_eval_array(_zval_struct * result, _zend_ast * ast) Line 5315	C
 	php7.dll!zend_eval_const_expr(_zend_ast * * ast_ptr) Line 6711	C
 	php7.dll!zend_try_ct_eval_array(_zval_struct * result, _zend_ast * ast) Line 5315	C
 	php7.dll!zend_eval_const_expr(_zend_ast * * ast_ptr) Line 6711	C
 	php7.dll!zend_try_ct_eval_array(_zval_struct * result, _zend_ast * ast) Line 5315	C
 	php7.dll!zend_eval_const_expr(_zend_ast * * ast_ptr) Line 6711	C
 	php7.dll!zend_try_ct_eval_array(_zval_struct * result, _zend_ast * ast) Line 5315	C
 	php7.dll!zend_compile_array(_znode * result, _zend_ast * ast) Line 5891	C
 	php7.dll!zend_llist_apply_with_argument(_zend_llist * l, void (void *, void *) * func, void * arg) Line 236	C
 	php7.dll!execute_ex(_zend_execute_data * execute_data) Line 352	C
 	php7.dll!ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER(_zend_execute_data * execute_data) Line 648	C
 	php7.dll!execute_ex(_zend_execute_data * execute_data) Line 352	C
 	php7.dll!zend_call_function(_zend_fcall_info * fci, _zend_fcall_info_cache * fci_cache) Line 847	C
 	php7.dll!zif_call_user_func(_zend_execute_data * execute_data, _zval_struct * return_value) Line 4729	C
 	php7.dll!ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER(_zend_execute_data * execute_data) Line 648	C
 	php7.dll!execute_ex(_zend_execute_data * execute_data) Line 352	C
 	php7.dll!zend_execute(_zend_op_array * op_array, _zval_struct * return_value) Line 381	C
 	php7.dll!zend_execute_scripts(int type, _zval_struct * retval, int file_count, ...) Line 1310	C
 	php7.dll!php_execute_script(_zend_file_handle * primary_file) Line 2539	C
 	php-cgi.exe!main(int argc, char * * argv) Line 2439	C
 	php-cgi.exe!__tmainCRTStartup() Line 536	C
 	kernel32.dll!@BaseThreadInitThunk@12()	Unknown
 	ntdll.dll!__RtlUserThreadStart()	Unknown
 	ntdll.dll!__RtlUserThreadStart@8()	Unknown

I have sent the full crash dump by email to ab@

Test script:
---------------
n/a

Expected result:
----------------
no crash

Actual result:
--------------
Unhandled exception at 0x749DBFE9 (php7.dll) in php-cgi.exe.7788.dmp: 0xC0000005: Access violation reading location 0x28066000.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-03-04 14:18 UTC] laruence@php.net
-Status: Open +Status: Feedback
 [2015-03-04 14:18 UTC] laruence@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.


 [2015-03-04 14:23 UTC] mberchtold at gmail dot com
-Status: Feedback +Status: Open
 [2015-03-04 14:23 UTC] mberchtold at gmail dot com
I have forwarded the crash dump to you as well.
 [2015-03-04 14:58 UTC] laruence@php.net
sorry, I meant to say, we need a reproduce script.

are you able to get one reproduce script?
 [2015-03-04 15:03 UTC] mberchtold at gmail dot com
Unfortunately no.
 [2015-03-08 15:01 UTC] mberchtold at gmail dot com
I have several new crash dumps from the latest snap:
Revision: r5aebdc9 (March 08 2015, 14:06:45)

All these crashs happen right when the HTTP server is started. Most likely during init/population of the opcache.

I have sent the new crash dumps (including the debug symbols) to ab@ and laruence@
 [2015-03-09 07:41 UTC] ab@php.net
@mrechtold, thanks for the further infos. I'm adding a couple of backtraces here based on your dumps. However looks like we can't come forward without a reproduce case, sadly. Also changing to the opcache issue, by at least 2 backtraces it is.

Thanks.

 	php7.dll!zend_mm_realloc_heap(_zend_mm_heap * heap, void * ptr, unsigned int size, unsigned int copy_size) Line 1561	C
 	php7.dll!_erealloc(void * ptr, unsigned int size) Line 2229	C
>	php7.dll!pass_two(_zend_op_array * op_array) Line 738	C
 	php7.dll!zend_compile_func_decl(_znode * result, _zend_ast * ast) Line 4457	C
 	php7.dll!zend_compile_stmt(_zend_ast * ast) Line 6428	C
 	php7.dll!zend_compile_stmt_list(_zend_ast * ast) Line 3968	C
 	php7.dll!zend_compile_stmt(_zend_ast * ast) Line 6373	C
 	php7.dll!zend_compile_class_decl(_zend_ast * ast) Line 4814	C
 	php7.dll!zend_compile_stmt(_zend_ast * ast) Line 6441	C
 	php7.dll!zend_compile_top_stmt(_zend_ast * ast) Line 6352	C
 	php7.dll!zend_compile_top_stmt(_zend_ast * ast) Line 6345	C
 	php7.dll!compile_file(_zend_file_handle * file_handle, int type) Line 597	C
 	php7.dll!phar_compile_file(_zend_file_handle * file_handle, int type) Line 3312	C
 	php_opcache.dll!compile_and_cache_file(_zend_file_handle * file_handle, int type, char * key, unsigned int key_length, _zend_op_array * * op_array_p, int * from_shared_memory) Line 1418	C
 	php_opcache.dll!persistent_compile_file(_zend_file_handle * file_handle, int type) Line 1635	C
 	php7.dll!compile_filename(int type, _zval_struct * filename) Line 638	C
 	php7.dll!ZEND_INCLUDE_OR_EVAL_SPEC_CV_HANDLER(_zend_execute_data * execute_data) Line 24730	C
 	php7.dll!execute_ex(_zend_execute_data * execute_data) Line 352	C
 	php7.dll!zend_call_function(_zend_fcall_info * fci, _zend_fcall_info_cache * fci_cache) Line 862	C
 	php7.dll!zend_call_method(_zval_struct * object, _zend_class_entry * obj_ce, _zend_function * * fn_proxy, const char * function_name, unsigned int function_name_len, _zval_struct * retval_ptr, int param_count, _zval_struct * arg1, _zval_struct * arg2) Line 101	C
 	php7.dll!zif_spl_autoload_call(_zend_execute_data * execute_data, _zval_struct * return_value) Line 426	C
 	php7.dll!zend_call_function(_zend_fcall_info * fci, _zend_fcall_info_cache * fci_cache) Line 881	C
 	php7.dll!zend_lookup_class_ex(_zend_string * name, const _zval_struct * key, int use_autoload) Line 1044	C
 	php7.dll!zend_fetch_class_by_name(_zend_string * class_name, const _zval_struct * key, int fetch_type) Line 1358	C
 	php7.dll!ZEND_FETCH_CONSTANT_SPEC_CONST_CONST_HANDLER(_zend_execute_data * execute_data) Line 4699	C
 	php7.dll!execute_ex(_zend_execute_data * execute_data) Line 352	C
 	php7.dll!zend_call_function(_zend_fcall_info * fci, _zend_fcall_info_cache * fci_cache) Line 862	C
 	php7.dll!zif_call_user_func(_zend_execute_data * execute_data, _zval_struct * return_value) Line 4735	C
 	php7.dll!ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER(_zend_execute_data * execute_data) Line 648	C
 	php7.dll!execute_ex(_zend_execute_data * execute_data) Line 352	C
 	php7.dll!zend_execute(_zend_op_array * op_array, _zval_struct * return_value) Line 381	C
 	php7.dll!zend_execute_scripts(int type, _zval_struct * retval, int file_count, ...) Line 1311	C
 	php7.dll!php_execute_script(_zend_file_handle * primary_file) Line 2539	C
 	php-cgi.exe!main(int argc, char * * argv) Line 2439	C


>	php7.dll!_emalloc(unsigned int size) Line 2208	C
 	php7.dll!_php_stream_fopen(const char * filename, const char * mode, _zend_string * * opened_path, int options) Line 983	C
 	php7.dll!php_plain_files_stream_opener(_php_stream_wrapper * wrapper, const char * path, const char * mode, int options, _zend_string * * opened_path, _php_stream_context * context) Line 1029	C
 	php7.dll!_php_stream_open_wrapper_ex(const char * path, const char * mode, int options, _zend_string * * opened_path, _php_stream_context * context) Line 2066	C
 	php7.dll!php_stream_open_for_zend_ex(const char * filename, _zend_file_handle * handle, int mode) Line 1392	C
 	php7.dll!php_stream_open_for_zend(const char * filename, _zend_file_handle * handle) Line 1384	C
 	php_opcache.dll!persistent_compile_file(_zend_file_handle * file_handle, int type) Line 1526	C
 	php7.dll!compile_filename(int type, _zval_struct * filename) Line 638	C
 	php7.dll!ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER(_zend_execute_data * execute_data) Line 3166	C
 	php7.dll!execute_ex(_zend_execute_data * execute_data) Line 352	C
 	php7.dll!zend_call_function(_zend_fcall_info * fci, _zend_fcall_info_cache * fci_cache) Line 862	C
 	php7.dll!zif_call_user_func(_zend_execute_data * execute_data, _zval_struct * return_value) Line 4735	C
 	php7.dll!ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER(_zend_execute_data * execute_data) Line 648	C
 	php7.dll!execute_ex(_zend_execute_data * execute_data) Line 352	C
 	php7.dll!zend_call_function(_zend_fcall_info * fci, _zend_fcall_info_cache * fci_cache) Line 862	C
 	php7.dll!zif_call_user_func(_zend_execute_data * execute_data, _zval_struct * return_value) Line 4735	C
 	php7.dll!ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER(_zend_execute_data * execute_data) Line 648	C
 	php7.dll!execute_ex(_zend_execute_data * execute_data) Line 352	C
 	php7.dll!zend_execute(_zend_op_array * op_array, _zval_struct * return_value) Line 381	C
 	php7.dll!zend_execute_scripts(int type, _zval_struct * retval, int file_count, ...) Line 1311	C
 	php7.dll!php_execute_script(_zend_file_handle * primary_file) Line 2539	C
 	php-cgi.exe!main(int argc, char * * argv) Line 2439	C
 	php-cgi.exe!__tmainCRTStartup() Line 536	C


 	php7.dll!_emalloc(unsigned int size) Line 2208	C
 	php7.dll!concat_function(_zval_struct * result, _zval_struct * op1, _zval_struct * op2) Line 1582	C
>	php7.dll!ZEND_CONCAT_SPEC_TMPVAR_CONST_HANDLER(_zend_execute_data * execute_data) Line 34390	C
 	php7.dll!execute_ex(_zend_execute_data * execute_data) Line 352	C
 	php7.dll!zend_execute(_zend_op_array * op_array, _zval_struct * return_value) Line 381	C
 	php7.dll!zend_execute_scripts(int type, _zval_struct * retval, int file_count, ...) Line 1311	C
 	php7.dll!php_execute_script(_zend_file_handle * primary_file) Line 2539	C
 	php-cgi.exe!main(int argc, char * * argv) Line 2439	C
 	php-cgi.exe!__tmainCRTStartup() Line 536	C


 	php_opcache.dll!accel_new_interned_string(_zend_string * str) Line 312	C
 	php_opcache.dll!accel_use_shm_interned_strings() Line 377	C
 	php_opcache.dll!accel_startup(_zend_extension * extension) Line 2301	C
>	php7.dll!zend_extension_startup(_zend_extension * extension) Line 162	C
 	php7.dll!zend_llist_apply_with_del(_zend_llist * l, int (void *) * func) Line 171	C
 	php7.dll!zend_startup_extensions(...) Line 183	C
 	php7.dll!php_module_startup(_sapi_module_struct * sf, _zend_module_entry * additional_modules, unsigned int num_additional_modules) Line 2257	C
 	php-cgi.exe!php_cgi_startup(_sapi_module_struct * sapi_module) Line 907	C
 	php-cgi.exe!main(int argc, char * * argv) Line 1886	C
 	php-cgi.exe!__tmainCRTStartup() Line 536	C
 [2015-03-09 07:42 UTC] ab@php.net
-Package: *General Issues +Package: opcache
 [2015-03-09 18:47 UTC] mberchtold at gmail dot com
I'm keep on getting crashes. I have sent you a new dump but I have no idea to know whether it is related to the crashes.

Unhandled exception at 0x74791FFA (php_opcache.dll) in php-cgi.exe.6112.dmp: 0xC0000005: Access violation reading location 0x0A863B9F.

Stack trace:

>	php_opcache.dll!accel_make_persistent_key(const char * path, int path_length, int * key_len) Line 1054	C
 	php_opcache.dll!persistent_zend_resolve_path(const char * filename, int filename_len) Line 1750	C
 	php7.dll!ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER(_zend_execute_data * execute_data) Line 3132	C
 	php7.dll!execute_ex(_zend_execute_data * execute_data) Line 352	C
 	php7.dll!zend_execute(_zend_op_array * op_array, _zval_struct * return_value) Line 381	C
 	php7.dll!zend_execute_scripts(int type, _zval_struct * retval, int file_count, ...) Line 1311	C
 	php7.dll!php_execute_script(_zend_file_handle * primary_file) Line 2539	C
 	php-cgi.exe!main(int argc, char * * argv) Line 2439	C
 	php-cgi.exe!__tmainCRTStartup() Line 536	C
 	kernel32.dll!@BaseThreadInitThunk@12()	Unknown
 	ntdll.dll!__RtlUserThreadStart()	Unknown
 	ntdll.dll!__RtlUserThreadStart@8()	Unknown
 [2019-01-30 18:59 UTC] q21 at bk dot ru
I have Access violation in php7.dll (PHP 7.3.1) when trying to access MariaDB 10.3.12 - for example with phpMyAdmin. Call stack is:
php7.dll!000007fee44ccb3a()
php7.dll!000007fee4433382()
php7.dll!000007fee4431c9d()
php7.dll!000007fee44b87e7()
php7.dll!000007fee44973bf()
php7.dll!000007fee446d14f()
php_xdebug.dll!000007fef3ad530a()
php7.dll!000007fee446fc5f()
php7.dll!000007fee446d14f()
php_xdebug.dll!000007fef3ad530a()
php7.dll!000007fee446fc5f()
php7.dll!000007fee446d14f()
php_xdebug.dll!000007fef3ad530a()
php7.dll!000007fee446fc5f()
php7.dll!000007fee446d14f()
php_xdebug.dll!000007fef3ad530a()
php7.dll!000007fee446ff7f()
php7.dll!000007fee446d14f()
php_xdebug.dll!000007fef3ad530a()
php7.dll!000007fee446fc5f()
php7.dll!000007fee446d14f()
php_xdebug.dll!000007fef3ad530a()
php7.dll!000007fee446fc5f()
php7.dll!000007fee446d14f()
php_xdebug.dll!000007fef3ad530a()
php7.dll!000007fee447424b()
php7.dll!000007fee446d14f()
php_xdebug.dll!000007fef3ad530a()
php7.dll!000007fee446d094()
php7.dll!000007fee44321d7()
php7.dll!000007fee450992b()
php-cgi.exe!000000013f4a3f20()
php-cgi.exe!000000013f4a9168()
kernel32.dll!0000000076de652d()
ntdll.dll!0000000076f1c541()
 [2019-01-30 19:11 UTC] mberchtold at gmail dot com
-Status: Open +Status: Closed
 [2019-01-30 19:11 UTC] mberchtold at gmail dot com
closed
 [2019-01-30 19:47 UTC] q21 at bk dot ru
My bug seems to disappear after I turned opcache OFF.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 13:01:31 2024 UTC