php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #69528 MBString making Apache crash
Submitted: 2015-04-24 18:58 UTC Modified: 2016-08-28 04:22 UTC
Votes:3
Avg. Score:3.7 ± 0.9
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:2 (100.0%)
From: jfha73 at gmail dot com Assigned: cmb (profile)
Status: No Feedback Package: mbstring related
PHP Version: 5.6.10 OS: Windows
Private report: No CVE-ID: None
View Developer Edit
 [2015-04-24 18:58 UTC] jfha73 at gmail dot com 
Description:
------------
Apache restarts when a WebApp is using this extension, this is what Event Viewer says:

Faulting application name: httpd.exe, version: 2.4.9.0, time stamp: 0x53258cd5
Faulting module name: php_mbstring.dll, version: 5.6.7.0, time stamp: 0x550b4e16
Exception code: 0xc0000005
Fault offset: 0x0000000000003e7b
Faulting process id: 0x2078
Faulting application start time: 0x01d07ebfa76914f9
Faulting application path: D:\Apache24\bin\httpd.exe
Faulting module path: D:\PHP\ext\php_mbstring.dll
Report Id: ef5dda18-eab2-11e4-afe1-00155d003b04

Test script:
---------------
OSTicket

Expected result:
----------------
Not make Apache crash.

Actual result:
--------------
Apache crashes.

Patches

vhosts (last revision 2015-04-29 13:26 UTC by jfha73 at gmail dot com)
httpd (last revision 2015-04-29 13:25 UTC by jfha73 at gmail dot com)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-04-24 19:03 UTC] jfha73 at gmail dot com 
Previous text was for PHP 5.6.7 x64, this is for PHP 5.6.8 x64

Faulting module name: php_mbstring.dll, version: 5.6.8.0, time stamp: 0x552ee59b
 [2015-04-24 20:13 UTC] jfha73 at gmail dot com 
I just tried updating Apache but I'm still getting this:

Faulting application name: httpd.exe, version: 2.4.12.0, time stamp: 0x54c8e2ca
Faulting module name: php_mbstring.dll, version: 5.6.8.0, time stamp: 0x552ee59b
Exception code: 0xc0000005
Fault offset: 0x0000000000003e7b
Faulting process id: 0x15b8
Faulting application start time: 0x01d07ecabe2e5163
Faulting application path: D:\Apache24\bin\httpd.exe
Faulting module path: D:\PHP\ext\php_mbstring.dll
Report Id: 229e1ab7-eabe-11e4-afe1-00155d003b04
 [2015-04-27 13:01 UTC] jfha73 at gmail dot com 
More info:

This only happens when Apache has multiple vhosts configured, I tried to replicate it on my machine and it did not happen, but on the server where it's going to permanently be that has 7 vhosts it does.
 [2015-04-27 20:46 UTC] yohgaki@php.net 
Could you provide short reproducible script?
 [2015-04-27 20:50 UTC] jfha73 at gmail dot com 
It is making crash using OSticket, so download osticket from www.osticket.com, install it and see if it does the same.

BUT REMEMBER: Apache on Windows needs to have multiple vhosts, it doesn't happen on my PC with no vhosts.

Thanks
 [2015-04-29 09:30 UTC] ab@php.net
-Status: Open +Status: Feedback
 [2015-04-29 09:30 UTC] ab@php.net 
Jorge, if there's an exact Apache config, maybe you could provide one? Or sort of. With the http://osticket.com/download - which exact version do you use (also suppose the opensource one)?

Thanks.
 [2015-04-29 13:27 UTC] jfha73 at gmail dot com
-Status: Feedback +Status: Open
 [2015-04-29 13:27 UTC] jfha73 at gmail dot com 
I just added my httpd.conf and httpd-vhosts.conf so you can check it out, only domain has been changed.
 [2015-04-30 14:21 UTC] jfha73 at gmail dot com 
I forgot to include that I downloaded the open source version of osTicket version 1.9.7
 [2015-05-04 06:52 UTC] ab@php.net
-Status: Open +Status: Feedback
 [2015-05-04 06:52 UTC] ab@php.net 
Installed osTicket and here's the backtrace I've got

....................................
 	php5ts_debug.dll!match(const unsigned char * eptr, const unsigned char * ecode, const unsigned char * mstart, int offset_top, match_data * md, eptrblock * eptrb, unsigned int rdepth) Line 2061	C
 	php5ts_debug.dll!match(const unsigned char * eptr, const unsigned char * ecode, const unsigned char * mstart, int offset_top, match_data * md, eptrblock * eptrb, unsigned int rdepth) Line 2061	C
 	php5ts_debug.dll!match(const unsigned char * eptr, const unsigned char * ecode, const unsigned char * mstart, int offset_top, match_data * md, eptrblock * eptrb, unsigned int rdepth) Line 1878	C
 	php5ts_debug.dll!match(const unsigned char * eptr, const unsigned char * ecode, const unsigned char * mstart, int offset_top, match_data * md, eptrblock * eptrb, unsigned int rdepth) Line 1541	C
 	php5ts_debug.dll!php_pcre_exec(const real_pcre * argument_re, const pcre_extra * extra_data, const char * subject, int length, int start_offset, int options, int * offsets, int offsetcount) Line 6935	C
 	php5ts_debug.dll!php_pcre_split_impl(pcre_cache_entry * pce, char * subject, int subject_len, _zval_struct * return_value, long limit_val, long flags, void * * * tsrm_ls) Line 1580	C
 	php5ts_debug.dll!zif_preg_split(int ht, _zval_struct * return_value, _zval_struct * * return_value_ptr, _zval_struct * this_ptr, int return_value_used, void * * * tsrm_ls) Line 1515	C
 	php5ts_debug.dll!zend_do_fcall_common_helper_SPEC(_zend_execute_data * execute_data, void * * * tsrm_ls) Line 559	C
 	php5ts_debug.dll!ZEND_DO_FCALL_SPEC_CONST_HANDLER(_zend_execute_data * execute_data, void * * * tsrm_ls) Line 2600	C
 	php5ts_debug.dll!execute_ex(_zend_execute_data * execute_data, void * * * tsrm_ls) Line 363	C
 	php5ts_debug.dll!zend_execute(_zend_op_array * op_array, void * * * tsrm_ls) Line 389	C
 	php5ts_debug.dll!zend_execute_scripts(int type, void * * * tsrm_ls, _zval_struct * * retval, int file_count, ...) Line 1342	C
 	php5ts_debug.dll!php_execute_script(_zend_file_handle * primary_file, void * * * tsrm_ls) Line 2597	C
 	php5apache2_4.dll!00007ff84cab66d0()	Unknown

The exception happens already when installing and is a stack overflow in PCRE. This is a usual thing with PCRE when too much recursion is caused. I don't think there's something to do about this right now, maybe trying to upgrade to PCRE 8.37 . But I guess it's a good thing anyway anyway to file a ticket for osTicket :) ... the arguments for the preg_split call are:

regex "/;(?=(?:[^']*'[^']*')*[^']*$)/"
subject "\nDROP TABLE IF EXISTS `ost_api_key`;\nCREATE TABLE `ost_api_key` (\n  `id` int(10) unsigned NOT NULL auto_increment,\n  `isactive` tinyint(1) NOT NULL default '1',\n  `ipaddr` varchar(64) NOT NULL,\n  `api... 

subject length happens to be of 31305 bytes

limit -1
flags 0

There could be also an mbstring issue as you say, but ATM i don't come through to it.

What you could also try is increasing the stack size for your Apache binary, then lets see further.

Thanks.
 [2015-05-05 17:28 UTC] jfha73 at gmail dot com
-Status: Feedback +Status: Open
 [2015-05-05 17:28 UTC] jfha73 at gmail dot com 
I doubled the ThreadStackSize to 131072 and it still crashed, it worked a little better though.

I opened a ticket with osTicket, they also asked me to add this to the directory where osTicket was installed and nothing.

php_admin_value mbstring.func_overload 0
 [2015-05-05 17:29 UTC] jfha73 at gmail dot com 
By the way, this is the ticket with osTicket.

https://github.com/osTicket/osTicket-1.8/issues/2008
 [2015-05-22 13:58 UTC] jfha73 at gmail dot com
-PHP Version: 5.6.8 +PHP Version: 5.6.9
 [2015-05-22 13:58 UTC] jfha73 at gmail dot com 
Hey guys,

Is this an OsTicket problem or MBString extension?

They just release a new version of the ticket system and it still made my apache crash with the same php_mbstring.dll error.

Thanks.
 [2015-06-12 19:31 UTC] jfha73 at gmail dot com
-PHP Version: 5.6.9 +PHP Version: 5.6.10
 [2015-06-12 19:31 UTC] jfha73 at gmail dot com 
This is still happening with 5.6.10 and I have tried everything you and OsTicket told me, what else can I do?.

Faulting application name: httpd.exe, version: 2.4.12.0, time stamp: 0x54c8e2ca
Faulting module name: php_mbstring.dll, version: 5.6.10.0, time stamp: 0x5578c5c1
Exception code: 0xc0000005
Fault offset: 0x0000000000003e7b
Faulting process id: 0xdf4
Faulting application start time: 0x01d0a545fad6c6d5
Faulting application path: D:\Apache24\bin\httpd.exe
Faulting module path: D:\PHP\ext\php_mbstring.dll
Report Id: 67edacb0-1139-11e5-baf4-00155d003b04

Thanks
 [2015-06-23 19:18 UTC] jfha73 at gmail dot com 
Hey guys,

What do you think of the answer one of the OsTicket developer gave me:

======
Apache is crashing because of a flaw or incompatibility of the mbstring extension for PHP which is outside the development of a PHP application...
======

I don't know what to say about that.

Thanks.
 [2016-08-20 15:38 UTC] cmb@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb
 [2016-08-20 15:38 UTC] cmb@php.net 
> The exception happens already when installing and is a stack
> overflow in PCRE. This is a usual thing with PCRE when too much
> recursion is caused. I don't think there's something to do about
> this right now, […]

AIUI, decreasing the values of pcre.backtrack_limit and/or
pcre.recursion_limit should at least prevent the segfault (and
might deliver an appropriate error message).

> There could be also an mbstring issue as you say, but ATM i
> don't come through to it.

Is it possible that OSTicket uses PCRE or MBString depending on
the language/character encoding? If so, the issue is most likely
not a bug in PHP.
 [2016-08-28 04:22 UTC] php-bugs at lists dot php dot net 
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Nov 30 07:01:28 2024 UTC