php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #73706 Wordpress crash with PHP7 Implode()
Submitted: 2016-12-09 23:04 UTC Modified: 2017-03-29 12:29 UTC
From: oldbucsfan at hotmail dot com Assigned: ab (profile)
Status: Closed Package: Apache2 related
PHP Version: 7.0.14 OS: Windows Server 2012 R2
Private report: No CVE-ID: None
 [2016-12-09 23:04 UTC] oldbucsfan at hotmail dot com
Description:
------------
Continuously hitting my Wordpress 4.7 website using abs.exe (or just random access) causes Apache 2.4.23 to crash with the following message:

AH00428: Parent: child process 15452 exited with status 4294967295 -- Restarting.

I have disabled all but php_mysqli and I still get the error. Tried disabling all Apache modules that I could, same problem. This problem was likely present in earlier versions of Wordpress. This error does not occur with PHP 5.6.29.

Backtrace suggests the problem may be related to implode().



Actual result:
--------------
I have run a backtrace and got this:
***********************
*  EXCEPTION DETAILS  *
***********************

DetailID = 1
	Count:    1
	Exception #:  0X80000003
	Stack:        
		ntdll!RtlpNtMakeTemporaryKey+0x17f
		ntdll!RtlpNtMakeTemporaryKey+0x3402
		ntdll!RtlpNtMakeTemporaryKey+0x4000
		ntdll!memset+0x15f2f
		ucrtbase!free+0x1b
		php7ts!php_implode+0x275 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\ext\standard\string.c @ 1242]
		php7ts!zif_implode+0x11a [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\ext\standard\string.c @ 1305]
		php7ts!ZEND_DO_ICALL_SPEC_HANDLER+0x84 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_vm_execute.h @ 595]
		php7ts!execute_ex+0x44 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_vm_execute.h @ 417]
		php7ts!zend_call_function+0x3816ed [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_execute_api.c @ 859]
		php7ts!zend_call_method+0x152 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_interfaces.c @ 105]
		php7ts!zend_std_read_dimension+0x2bb [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_object_handlers.c @ 752]
		php7ts!ZEND_FETCH_DIM_R_SPEC_CV_CONST_HANDLER+0x380ed9 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_vm_execute.h @ 31505]
		php7ts!execute_ex+0x44 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_vm_execute.h @ 417]
		php7ts!zend_call_function+0x3816ed [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_execute_api.c @ 859]
		php7ts!zend_call_method+0x152 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_interfaces.c @ 105]
		php7ts!zend_std_read_dimension+0x2bb [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_object_handlers.c @ 752]
		php7ts!ZEND_FETCH_DIM_R_SPEC_CV_CONST_HANDLER+0x380ed9 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_vm_execute.h @ 31505]
		php7ts!execute_ex+0x44 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_vm_execute.h @ 417]
		php7ts!zend_call_function+0x3816ed [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_execute_api.c @ 859]
		php7ts!zend_call_method+0x152 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_interfaces.c @ 105]
		php7ts!zend_std_read_dimension+0x2bb [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_object_handlers.c @ 752]
		php7ts!ZEND_FETCH_DIM_R_SPEC_CV_CONST_HANDLER+0x380ed9 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_vm_execute.h @ 31505]
		php7ts!execute_ex+0x44 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_vm_execute.h @ 417]
		php7ts!zend_execute+0x1f7 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_vm_execute.h @ 459]
		php7ts!zend_execute_scripts+0x13e [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend.c @ 1438]
		php7ts!php_execute_script+0x4a8 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\main\main.c @ 2494]
		php7apache2_4!php_handler+0x59e [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\sapi\apache2handler\sapi_apache2.c @ 679]
		libhttpd!ap_run_handler+0x35
		libhttpd!ap_invoke_handler+0x110
		libhttpd!ap_internal_redirect_handler+0x29a
		libhttpd!ap_process_request+0x17
		libhttpd!ap_byterange_filter+0x1533
		libhttpd!ap_run_process_connection+0x35
		libhttpd!ap_run_generate_log_id+0x3f24
		KERNEL32!BaseThreadInitThunk+0x22
		ntdll!RtlUserThreadStart+0x34


DetailID = 2
	Count:    1
	Exception #:  0XC0000374
	Stack:        
		ntdll!RtlpNtMakeTemporaryKey+0x1c0
		ntdll!RtlpNtMakeTemporaryKey+0x3402
		ntdll!RtlpNtMakeTemporaryKey+0x4000
		ntdll!memset+0x15f2f
		ucrtbase!free+0x1b
		php7ts!php_implode+0x275 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\ext\standard\string.c @ 1242]
		php7ts!zif_implode+0x11a [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\ext\standard\string.c @ 1305]
		php7ts!ZEND_DO_ICALL_SPEC_HANDLER+0x84 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_vm_execute.h @ 595]
		php7ts!execute_ex+0x44 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_vm_execute.h @ 417]
		php7ts!zend_call_function+0x3816ed [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_execute_api.c @ 859]
		php7ts!zend_call_method+0x152 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_interfaces.c @ 105]
		php7ts!zend_std_read_dimension+0x2bb [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_object_handlers.c @ 752]
		php7ts!ZEND_FETCH_DIM_R_SPEC_CV_CONST_HANDLER+0x380ed9 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_vm_execute.h @ 31505]
		php7ts!execute_ex+0x44 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_vm_execute.h @ 417]
		php7ts!zend_call_function+0x3816ed [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_execute_api.c @ 859]
		php7ts!zend_call_method+0x152 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_interfaces.c @ 105]
		php7ts!zend_std_read_dimension+0x2bb [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_object_handlers.c @ 752]
		php7ts!ZEND_FETCH_DIM_R_SPEC_CV_CONST_HANDLER+0x380ed9 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_vm_execute.h @ 31505]
		php7ts!execute_ex+0x44 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_vm_execute.h @ 417]
		php7ts!zend_call_function+0x3816ed [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_execute_api.c @ 859]
		php7ts!zend_call_method+0x152 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_interfaces.c @ 105]
		php7ts!zend_std_read_dimension+0x2bb [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_object_handlers.c @ 752]
		php7ts!ZEND_FETCH_DIM_R_SPEC_CV_CONST_HANDLER+0x380ed9 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_vm_execute.h @ 31505]
		php7ts!execute_ex+0x44 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_vm_execute.h @ 417]
		php7ts!zend_execute+0x1f7 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_vm_execute.h @ 459]
		php7ts!zend_execute_scripts+0x13e [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend.c @ 1438]
		php7ts!php_execute_script+0x4a8 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\main\main.c @ 2494]
		php7apache2_4!php_handler+0x59e [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\sapi\apache2handler\sapi_apache2.c @ 679]
		libhttpd!ap_run_handler+0x35
		libhttpd!ap_invoke_handler+0x110
		libhttpd!ap_internal_redirect_handler+0x29a
		libhttpd!ap_process_request+0x17
		libhttpd!ap_byterange_filter+0x1533
		libhttpd!ap_run_process_connection+0x35
		libhttpd!ap_run_generate_log_id+0x3f24
		KERNEL32!BaseThreadInitThunk+0x22
		ntdll!RtlUserThreadStart+0x34


DetailID = 3
	Count:    1
	Exception #:  0XC0000374
	Stack:        
		ntdll!RtlpNtMakeTemporaryKey+0x1c0
		ntdll!RtlpNtMakeTemporaryKey+0x3402
		ntdll!RtlpNtMakeTemporaryKey+0x4000
		ntdll!memset+0x15f2f
		ucrtbase!free+0x1b
		php7ts!zend_string_release+0x1f [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_string.h @ 271]
		php7ts!php_implode+0x275 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\ext\standard\string.c @ 1242]
		php7ts!zif_implode+0x11a [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\ext\standard\string.c @ 1305]
		php7ts!ZEND_DO_ICALL_SPEC_HANDLER+0x84 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_vm_execute.h @ 595]
		php7ts!execute_ex+0x44 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_vm_execute.h @ 417]
		php7ts!zend_call_function+0x3816ed [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_execute_api.c @ 859]
		php7ts!zend_call_method+0x152 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_interfaces.c @ 105]
		php7ts!zend_std_read_dimension+0x2bb [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_object_handlers.c @ 752]
		php7ts!ZEND_FETCH_DIM_R_SPEC_CV_CONST_HANDLER+0x380ed9 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_vm_execute.h @ 31505]
		php7ts!execute_ex+0x44 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_vm_execute.h @ 417]
		php7ts!zend_call_function+0x3816ed [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_execute_api.c @ 859]
		php7ts!zend_call_method+0x152 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_interfaces.c @ 105]
		php7ts!zend_std_read_dimension+0x2bb [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_object_handlers.c @ 752]
		php7ts!ZEND_FETCH_DIM_R_SPEC_CV_CONST_HANDLER+0x380ed9 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_vm_execute.h @ 31505]
		php7ts!execute_ex+0x44 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_vm_execute.h @ 417]
		php7ts!zend_call_function+0x3816ed [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_execute_api.c @ 859]
		php7ts!zend_call_method+0x152 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_interfaces.c @ 105]
		php7ts!zend_std_read_dimension+0x2bb [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_object_handlers.c @ 752]
		php7ts!ZEND_FETCH_DIM_R_SPEC_CV_CONST_HANDLER+0x380ed9 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_vm_execute.h @ 31505]
		php7ts!execute_ex+0x44 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_vm_execute.h @ 417]
		php7ts!zend_execute+0x1f7 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend_vm_execute.h @ 459]
		php7ts!zend_execute_scripts+0x13e [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\zend\zend.c @ 1438]
		php7ts!php_execute_script+0x4a8 [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\main\main.c @ 2494]
		php7apache2_4!php_handler+0x59e [c:\php-sdk\php70dev\vc14\x64\php-7.0.14-ts\sapi\apache2handler\sapi_apache2.c @ 679]
		libhttpd!ap_run_handler+0x35
		libhttpd!ap_invoke_handler+0x110
		libhttpd!ap_internal_redirect_handler+0x29a
		libhttpd!ap_process_request+0x17
		libhttpd!ap_byterange_filter+0x1533
		libhttpd!ap_run_process_connection+0x35
		libhttpd!ap_run_generate_log_id+0x3f24
		KERNEL32!BaseThreadInitThunk+0x22
		ntdll!RtlUserThreadStart+0x34





***********************
*  EXCEPTION SUMMARY  *
***********************

	|--------------------|
	| Count | Exception  |
	|--------------------|
	| 2     | 0XC0000374 |
	| 1     | 0X80000003 |
	|--------------------|

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-12-09 23:35 UTC] requinix@php.net
This may be a duplicate of the other bug. Commenting for linkage: bug #72359.
 [2017-01-12 16:57 UTC] oldbucsfan at hotmail dot com
Probably related to bug 72451
https://bugs.php.net/bug.php?id=72451
 [2017-03-29 12:15 UTC] ab@php.net
-Status: Open +Status: Feedback
 [2017-03-29 12:15 UTC] ab@php.net
Please try using this snapshot:

  http://snaps.php.net/php-trunk-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/

Please check master snapshots.
 [2017-03-29 12:29 UTC] ab@php.net
-Status: Feedback +Status: Closed -Assigned To: +Assigned To: ab
 [2017-03-29 12:29 UTC] ab@php.net
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

Can be actually closed.
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC