php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74923 Crash when crawling through network share
Submitted: 2017-07-14 08:23 UTC Modified: 2017-07-14 19:12 UTC
From: martin dot keckeis1 at gmail dot com Assigned: ab
Status: Closed Package: Filesystem function related
PHP Version: 7.1.7 OS: Windows Server 2012 R2
Private report: No CVE-ID:
 [2017-07-14 08:23 UTC] martin dot keckeis1 at gmail dot com
Description:
------------
My filesystem crawler can crawl through millions of documents on WIN7, but on Server 2012 R2 it crashes on too long paths/files (>260 chars).

If the files would be skipped, it wouldn't be that hard problem. But the script crashes (see actual result), so i cannot continue script execution.

From the documentation:
> In the Windows API (with some exceptions discussed in the following paragraphs), the maximum length for a path is MAX_PATH, which is defined as 260 characters.
> The "\\?\" prefix can also be used with paths constructed according to the universal naming convention (UNC). To specify such a path using UNC, use the "\\?\UNC\" prefix.
https://msdn.microsoft.com/en-us/library/windows/desktop/aa365247(v=vs.85).aspx


I tried now that kind of path, but PHP does not support that, so i'm having no possibility to fix in on the server (or i'm not seeing how i can do it).



Test script:
---------------
$recIterIter = new \RecursiveDirectoryIterator($this->getPath(), \RecursiveDirectoryIterator::SKIP_DOTS);
$iterator = new \RecursiveIteratorIterator($recIterIter);

try {
    foreach ($iterator as $path => $file) {
        /* @var $file \SplFileInfo */
        
        var_dump($file->getPathname());
    }
} catch (\UnexpectedValueException $ex) {}

Expected result:
----------------
no crash - at least throw an exception

maybe support the \\?\UNC notation

Actual result:
--------------
Problem signature:
  Problem Event Name:	APPCRASH
  Application Name:	php.exe
  Application Version:	7.1.7.0
  Application Timestamp:	595e6adf
  Fault Module Name:	StackHash_c66e
  Fault Module Version:	6.3.9600.18233
  Fault Module Timestamp:	56bb4ebb
  Exception Code:	c0000374
  Exception Offset:	PCH_A1_FROM_ntdll+0x0000000000090C6A
  OS Version:	6.3.9600.2.0.0.400.8
  Locale ID:	5127
  Additional Information 1:	c66e
  Additional Information 2:	c66eb003ccb0f321719ea11a2dfd28cb
  Additional Information 3:	985f
  Additional Information 4:	985ffcf5786fa614c8c9d97a270df159

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-07-14 08:49 UTC] ab@php.net
-Status: Open +Status: Feedback
 [2017-07-14 08:49 UTC] ab@php.net
Thanks for the report. Would it be possible you to post a backtrace or to provide a crash dump? Also, what is the exact PHP package name, in particular is it a thread safe build?

Regarding the length - no, the limitation of the path length in 7.1 is 2048 bytes. The specification also tells nothing specific https://msdn.microsoft.com/en-us/library/gg465305.aspx , but the APIs are known to have a limitation of 32k bytes in most cases. Further investigation is needed on this anyway. Direct support of such prefixes is not on the plan ATM.

Thanks.
 [2017-07-14 09:24 UTC] martin dot keckeis1 at gmail dot com
-Status: Feedback +Status: Open
 [2017-07-14 09:24 UTC] martin dot keckeis1 at gmail dot com
So here we go. The dump and generated *.txt file

Download dump from here
www.transfernow.net/522ei1c8jlab

Loading control script D:\wap\php\DebugDiag\Scripts\CrashRule_Process_php.exe.vbs
DumpPath set to D:\wap\php\DebugDiag\Logs\Crash rule for all instances of php.exe
[14.07.2017 11:11:39]
  Process created. BaseModule - D:\wap\php\7.1-x64-VC14-NTS\php.exe. BaseThread - System ID: 10916
  C:\Windows\SYSTEM32\ntdll.dll loaded at 0x212b0000
  Thread created. New thread - System ID: 7824
  C:\Windows\system32\KERNEL32.DLL loaded at 0x20960000
  C:\Windows\system32\KERNELBASE.dll loaded at 0x1e4b0000
  D:\wap\php\7.1-x64-VC14-NTS\php7.dll loaded at 0xfdaf0000
  C:\Windows\system32\WS2_32.dll loaded at 0x20de0000
  C:\Windows\system32\SHELL32.dll loaded at 0x1e940000
  C:\Windows\SYSTEM32\VCRUNTIME140.dll loaded at 0x1b440000
  C:\Windows\SYSTEM32\api-ms-win-crt-runtime-l1-1-0.dll loaded at 0x1c910000
  C:\Windows\SYSTEM32\api-ms-win-crt-stdio-l1-1-0.dll loaded at 0x1c8f0000
  C:\Windows\SYSTEM32\api-ms-win-crt-heap-l1-1-0.dll loaded at 0x1b430000
  C:\Windows\SYSTEM32\api-ms-win-crt-string-l1-1-0.dll loaded at 0x1b420000
  C:\Windows\SYSTEM32\api-ms-win-crt-environment-l1-1-0.dll loaded at 0x1a8e0000
  C:\Windows\SYSTEM32\api-ms-win-crt-time-l1-1-0.dll loaded at 0x19db0000
  C:\Windows\SYSTEM32\api-ms-win-crt-utility-l1-1-0.dll loaded at 0x19240000
  C:\Windows\SYSTEM32\api-ms-win-crt-convert-l1-1-0.dll loaded at 0x190f0000
  C:\Windows\SYSTEM32\api-ms-win-crt-math-l1-1-0.dll loaded at 0x18510000
  C:\Windows\SYSTEM32\api-ms-win-crt-locale-l1-1-0.dll loaded at 0x18500000
  C:\Windows\system32\ADVAPI32.dll loaded at 0x211e0000
  C:\Windows\system32\ole32.dll loaded at 0x20780000
  C:\Windows\system32\USER32.dll loaded at 0x201b0000
  C:\Windows\SYSTEM32\DNSAPI.dll loaded at 0x1da20000
  C:\Windows\system32\PSAPI.DLL loaded at 0x20eb0000
  C:\Windows\SYSTEM32\api-ms-win-crt-filesystem-l1-1-0.dll loaded at 0x17ed0000
  C:\Windows\system32\NSI.dll loaded at 0x20aa0000
  C:\Windows\system32\RPCRT4.dll loaded at 0x20390000
  C:\Windows\system32\msvcrt.dll loaded at 0x20b80000
  C:\Windows\SYSTEM32\combase.dll loaded at 0x1ff30000
  C:\Windows\system32\SHLWAPI.dll loaded at 0x20e50000
  C:\Windows\system32\GDI32.dll loaded at 0x21090000
  C:\Windows\SYSTEM32\sechost.dll loaded at 0x20150000
  C:\Windows\system32\SspiCli.dll loaded at 0x1e8c0000
  C:\Windows\SYSTEM32\ucrtbase.DLL loaded at 0x11c30000
  C:\Windows\SYSTEM32\CRYPTBASE.DLL loaded at 0x1e250000
  C:\Windows\SYSTEM32\bcryptPrimitives.dll loaded at 0x1e1e0000
  C:\Windows\system32\IMM32.DLL loaded at 0x20920000
  C:\Windows\system32\MSCTF.dll loaded at 0x20ec0000
  D:\wap\php\7.1-x64-VC14-NTS\ext\php_curl.dll loaded at 0x11bb0000
  D:\wap\php\7.1-x64-VC14-NTS\libssh2.dll loaded at 0x80000000
  D:\wap\php\7.1-x64-VC14-NTS\nghttp2.dll loaded at 0x15270000
  D:\wap\php\7.1-x64-VC14-NTS\LIBEAY32.dll loaded at 0x116b0000
[14.07.2017 11:11:40]
  D:\wap\php\7.1-x64-VC14-NTS\SSLEAY32.dll loaded at 0x11d60000
  C:\Windows\system32\WLDAP32.dll loaded at 0x20330000
  C:\Windows\system32\Normaliz.dll loaded at 0x20e40000
  C:\Windows\system32\CRYPT32.dll loaded at 0x1e6e0000
  C:\Windows\SYSTEM32\api-ms-win-crt-conio-l1-1-0.dll loaded at 0x17ec0000
  C:\Windows\system32\MSASN1.dll loaded at 0x1e490000
  D:\wap\php\7.1-x64-VC14-NTS\ext\php_fileinfo.dll loaded at 0x012f0000
  D:\wap\php\7.1-x64-VC14-NTS\ext\php_gettext.dll loaded at 0x166b0000
  D:\wap\php\7.1-x64-VC14-NTS\ext\php_intl.dll loaded at 0x11630000
  D:\wap\php\7.1-x64-VC14-NTS\icuuc57.dll loaded at 0x74750000
  D:\wap\php\7.1-x64-VC14-NTS\icuin57.dll loaded at 0x74550000
  D:\wap\php\7.1-x64-VC14-NTS\icuio57.dll loaded at 0x74530000
  C:\Windows\SYSTEM32\MSVCP140.dll loaded at 0x11590000
  D:\wap\php\7.1-x64-VC14-NTS\icudt57.dll loaded at 0x71850000
  C:\Windows\SYSTEM32\api-ms-win-crt-multibyte-l1-1-0.dll loaded at 0x17b70000
  D:\wap\php\7.1-x64-VC14-NTS\ext\php_ldap.dll loaded at 0x13c60000
  D:\wap\php\7.1-x64-VC14-NTS\libsasl.dll loaded at 0x157d0000
  D:\wap\php\7.1-x64-VC14-NTS\ext\php_mbstring.dll loaded at 0x11190000
  D:\wap\php\7.1-x64-VC14-NTS\ext\php_exif.dll loaded at 0x138e0000
  D:\wap\php\7.1-x64-VC14-NTS\ext\php_pdo_mysql.dll loaded at 0x16420000
  C:\Windows\SYSTEM32\secur32.dll loaded at 0x18c60000
  C:\Windows\system32\mswsock.dll loaded at 0x1dc20000
  C:\Windows\SYSTEM32\shcore.dll loaded at 0x1cac0000
  C:\Windows\SYSTEM32\kernel.appcore.dll loaded at 0x1d0b0000
  C:\Windows\System32\rasadhlp.dll loaded at 0x19c40000
  C:\Windows\SYSTEM32\IPHLPAPI.DLL loaded at 0x1c2e0000
  C:\Windows\SYSTEM32\WINNSI.DLL loaded at 0x1b710000
  C:\Windows\System32\fwpuclnt.dll loaded at 0x1b690000
  Thread created. New thread - System ID: 4728
  Initializing control script
  Clearing any existing breakpoints
  
  Current Breakpoint List(BL)
  Thread exited. Exiting thread - System ID: 4728. Exit code - 0x00000000
[14.07.2017 11:11:56]
  Exception 0X80000003 on thread 10916. DetailID = 1
  Exception 0XC0000374 on thread 10916. DetailID = 2
[14.07.2017 11:12:00]
  Second chance exception - 0XC0000374 caused by thread with System ID: 10916 DetailID = 3
  Thread exited. Exiting thread - System ID: 7824. Exit code - 0xffffffff
  Process exited. Exit code - 0xffffffff

***********************
*  EXCEPTION DETAILS  *
***********************

DetailID = 1
	Count:    1
	Exception #:  0X80000003
	Stack:        
		ntdll!RtlpNtMakeTemporaryKey+0x17f
		ntdll!RtlpNtMakeTemporaryKey+0x3402
		ntdll!RtlpNtMakeTemporaryKey+0x4000
		ntdll!RtlFreeHeap+0x1b0f
		ntdll!RtlFreeHeap+0x368
		ucrtbase!free+0x1b
		php7!php_sys_stat_ex+0x36bc5e [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend_virtual_cwd.c @ 295]
		php7!_php_stream_stat_path+0x37752c [c:\php-sdk\php71\vc14\x64\php-7.1.7\main\streams\streams.c @ 1935]
		php7!php_stat+0x10b [c:\php-sdk\php71\vc14\x64\php-7.1.7\ext\standard\filestat.c @ 819]
		php7!zim_spl_RecursiveDirectoryIterator_hasChildren+0x10a [c:\php-sdk\php71\vc14\x64\php-7.1.7\ext\spl\spl_directory.c @ 1478]
		php7!zend_call_function+0x212 [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend_execute_api.c @ 873]
		php7!zend_call_method+0xf5 [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend_interfaces.c @ 99]
		php7!spl_recursive_it_move_forward_ex+0x427 [c:\php-sdk\php71\vc14\x64\php-7.1.7\ext\spl\spl_iterators.c @ 277]
		php7!ZEND_FE_FETCH_R_SPEC_VAR_HANDLER+0x1a7 [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend_vm_execute.h @ 16850]
		php7!execute_ex+0x72 [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend_vm_execute.h @ 432]
		php7!zend_execute+0x159 [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend_vm_execute.h @ 475]
		php7!zend_execute_scripts+0x119 [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend.c @ 1477]
		php7!php_execute_script+0x424 [c:\php-sdk\php71\vc14\x64\php-7.1.7\main\main.c @ 2537]
		php!do_cli+0x7dd [c:\php-sdk\php71\vc14\x64\php-7.1.7\sapi\cli\php_cli.c @ 994]
		php!main+0x439 [c:\php-sdk\php71\vc14\x64\php-7.1.7\sapi\cli\php_cli.c @ 1381]
		php!__scrt_common_main_seh+0x11d [f:\dd\vctools\crt\vcstartup\src\startup\exe_common.inl @ 253]
		KERNEL32!BaseThreadInitThunk+0x22
		ntdll!RtlUserThreadStart+0x34


DetailID = 2
	Count:    1
	Exception #:  0XC0000374
	Stack:        
		ntdll!RtlpNtMakeTemporaryKey+0x1c0
		ntdll!RtlpNtMakeTemporaryKey+0x3402
		ntdll!RtlpNtMakeTemporaryKey+0x4000
		ntdll!RtlFreeHeap+0x1b0f
		ntdll!RtlFreeHeap+0x368
		ucrtbase!free+0x1b
		php7!php_sys_stat_ex+0x36bc5e [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend_virtual_cwd.c @ 295]
		php7!_php_stream_stat_path+0x37752c [c:\php-sdk\php71\vc14\x64\php-7.1.7\main\streams\streams.c @ 1935]
		php7!php_stat+0x10b [c:\php-sdk\php71\vc14\x64\php-7.1.7\ext\standard\filestat.c @ 819]
		php7!zim_spl_RecursiveDirectoryIterator_hasChildren+0x10a [c:\php-sdk\php71\vc14\x64\php-7.1.7\ext\spl\spl_directory.c @ 1478]
		php7!zend_call_function+0x212 [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend_execute_api.c @ 873]
		php7!zend_call_method+0xf5 [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend_interfaces.c @ 99]
		php7!spl_recursive_it_move_forward_ex+0x427 [c:\php-sdk\php71\vc14\x64\php-7.1.7\ext\spl\spl_iterators.c @ 277]
		php7!ZEND_FE_FETCH_R_SPEC_VAR_HANDLER+0x1a7 [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend_vm_execute.h @ 16850]
		php7!execute_ex+0x72 [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend_vm_execute.h @ 432]
		php7!zend_execute+0x159 [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend_vm_execute.h @ 475]
		php7!zend_execute_scripts+0x119 [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend.c @ 1477]
		php7!php_execute_script+0x424 [c:\php-sdk\php71\vc14\x64\php-7.1.7\main\main.c @ 2537]
		php!do_cli+0x7dd [c:\php-sdk\php71\vc14\x64\php-7.1.7\sapi\cli\php_cli.c @ 994]
		php!main+0x439 [c:\php-sdk\php71\vc14\x64\php-7.1.7\sapi\cli\php_cli.c @ 1381]
		php!__scrt_common_main_seh+0x11d [f:\dd\vctools\crt\vcstartup\src\startup\exe_common.inl @ 253]
		KERNEL32!BaseThreadInitThunk+0x22
		ntdll!RtlUserThreadStart+0x34


DetailID = 3
	Count:    1
	Exception #:  0XC0000374
	Stack:        
		ntdll!RtlpNtMakeTemporaryKey+0x1c0
		ntdll!RtlpNtMakeTemporaryKey+0x3402
		ntdll!RtlpNtMakeTemporaryKey+0x4000
		ntdll!RtlFreeHeap+0x1b0f
		ntdll!RtlFreeHeap+0x368
		ucrtbase!free+0x1b
		php7!php_sys_stat_ex+0x36bc5e [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend_virtual_cwd.c @ 295]
		php7!_php_stream_stat_path+0x37752c [c:\php-sdk\php71\vc14\x64\php-7.1.7\main\streams\streams.c @ 1935]
		php7!php_stat+0x10b [c:\php-sdk\php71\vc14\x64\php-7.1.7\ext\standard\filestat.c @ 819]
		php7!zim_spl_RecursiveDirectoryIterator_hasChildren+0x10a [c:\php-sdk\php71\vc14\x64\php-7.1.7\ext\spl\spl_directory.c @ 1478]
		php7!zend_call_function+0x212 [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend_execute_api.c @ 873]
		php7!zend_call_method+0xf5 [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend_interfaces.c @ 99]
		php7!spl_recursive_it_move_forward_ex+0x427 [c:\php-sdk\php71\vc14\x64\php-7.1.7\ext\spl\spl_iterators.c @ 277]
		php7!ZEND_FE_FETCH_R_SPEC_VAR_HANDLER+0x1a7 [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend_vm_execute.h @ 16850]
		php7!execute_ex+0x72 [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend_vm_execute.h @ 432]
		php7!zend_execute+0x159 [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend_vm_execute.h @ 475]
		php7!zend_execute_scripts+0x119 [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend.c @ 1477]
		php7!php_execute_script+0x424 [c:\php-sdk\php71\vc14\x64\php-7.1.7\main\main.c @ 2537]
		php!do_cli+0x7dd [c:\php-sdk\php71\vc14\x64\php-7.1.7\sapi\cli\php_cli.c @ 994]
		php!main+0x439 [c:\php-sdk\php71\vc14\x64\php-7.1.7\sapi\cli\php_cli.c @ 1381]
		php!invoke_main+0x22 [f:\dd\vctools\crt\vcstartup\src\startup\exe_common.inl @ 64]
		php!__scrt_common_main_seh+0x11d [f:\dd\vctools\crt\vcstartup\src\startup\exe_common.inl @ 253]
		KERNEL32!BaseThreadInitThunk+0x22
		ntdll!RtlUserThreadStart+0x34





***********************
*  EXCEPTION SUMMARY  *
***********************

	|--------------------|
	| Count | Exception  |
	|--------------------|
	| 2     | 0XC0000374 |
	| 1     | 0X80000003 |
	|--------------------|

Debugging Overhead Cost:
	Total Elapsed Ticks = 20891 (100%)
	Total Ticks Spent in Debugger Engine = 4015 (19%)
	Total Ticks Spent in Crash Rule Script = 173 (1%)
 [2017-07-14 11:26 UTC] ab@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=5d15fdc4a4db22552105e8275b6d3ef417219d66
Log: Fixed bug #74923 Crash when crawling through network share
 [2017-07-14 11:26 UTC] ab@php.net
-Status: Open +Status: Closed
 [2017-07-14 11:31 UTC] ab@php.net
-Status: Closed +Status: Feedback
 [2017-07-14 11:31 UTC] ab@php.net
I've pushed a fix to this. Basically waiting for AppVeyor yet. A snap can be tested stating with 5d15fdc4a4db22552105e8275b6d3ef417219d66, or if you can compile yourself - even better.

Thanks.
 [2017-07-14 12:33 UTC] martin dot keckeis1 at gmail dot com
http://windows.php.net/downloads/snaps/php-7.1/r5d15fdc/php-7.1-nts-windows-vc14-x64-r5d15fdc.zip

Seems to work really well so far! If i don't comment again - it's fixed.

Really nice, such a fast response and fix.

Keep up the great work \o/
 [2017-07-14 19:12 UTC] ab@php.net
-Status: Feedback +Status: Closed -Assigned To: +Assigned To: ab
 [2017-07-14 19:12 UTC] ab@php.net
Many thanks, a good reproducer and tests is also of a great help!
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sat Aug 19 14:01:35 2017 UTC