php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #74923 Crash when crawling through network share
Submitted: 2017-07-14 08:23 UTC Modified: 2017-07-14 19:12 UTC
From: martin dot keckeis1 at gmail dot com Assigned: ab (profile)
Status: Closed Package: Filesystem function related
PHP Version: 7.1.7 OS: Windows Server 2012 R2
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: martin dot keckeis1 at gmail dot com
New email:
PHP Version: OS:

 

 [2017-07-14 08:23 UTC] martin dot keckeis1 at gmail dot com 
Description:
------------
My filesystem crawler can crawl through millions of documents on WIN7, but on Server 2012 R2 it crashes on too long paths/files (>260 chars).

If the files would be skipped, it wouldn't be that hard problem. But the script crashes (see actual result), so i cannot continue script execution.

From the documentation:
> In the Windows API (with some exceptions discussed in the following paragraphs), the maximum length for a path is MAX_PATH, which is defined as 260 characters.
> The "\\?\" prefix can also be used with paths constructed according to the universal naming convention (UNC). To specify such a path using UNC, use the "\\?\UNC\" prefix.
https://msdn.microsoft.com/en-us/library/windows/desktop/aa365247(v=vs.85).aspx


I tried now that kind of path, but PHP does not support that, so i'm having no possibility to fix in on the server (or i'm not seeing how i can do it).



Test script:
---------------
$recIterIter = new \RecursiveDirectoryIterator($this->getPath(), \RecursiveDirectoryIterator::SKIP_DOTS);
$iterator = new \RecursiveIteratorIterator($recIterIter);

try {
    foreach ($iterator as $path => $file) {
        /* @var $file \SplFileInfo */
        
        var_dump($file->getPathname());
    }
} catch (\UnexpectedValueException $ex) {}

Expected result:
----------------
no crash - at least throw an exception

maybe support the \\?\UNC notation

Actual result:
--------------
Problem signature:
  Problem Event Name:	APPCRASH
  Application Name:	php.exe
  Application Version:	7.1.7.0
  Application Timestamp:	595e6adf
  Fault Module Name:	StackHash_c66e
  Fault Module Version:	6.3.9600.18233
  Fault Module Timestamp:	56bb4ebb
  Exception Code:	c0000374
  Exception Offset:	PCH_A1_FROM_ntdll+0x0000000000090C6A
  OS Version:	6.3.9600.2.0.0.400.8
  Locale ID:	5127
  Additional Information 1:	c66e
  Additional Information 2:	c66eb003ccb0f321719ea11a2dfd28cb
  Additional Information 3:	985f
  Additional Information 4:	985ffcf5786fa614c8c9d97a270df159

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-07-14 08:49 UTC] ab@php.net
-Status: Open +Status: Feedback
 [2017-07-14 08:49 UTC] ab@php.net 
Thanks for the report. Would it be possible you to post a backtrace or to provide a crash dump? Also, what is the exact PHP package name, in particular is it a thread safe build?

Regarding the length - no, the limitation of the path length in 7.1 is 2048 bytes. The specification also tells nothing specific https://msdn.microsoft.com/en-us/library/gg465305.aspx , but the APIs are known to have a limitation of 32k bytes in most cases. Further investigation is needed on this anyway. Direct support of such prefixes is not on the plan ATM.

Thanks.
 [2017-07-14 09:24 UTC] martin dot keckeis1 at gmail dot com
-Status: Feedback +Status: Open
 [2017-07-14 09:24 UTC] martin dot keckeis1 at gmail dot com 
So here we go. The dump and generated *.txt file

Download dump from here
www.transfernow.net/522ei1c8jlab

Loading control script D:\wap\php\DebugDiag\Scripts\CrashRule_Process_php.exe.vbs
DumpPath set to D:\wap\php\DebugDiag\Logs\Crash rule for all instances of php.exe
[14.07.2017 11:11:39]
  Process created. BaseModule - D:\wap\php\7.1-x64-VC14-NTS\php.exe. BaseThread - System ID: 10916
  C:\Windows\SYSTEM32\ntdll.dll loaded at 0x212b0000
  Thread created. New thread - System ID: 7824
  C:\Windows\system32\KERNEL32.DLL loaded at 0x20960000
  C:\Windows\system32\KERNELBASE.dll loaded at 0x1e4b0000
  D:\wap\php\7.1-x64-VC14-NTS\php7.dll loaded at 0xfdaf0000
  C:\Windows\system32\WS2_32.dll loaded at 0x20de0000
  C:\Windows\system32\SHELL32.dll loaded at 0x1e940000
  C:\Windows\SYSTEM32\VCRUNTIME140.dll loaded at 0x1b440000
  C:\Windows\SYSTEM32\api-ms-win-crt-runtime-l1-1-0.dll loaded at 0x1c910000
  C:\Windows\SYSTEM32\api-ms-win-crt-stdio-l1-1-0.dll loaded at 0x1c8f0000
  C:\Windows\SYSTEM32\api-ms-win-crt-heap-l1-1-0.dll loaded at 0x1b430000
  C:\Windows\SYSTEM32\api-ms-win-crt-string-l1-1-0.dll loaded at 0x1b420000
  C:\Windows\SYSTEM32\api-ms-win-crt-environment-l1-1-0.dll loaded at 0x1a8e0000
  C:\Windows\SYSTEM32\api-ms-win-crt-time-l1-1-0.dll loaded at 0x19db0000
  C:\Windows\SYSTEM32\api-ms-win-crt-utility-l1-1-0.dll loaded at 0x19240000
  C:\Windows\SYSTEM32\api-ms-win-crt-convert-l1-1-0.dll loaded at 0x190f0000
  C:\Windows\SYSTEM32\api-ms-win-crt-math-l1-1-0.dll loaded at 0x18510000
  C:\Windows\SYSTEM32\api-ms-win-crt-locale-l1-1-0.dll loaded at 0x18500000
  C:\Windows\system32\ADVAPI32.dll loaded at 0x211e0000
  C:\Windows\system32\ole32.dll loaded at 0x20780000
  C:\Windows\system32\USER32.dll loaded at 0x201b0000
  C:\Windows\SYSTEM32\DNSAPI.dll loaded at 0x1da20000
  C:\Windows\system32\PSAPI.DLL loaded at 0x20eb0000
  C:\Windows\SYSTEM32\api-ms-win-crt-filesystem-l1-1-0.dll loaded at 0x17ed0000
  C:\Windows\system32\NSI.dll loaded at 0x20aa0000
  C:\Windows\system32\RPCRT4.dll loaded at 0x20390000
  C:\Windows\system32\msvcrt.dll loaded at 0x20b80000
  C:\Windows\SYSTEM32\combase.dll loaded at 0x1ff30000
  C:\Windows\system32\SHLWAPI.dll loaded at 0x20e50000
  C:\Windows\system32\GDI32.dll loaded at 0x21090000
  C:\Windows\SYSTEM32\sechost.dll loaded at 0x20150000
  C:\Windows\system32\SspiCli.dll loaded at 0x1e8c0000
  C:\Windows\SYSTEM32\ucrtbase.DLL loaded at 0x11c30000
  C:\Windows\SYSTEM32\CRYPTBASE.DLL loaded at 0x1e250000
  C:\Windows\SYSTEM32\bcryptPrimitives.dll loaded at 0x1e1e0000
  C:\Windows\system32\IMM32.DLL loaded at 0x20920000
  C:\Windows\system32\MSCTF.dll loaded at 0x20ec0000
  D:\wap\php\7.1-x64-VC14-NTS\ext\php_curl.dll loaded at 0x11bb0000
  D:\wap\php\7.1-x64-VC14-NTS\libssh2.dll loaded at 0x80000000
  D:\wap\php\7.1-x64-VC14-NTS\nghttp2.dll loaded at 0x15270000
  D:\wap\php\7.1-x64-VC14-NTS\LIBEAY32.dll loaded at 0x116b0000
[14.07.2017 11:11:40]
  D:\wap\php\7.1-x64-VC14-NTS\SSLEAY32.dll loaded at 0x11d60000
  C:\Windows\system32\WLDAP32.dll loaded at 0x20330000
  C:\Windows\system32\Normaliz.dll loaded at 0x20e40000
  C:\Windows\system32\CRYPT32.dll loaded at 0x1e6e0000
  C:\Windows\SYSTEM32\api-ms-win-crt-conio-l1-1-0.dll loaded at 0x17ec0000
  C:\Windows\system32\MSASN1.dll loaded at 0x1e490000
  D:\wap\php\7.1-x64-VC14-NTS\ext\php_fileinfo.dll loaded at 0x012f0000
  D:\wap\php\7.1-x64-VC14-NTS\ext\php_gettext.dll loaded at 0x166b0000
  D:\wap\php\7.1-x64-VC14-NTS\ext\php_intl.dll loaded at 0x11630000
  D:\wap\php\7.1-x64-VC14-NTS\icuuc57.dll loaded at 0x74750000
  D:\wap\php\7.1-x64-VC14-NTS\icuin57.dll loaded at 0x74550000
  D:\wap\php\7.1-x64-VC14-NTS\icuio57.dll loaded at 0x74530000
  C:\Windows\SYSTEM32\MSVCP140.dll loaded at 0x11590000
  D:\wap\php\7.1-x64-VC14-NTS\icudt57.dll loaded at 0x71850000
  C:\Windows\SYSTEM32\api-ms-win-crt-multibyte-l1-1-0.dll loaded at 0x17b70000
  D:\wap\php\7.1-x64-VC14-NTS\ext\php_ldap.dll loaded at 0x13c60000
  D:\wap\php\7.1-x64-VC14-NTS\libsasl.dll loaded at 0x157d0000
  D:\wap\php\7.1-x64-VC14-NTS\ext\php_mbstring.dll loaded at 0x11190000
  D:\wap\php\7.1-x64-VC14-NTS\ext\php_exif.dll loaded at 0x138e0000
  D:\wap\php\7.1-x64-VC14-NTS\ext\php_pdo_mysql.dll loaded at 0x16420000
  C:\Windows\SYSTEM32\secur32.dll loaded at 0x18c60000
  C:\Windows\system32\mswsock.dll loaded at 0x1dc20000
  C:\Windows\SYSTEM32\shcore.dll loaded at 0x1cac0000
  C:\Windows\SYSTEM32\kernel.appcore.dll loaded at 0x1d0b0000
  C:\Windows\System32\rasadhlp.dll loaded at 0x19c40000
  C:\Windows\SYSTEM32\IPHLPAPI.DLL loaded at 0x1c2e0000
  C:\Windows\SYSTEM32\WINNSI.DLL loaded at 0x1b710000
  C:\Windows\System32\fwpuclnt.dll loaded at 0x1b690000
  Thread created. New thread - System ID: 4728
  Initializing control script
  Clearing any existing breakpoints
  
  Current Breakpoint List(BL)
  Thread exited. Exiting thread - System ID: 4728. Exit code - 0x00000000
[14.07.2017 11:11:56]
  Exception 0X80000003 on thread 10916. DetailID = 1
  Exception 0XC0000374 on thread 10916. DetailID = 2
[14.07.2017 11:12:00]
  Second chance exception - 0XC0000374 caused by thread with System ID: 10916 DetailID = 3
  Thread exited. Exiting thread - System ID: 7824. Exit code - 0xffffffff
  Process exited. Exit code - 0xffffffff

***********************
*  EXCEPTION DETAILS  *
***********************

DetailID = 1
	Count:    1
	Exception #:  0X80000003
	Stack:        
		ntdll!RtlpNtMakeTemporaryKey+0x17f
		ntdll!RtlpNtMakeTemporaryKey+0x3402
		ntdll!RtlpNtMakeTemporaryKey+0x4000
		ntdll!RtlFreeHeap+0x1b0f
		ntdll!RtlFreeHeap+0x368
		ucrtbase!free+0x1b
		php7!php_sys_stat_ex+0x36bc5e [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend_virtual_cwd.c @ 295]
		php7!_php_stream_stat_path+0x37752c [c:\php-sdk\php71\vc14\x64\php-7.1.7\main\streams\streams.c @ 1935]
		php7!php_stat+0x10b [c:\php-sdk\php71\vc14\x64\php-7.1.7\ext\standard\filestat.c @ 819]
		php7!zim_spl_RecursiveDirectoryIterator_hasChildren+0x10a [c:\php-sdk\php71\vc14\x64\php-7.1.7\ext\spl\spl_directory.c @ 1478]
		php7!zend_call_function+0x212 [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend_execute_api.c @ 873]
		php7!zend_call_method+0xf5 [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend_interfaces.c @ 99]
		php7!spl_recursive_it_move_forward_ex+0x427 [c:\php-sdk\php71\vc14\x64\php-7.1.7\ext\spl\spl_iterators.c @ 277]
		php7!ZEND_FE_FETCH_R_SPEC_VAR_HANDLER+0x1a7 [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend_vm_execute.h @ 16850]
		php7!execute_ex+0x72 [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend_vm_execute.h @ 432]
		php7!zend_execute+0x159 [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend_vm_execute.h @ 475]
		php7!zend_execute_scripts+0x119 [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend.c @ 1477]
		php7!php_execute_script+0x424 [c:\php-sdk\php71\vc14\x64\php-7.1.7\main\main.c @ 2537]
		php!do_cli+0x7dd [c:\php-sdk\php71\vc14\x64\php-7.1.7\sapi\cli\php_cli.c @ 994]
		php!main+0x439 [c:\php-sdk\php71\vc14\x64\php-7.1.7\sapi\cli\php_cli.c @ 1381]
		php!__scrt_common_main_seh+0x11d [f:\dd\vctools\crt\vcstartup\src\startup\exe_common.inl @ 253]
		KERNEL32!BaseThreadInitThunk+0x22
		ntdll!RtlUserThreadStart+0x34


DetailID = 2
	Count:    1
	Exception #:  0XC0000374
	Stack:        
		ntdll!RtlpNtMakeTemporaryKey+0x1c0
		ntdll!RtlpNtMakeTemporaryKey+0x3402
		ntdll!RtlpNtMakeTemporaryKey+0x4000
		ntdll!RtlFreeHeap+0x1b0f
		ntdll!RtlFreeHeap+0x368
		ucrtbase!free+0x1b
		php7!php_sys_stat_ex+0x36bc5e [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend_virtual_cwd.c @ 295]
		php7!_php_stream_stat_path+0x37752c [c:\php-sdk\php71\vc14\x64\php-7.1.7\main\streams\streams.c @ 1935]
		php7!php_stat+0x10b [c:\php-sdk\php71\vc14\x64\php-7.1.7\ext\standard\filestat.c @ 819]
		php7!zim_spl_RecursiveDirectoryIterator_hasChildren+0x10a [c:\php-sdk\php71\vc14\x64\php-7.1.7\ext\spl\spl_directory.c @ 1478]
		php7!zend_call_function+0x212 [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend_execute_api.c @ 873]
		php7!zend_call_method+0xf5 [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend_interfaces.c @ 99]
		php7!spl_recursive_it_move_forward_ex+0x427 [c:\php-sdk\php71\vc14\x64\php-7.1.7\ext\spl\spl_iterators.c @ 277]
		php7!ZEND_FE_FETCH_R_SPEC_VAR_HANDLER+0x1a7 [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend_vm_execute.h @ 16850]
		php7!execute_ex+0x72 [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend_vm_execute.h @ 432]
		php7!zend_execute+0x159 [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend_vm_execute.h @ 475]
		php7!zend_execute_scripts+0x119 [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend.c @ 1477]
		php7!php_execute_script+0x424 [c:\php-sdk\php71\vc14\x64\php-7.1.7\main\main.c @ 2537]
		php!do_cli+0x7dd [c:\php-sdk\php71\vc14\x64\php-7.1.7\sapi\cli\php_cli.c @ 994]
		php!main+0x439 [c:\php-sdk\php71\vc14\x64\php-7.1.7\sapi\cli\php_cli.c @ 1381]
		php!__scrt_common_main_seh+0x11d [f:\dd\vctools\crt\vcstartup\src\startup\exe_common.inl @ 253]
		KERNEL32!BaseThreadInitThunk+0x22
		ntdll!RtlUserThreadStart+0x34


DetailID = 3
	Count:    1
	Exception #:  0XC0000374
	Stack:        
		ntdll!RtlpNtMakeTemporaryKey+0x1c0
		ntdll!RtlpNtMakeTemporaryKey+0x3402
		ntdll!RtlpNtMakeTemporaryKey+0x4000
		ntdll!RtlFreeHeap+0x1b0f
		ntdll!RtlFreeHeap+0x368
		ucrtbase!free+0x1b
		php7!php_sys_stat_ex+0x36bc5e [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend_virtual_cwd.c @ 295]
		php7!_php_stream_stat_path+0x37752c [c:\php-sdk\php71\vc14\x64\php-7.1.7\main\streams\streams.c @ 1935]
		php7!php_stat+0x10b [c:\php-sdk\php71\vc14\x64\php-7.1.7\ext\standard\filestat.c @ 819]
		php7!zim_spl_RecursiveDirectoryIterator_hasChildren+0x10a [c:\php-sdk\php71\vc14\x64\php-7.1.7\ext\spl\spl_directory.c @ 1478]
		php7!zend_call_function+0x212 [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend_execute_api.c @ 873]
		php7!zend_call_method+0xf5 [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend_interfaces.c @ 99]
		php7!spl_recursive_it_move_forward_ex+0x427 [c:\php-sdk\php71\vc14\x64\php-7.1.7\ext\spl\spl_iterators.c @ 277]
		php7!ZEND_FE_FETCH_R_SPEC_VAR_HANDLER+0x1a7 [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend_vm_execute.h @ 16850]
		php7!execute_ex+0x72 [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend_vm_execute.h @ 432]
		php7!zend_execute+0x159 [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend_vm_execute.h @ 475]
		php7!zend_execute_scripts+0x119 [c:\php-sdk\php71\vc14\x64\php-7.1.7\zend\zend.c @ 1477]
		php7!php_execute_script+0x424 [c:\php-sdk\php71\vc14\x64\php-7.1.7\main\main.c @ 2537]
		php!do_cli+0x7dd [c:\php-sdk\php71\vc14\x64\php-7.1.7\sapi\cli\php_cli.c @ 994]
		php!main+0x439 [c:\php-sdk\php71\vc14\x64\php-7.1.7\sapi\cli\php_cli.c @ 1381]
		php!invoke_main+0x22 [f:\dd\vctools\crt\vcstartup\src\startup\exe_common.inl @ 64]
		php!__scrt_common_main_seh+0x11d [f:\dd\vctools\crt\vcstartup\src\startup\exe_common.inl @ 253]
		KERNEL32!BaseThreadInitThunk+0x22
		ntdll!RtlUserThreadStart+0x34





***********************
*  EXCEPTION SUMMARY  *
***********************

	|--------------------|
	| Count | Exception  |
	|--------------------|
	| 2     | 0XC0000374 |
	| 1     | 0X80000003 |
	|--------------------|

Debugging Overhead Cost:
	Total Elapsed Ticks = 20891 (100%)
	Total Ticks Spent in Debugger Engine = 4015 (19%)
	Total Ticks Spent in Crash Rule Script = 173 (1%)
 [2017-07-14 11:26 UTC] ab@php.net 
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=5d15fdc4a4db22552105e8275b6d3ef417219d66
Log: Fixed bug #74923 Crash when crawling through network share
 [2017-07-14 11:26 UTC] ab@php.net
-Status: Open +Status: Closed
 [2017-07-14 11:31 UTC] ab@php.net
-Status: Closed +Status: Feedback
 [2017-07-14 11:31 UTC] ab@php.net 
I've pushed a fix to this. Basically waiting for AppVeyor yet. A snap can be tested stating with 5d15fdc4a4db22552105e8275b6d3ef417219d66, or if you can compile yourself - even better.

Thanks.
 [2017-07-14 12:33 UTC] martin dot keckeis1 at gmail dot com 
http://windows.php.net/downloads/snaps/php-7.1/r5d15fdc/php-7.1-nts-windows-vc14-x64-r5d15fdc.zip

Seems to work really well so far! If i don't comment again - it's fixed.

Really nice, such a fast response and fix.

Keep up the great work \o/
 [2017-07-14 19:12 UTC] ab@php.net
-Status: Feedback +Status: Closed -Assigned To: +Assigned To: ab
 [2017-07-14 19:12 UTC] ab@php.net 
Many thanks, a good reproducer and tests is also of a great help!
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sun Oct 27 16:01:27 2024 UTC