php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75794 getenv() crashes on Windows 7.2.1 when second parameter is false
Submitted: 2018-01-10 14:34 UTC Modified: 2018-01-15 16:52 UTC
Votes:3
Avg. Score:5.0 ± 0.0
Reproduced:3 of 3 (100.0%)
Same Version:2 (66.7%)
Same OS:3 (100.0%)
From: jon at senyahnoj dot org dot uk Assigned: ab (profile)
Status: Closed Package: Reproducible crash
PHP Version: 7.2.1 OS: Windows
Private report: No CVE-ID: None
 [2018-01-10 14:34 UTC] jon at senyahnoj dot org dot uk
Description:
------------
Using PHP 7.2.1 (64 bit NTS) on (Windows Server 2012/Windows 7) + IIS FastCGI.

The fast CGI process crashes when PHP calls getenv() with a second parameter (local_only) of false. It's fine if the second parameter is true. 

It does not crash on the previous version 7.2.0.

PHP 7.2.1 on linux also fine. We are wondering if this is a windows platform-specific problem. Could this be related to Bug #75574 which was released in 7.2.1?

Test script:
---------------
<?php
getenv('HTTP_ACCEPT_LANGUAGE', false);


Patches

php.ini (last revision 2018-01-13 10:37 UTC) by jon at senyahnoj dot org dot uk)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-01-10 15:06 UTC] ab@php.net
-Status: Open +Status: Feedback
 [2018-01-10 15:06 UTC] ab@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.


 [2018-01-11 10:26 UTC] jon at senyahnoj dot org dot uk
-Status: Feedback +Status: Open
 [2018-01-11 10:26 UTC] jon at senyahnoj dot org dot uk
Loading control script C:\Program Files\DebugDiag\scripts\CrashRule_Process_php-cgi.exe.vbs
DumpPath set to C:\Program Files\DebugDiag\Logs\Crash rule for all instances of php-cgi.exe
[11/01/2018 10:16:06]
  Process created. BaseModule - D:\phpBinaries\win64\7.2\php-cgi.exe. BaseThread - System ID: 7024
  C:\Windows\SYSTEM32\ntdll.dll loaded at 0x432f0000
  Thread created. New thread - System ID: 6260
  C:\Windows\system32\KERNEL32.DLL loaded at 0x40e70000
  C:\Windows\system32\KERNELBASE.dll loaded at 0x40240000
  D:\phpBinaries\win64\7.2\php7.dll loaded at 0x25750000
  C:\Windows\system32\WS2_32.dll loaded at 0x41e90000
  C:\Windows\system32\ADVAPI32.dll loaded at 0x41db0000
  C:\Windows\SYSTEM32\VCRUNTIME140.dll loaded at 0x33700000
  C:\Windows\SYSTEM32\api-ms-win-crt-stdio-l1-1-0.dll loaded at 0x336f0000
  C:\Windows\SYSTEM32\api-ms-win-crt-environment-l1-1-0.dll loaded at 0x336e0000
  C:\Windows\SYSTEM32\api-ms-win-crt-heap-l1-1-0.dll loaded at 0x32990000
  C:\Windows\SYSTEM32\api-ms-win-crt-string-l1-1-0.dll loaded at 0x32980000
  C:\Windows\SYSTEM32\api-ms-win-crt-runtime-l1-1-0.dll loaded at 0x318d0000
  C:\Windows\SYSTEM32\api-ms-win-crt-convert-l1-1-0.dll loaded at 0x318a0000
  C:\Windows\SYSTEM32\api-ms-win-crt-filesystem-l1-1-0.dll loaded at 0x31720000
  C:\Windows\SYSTEM32\api-ms-win-crt-math-l1-1-0.dll loaded at 0x31710000
  C:\Windows\SYSTEM32\api-ms-win-crt-locale-l1-1-0.dll loaded at 0x31700000
  C:\Windows\system32\ole32.dll loaded at 0x41bc0000
  C:\Windows\system32\USER32.dll loaded at 0x41260000
  C:\Windows\SYSTEM32\DNSAPI.dll loaded at 0x3f300000
  C:\Windows\SYSTEM32\bcrypt.dll loaded at 0x3fbf0000
  C:\Windows\SYSTEM32\api-ms-win-crt-time-l1-1-0.dll loaded at 0x316f0000
  C:\Windows\SYSTEM32\api-ms-win-crt-utility-l1-1-0.dll loaded at 0x31640000
  C:\Windows\system32\RPCRT4.dll loaded at 0x415d0000
  C:\Windows\system32\NSI.dll loaded at 0x41bb0000
  C:\Windows\system32\msvcrt.dll loaded at 0x40fb0000
  C:\Windows\SYSTEM32\sechost.dll loaded at 0x40e20000
  C:\Windows\SYSTEM32\combase.dll loaded at 0x40c60000
  C:\Windows\system32\GDI32.dll loaded at 0x41060000
  C:\Windows\SYSTEM32\ucrtbase.DLL loaded at 0x29a80000
  C:\Windows\system32\dzuser32.dll loaded at 0x40050000
  C:\Windows\system32\bcryptprimitives.dll loaded at 0x3ff20000
  D:\phpBinaries\win64\7.2\ext\ioncube_loader_win_7.2.dll loaded at 0x80000000
  D:\phpBinaries\win64\7.2\ext\php_bz2.dll loaded at 0x31070000
  D:\phpBinaries\win64\7.2\ext\php_curl.dll loaded at 0x299f0000
  D:\phpBinaries\win64\7.2\libssh2.dll loaded at 0x651c0000
  D:\phpBinaries\win64\7.2\nghttp2.dll loaded at 0x30a30000
  D:\phpBinaries\win64\7.2\libcrypto-1_1-x64.dll loaded at 0x25450000
  D:\phpBinaries\win64\7.2\libssl-1_1-x64.dll loaded at 0x29960000
  C:\Windows\system32\WLDAP32.dll loaded at 0x413b0000
  C:\Windows\system32\Normaliz.dll loaded at 0x41460000
  C:\Windows\system32\CRYPT32.dll loaded at 0x404a0000
  C:\Windows\system32\MSASN1.dll loaded at 0x40220000
  D:\phpBinaries\win64\7.2\ext\php_fileinfo.dll loaded at 0x24f80000
  D:\phpBinaries\win64\7.2\ext\php_gd2.dll loaded at 0x276e0000
  D:\phpBinaries\win64\7.2\ext\php_intl.dll loaded at 0x298f0000
  D:\phpBinaries\win64\7.2\icuuc60.dll loaded at 0x592e0000
  D:\phpBinaries\win64\7.2\icuin60.dll loaded at 0x58580000
  D:\phpBinaries\win64\7.2\icuio60.dll loaded at 0x598c0000
  C:\Windows\SYSTEM32\MSVCP140.dll loaded at 0x27640000
  D:\phpBinaries\win64\7.2\icudt60.dll loaded at 0x60f00000
  C:\Windows\SYSTEM32\api-ms-win-crt-multibyte-l1-1-0.dll loaded at 0x31060000
  D:\phpBinaries\win64\7.2\ext\php_mbstring.dll loaded at 0x24e20000
  D:\phpBinaries\win64\7.2\ext\php_mysqli.dll loaded at 0x31000000
  D:\phpBinaries\win64\7.2\ext\php_openssl.dll loaded at 0x30390000
  D:\phpBinaries\win64\7.2\ext\php_pdo_mysql.dll loaded at 0x31050000
  D:\phpBinaries\win64\7.2\ext\php_com_dotnet.dll loaded at 0x308d0000
  C:\Windows\system32\OLEAUT32.dll loaded at 0x41ef0000
  D:\phpBinaries\win64\7.2\ext\php_soap.dll loaded at 0x298b0000
  D:\phpBinaries\win64\7.2\ext\php_xsl.dll loaded at 0x29440000
  D:\phpBinaries\win64\7.2\ext\php-7.2.x_memcache.dll loaded at 0x30260000
  D:\phpBinaries\win64\7.2\ext\php_pdo_sqlsrv.dll loaded at 0x29870000
  C:\Windows\SYSTEM32\ODBC32.dll loaded at 0x324f0000
  D:\phpBinaries\win64\7.2\ext\php_sqlsrv.dll loaded at 0x28be0000
  C:\Windows\SYSTEM32\secur32.dll loaded at 0x3bdf0000
  C:\Windows\SYSTEM32\SSPICLI.DLL loaded at 0x3fef0000
  C:\Windows\system32\mswsock.dll loaded at 0x3f610000
  C:\Windows\SYSTEM32\IPHLPAPI.DLL loaded at 0x3df40000
  C:\Windows\SYSTEM32\WINNSI.DLL loaded at 0x3ded0000
  C:\Windows\SYSTEM32\dhcpcsvc.DLL loaded at 0x3d1d0000
  C:\Windows\SYSTEM32\dhcpcsvc6.DLL loaded at 0x3d420000
  Thread created. New thread - System ID: 6624
  Initializing control script
  Clearing any existing breakpoints
  
  Current Breakpoint List(BL)
  Thread exited. Exiting thread - System ID: 6624. Exit code - 0x00000000
[11/01/2018 10:16:13]
  Exception 0X80000003 on thread 7024. DetailID = 1
  Stack Trace
RetAddr           : Args to Child                                                           : Call Site
000007fb`433cf350 : 00000044`64670000 00000044`64c03918 00000044`64670000 000007fb`29a8295e : ntdll!RtlpNtCreateKey+0x30ab
000007fb`43375e81 : 00000044`64c70030 00000000`00000000 00000000`00000000 00000044`64683fe0 : ntdll!RtlpNtCreateKey+0x7f04
000007fb`29a942cb : 00000044`64683fe0 00000044`64c70030 00000044`64681d90 00000000`00000001 : ntdll!RtlSetCurrentEnvironment+0x33b5
000007fb`25b99294 : 000007f7`52282e00 00000044`64c03918 00000044`64c03918 00000044`655c6538 : ucrtbase!free+0x1b
000007fb`2591a724 : 00000044`64c1d100 00000000`00000002 00000044`64c70030 00000044`6458b4f0 : php7!libiconv_set_relocation_prefix+0x5a274
000007fb`2576b1d3 : 00000000`00000000 000007fb`25919bf0 00000000`00000000 00000044`64c03900 : php7!php_base64_decode_ex+0x3444
000007fb`2576ce40 : 80000000`00000000 000007fb`25766ed0 000007fb`2576b180 00000001`8006f2c4 : php7!array_init+0x4d3
000007fb`25760aa0 : 00000001`8006f3d0 00000000`00000000 00000044`64c830e0 00000000`00000008 : php7!execute_ex+0x80
000007fb`257605a5 : 00000000`00000000 00000044`6458e2d0 00000044`64c604b0 00000000`00000008 : php7!zend_execute+0x150
000007fb`25760305 : 00000044`00000008 00000000`00000000 00000000`00000003 00000000`00000000 : php7!zend_execute_scripts+0xa5
000007f7`52287e7b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000001 : php7!php_execute_script+0x335
000007f7`522834dc : 00000000`00000000 00000000`00000000 000007fb`29b659f4 00000000`00000000 : php_cgi+0x7e7b
000007fb`40e71842 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : php_cgi+0x34dc
000007fb`4333e2f9 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x1a
00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21
  Action limit of 1 reached for unconfigured first chance exceptions.
  Exception 0XC0000374 on thread 7024. DetailID = 2
  Second chance exception - 0XC0000374 caused by thread with System ID: 7024 DetailID = 2
  Thread exited. Exiting thread - System ID: 7024. Exit code - 0xffffffff
  Process exited. Exit code - 0xffffffff

***********************
*  EXCEPTION DETAILS  *
***********************

DetailID = 1
	Count:    1
	Exception #:  0X80000003
	Stack:        
		ntdll!RtlpNtCreateKey+0x30ab
		ntdll!RtlpNtCreateKey+0x7f04
		ntdll!RtlSetCurrentEnvironment+0x33b5
		ucrtbase!free+0x1b
		php7!libiconv_set_relocation_prefix+0x5a274
		php7!php_base64_decode_ex+0x3444
		php7!array_init+0x4d3
		php7!execute_ex+0x80
		php7!zend_execute+0x150
		php7!zend_execute_scripts+0xa5
		php7!php_execute_script+0x335
		php_cgi+0x7e7b
		php_cgi+0x34dc
		KERNEL32!BaseThreadInitThunk+0x1a
		ntdll!RtlUserThreadStart+0x21


DetailID = 2
	Count:    2
	Exception #:  0XC0000374
	Stack:        
		ntdll!RtlpNtCreateKey+0x30e9
		ntdll!RtlpNtCreateKey+0x7f04
		ntdll!RtlSetCurrentEnvironment+0x33b5
		ucrtbase!free+0x1b
		php7!libiconv_set_relocation_prefix+0x5a274
		php7!php_base64_decode_ex+0x3444
		php7!array_init+0x4d3
		php7!execute_ex+0x80
		php7!zend_execute+0x150
		php7!zend_execute_scripts+0xa5
		php7!php_execute_script+0x335
		php_cgi+0x7e7b
		php_cgi+0x34dc
		KERNEL32!BaseThreadInitThunk+0x1a
		ntdll!RtlUserThreadStart+0x21





***********************
*  EXCEPTION SUMMARY  *
***********************

	|--------------------|
	| Count | Exception  |
	|--------------------|
	| 2     | 0XC0000374 |
	| 1     | 0X80000003 |
	|--------------------|

Debugging Overhead Cost:
	Total Elapsed Ticks = 7520 (100%)
	Total Ticks Spent in Debugger Engine = 313 (4%)
	Total Ticks Spent in Crash Rule Script = 188 (2%)
 [2018-01-12 16:51 UTC] ab@php.net
Thanks for the backtrace. It looks same as in bug #75761. The PHP versions are different, though, so unlikely it is unlikely related to the other ticket you mention. Unfortunately it doesn't reproduce on my side, but from the BT - perhaps it could be an issue with the iconv ext.

Thanks.
 [2018-01-12 16:52 UTC] ab@php.net
-Status: Open +Status: Feedback
 [2018-01-12 16:52 UTC] ab@php.net
Were it possible you to provide a crash dump? Just share somewhere and post a link.

Thanks.
 [2018-01-12 17:17 UTC] jon at senyahnoj dot org dot uk
-Status: Feedback +Status: Open
 [2018-01-12 17:17 UTC] jon at senyahnoj dot org dot uk
For your information I'm using the pre-compiled binaries from windows.php.net

I don't usually use Windows but I'll try and work out how to do a crash dump as you suggest!
 [2018-01-12 20:01 UTC] ab@php.net
One question yet. Could you post your php.ini please?

Thanks.
 [2018-01-13 10:38 UTC] jon at senyahnoj dot org dot uk
Thanks - attached php.ini (in the patches section)
 [2018-01-13 14:15 UTC] ab@php.net
Thanks for posting. I was able to reproduce the issue earlier and pushed a fix. The snapshots should be that far already, could you test the latest please? The aforementioned patch was indeed in 7.1+, so that seems to be the cause.

Thanks.
 [2018-01-15 16:52 UTC] ab@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: ab
 [2018-01-15 16:52 UTC] ab@php.net
Closing as the issue is confirmed fixed.

Thanks.
 
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Mon Nov 19 14:01:26 2018 UTC