php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75810 getenv with valid varname crashes ntdll.dll
Submitted: 2018-01-12 19:12 UTC Modified: 2018-01-15 16:52 UTC
From: laurinkeithdavis at gmail dot com Assigned:
Status: Duplicate Package: PHP options/info functions
PHP Version: 7.1.13 OS: Windows 10 x64 Pro
Private report: No CVE-ID: None
 [2018-01-12 19:12 UTC] laurinkeithdavis at gmail dot com
Description:
------------
Any specific varname, if that environment variable name actually exists, crashes PHP. If you put a non-valid environment variable name, that does not crash and no value (getenv()), dumps the whole array, and does not crash. 



Test script:
---------------
<?php
echo getenv("PATH");

Expected result:
----------------
Value of the indicated environment variable.

Actual result:
--------------
Internal Server Error 500

AND

Log Name:      Application
Source:        Application Error
Date:          1/12/2018 12:46:03 PM
Event ID:      1000
Task Category: (100)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      KDAVIS.pridedallas.com
Description:
Faulting application name: php-cgi.exe, version: 7.1.13.0, time stamp: 0x5a4d3a49
Faulting module name: ntdll.dll, version: 10.0.16299.192, time stamp: 0x16e7ff7f
Exception code: 0xc0000374
Fault offset: 0x000da8b9
Faulting process id: 0x1ecc
Faulting application start time: 0x01d38bd593ca174a
Faulting application path: C:\PHP\php-cgi.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: c4b5c9e2-dcb6-4f21-9b32-457689bce66a
Faulting package full name: 
Faulting package-relative application ID: 

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-01-12 19:14 UTC] laurinkeithdavis at gmail dot com
Confirmed this does not occur in 7.1.12.
 [2018-01-12 19:36 UTC] laurinkeithdavis at gmail dot com
I'm pretty sure the change made for https://bugs.php.net/bug.php?id=75574 is the "cause", as getenv was modified, not just putenv. 

I don't know C well enough. I am trying to decipher the change that might be an issue, but no luck so far.
 [2018-01-12 20:23 UTC] ab@php.net
-Status: Open +Status: Feedback
 [2018-01-12 20:23 UTC] ab@php.net
Thanks for the report. Looks pretty much like bug #75794. What is your exact PHP. Please post your php.ini. If possible, also a crash dump.

Thanks.
 [2018-01-12 20:32 UTC] laurinkeithdavis at gmail dot com
Ah, I searched for the bug using 7.1.13, but didn't think about the fact that 7.2.1 was also just released. Should I move my notes to that bug?

PHP 7.1.3 - VC14 x86 Non Thread Safe (2018-Jan-04 00:43:34) (from windows.php.net)

I tried to post my php.ini file, but I get this message when I do:

"Your comment looks like SPAM by its content. Please consider rewording."
 [2018-01-12 21:29 UTC] ab@php.net
You could pastebin it somewhere and just put the link, otherwise it'd be anyway too big for a comment.

Thanks.
 [2018-01-12 21:36 UTC] laurinkeithdavis at gmail dot com
Oh, duh. :)

https://gist.github.com/laurin1/a7ea63c2b8bc68a845a1b50e01c9c173
 [2018-01-13 14:16 UTC] ab@php.net
I've pushed a fix for this issue, could you check the latest snap, please?

Thanks.
 [2018-01-13 17:04 UTC] laurinkeithdavis at gmail dot com
Tested this snapshot:

7.1.14-dev Revision: r05c4f72 (January 13 2018, 16:37:57)

Works!
 [2018-01-13 21:30 UTC] ab@php.net
-Status: Feedback +Status: Open
 [2018-01-13 21:30 UTC] ab@php.net
Thanks for the checks! Waiting for the feedback in other tickets yet. The fix should be available in RCs.

Thanks.
 [2018-01-15 16:52 UTC] ab@php.net
-Status: Open +Status: Duplicate
 [2018-01-15 16:52 UTC] ab@php.net
Same as bug #75794.

Thanks.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Oct 10 14:01:27 2024 UTC