php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #76233 php-cgi.exe crash (see small dump)
Submitted: 2018-04-18 08:59 UTC Modified: 2018-07-07 15:54 UTC
From: 1978 dot jl at gmail dot com Assigned:
Status: Not a bug Package: CGI/CLI related
PHP Version: 5.6.35 OS: All Windows
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2018-04-18 08:59 UTC] 1978 dot jl at gmail dot com 
Description:
------------
see dump

Actual result:
--------------
Microsoft (R) Windows Debugger Version 10.0.16299.91 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_php-cgi.exe_71738a7c251175f48a9d62b2d3d1120a0f92ce6_cab_462bffb4\WERFF4A.tmp.mdmp]
User Mini Dump File: Only registers, stack and portions of memory are available

Symbol search path is: srv*
Executable search path is: 
Windows 7 Version 7601 (Service Pack 1) MP (4 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
Machine Name:
Debug session time: Wed Apr 18 10:55:55.000 2018 (UTC + 2:00)
System Uptime: 19 days 0:03:27.782
Process Uptime: 0 days 0:00:03.000
........................................................
Loading unloaded module list
..
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(198c.2324): Stack overflow - code c00000fd (first/second chance not available)
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for php5ts.dll - 
eax=00063058 ebx=01f19950 ecx=00000002 edx=0fdda694 esi=00000002 edi=00000002
eip=0f931dfe esp=00063000 ebp=00063038 iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010246
php5ts!zend_parse_parameters+0x4e:
0f931dfe 56              push    esi
0:000> k
 # ChildEBP RetAddr  
WARNING: Stack unwind information not available. Following frames may be wrong.
00 00063038 0f931dd9 php5ts!zend_parse_parameters+0x4e
01 00063050 0fa89b51 php5ts!zend_parse_parameters+0x29
02 00063070 0f91a93f php5ts!spl_iterator_apply+0x13f61
03 000630b4 0f94bad7 php5ts!emalloc+0x3f
04 00000000 00000000 php5ts!function_add_ref+0x6f7

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-04-18 12:27 UTC] cmb@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb
 [2018-04-18 12:27 UTC] cmb@php.net 
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with ,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.
 [2018-04-18 13:08 UTC] 1978 dot jl at gmail dot com 
Hi,

Sorry, at this moment, we analyze the problem but the code is in a huge project, I couldn't extract a short script to reproduce this bug.

Greetings.
 [2018-04-18 13:18 UTC] cmb@php.net 
Okay, I was asking for a reproduce script, since the backtrace is
not particularly helpful ("Stack unwind information not available.
Following frames may be wrong."), and since the stack overflow
might be caused by deep (infinite?) recursion in the userland
code.

Can you provide a debug backtrace[1]?

Also note that PHP 5 will not receive normal bugfixes anymore, but
only security fixes.  So unless it can be shown that this issue is
indeed a security issue, we won't fix it for PHP 5, so it might be
best if you test the project under an actively supported PHP
version[2] if possible.

[1] <https://bugs.php.net/bugs-generating-backtrace-win32.php>
[2] <http://www.php.net/supported-versions.php
 [2018-04-18 17:21 UTC] 1978 dot jl at gmail dot com 
Hi Christoph,

after analyze with DebugDiag, the cause should be in a ioncube module (ioncube_loader_win_5.6.dll), the source code that cause this stack overflow seems to be :

  $property = null; // bad case
  $p = $my_object->$property; // seems to crash only when used in ioncube context, seems no crash if ioncube deactivated 

But I don't understand why this crash not appear on PHP 5.6.34 in same conditions.

Greetings.
 [2018-04-18 17:44 UTC] cmb@php.net
-Status: Feedback +Status: Open -Assigned To: cmb +Assigned To:
 [2018-04-18 17:44 UTC] cmb@php.net 
Thanks for further investigation!

Since this *may* be an ionCube issue, I suggest to contact them.
Anyhow, I have to bail out here, since I'm neither an engine guru,
nor accustomed to ionCube.
 [2018-04-19 07:36 UTC] 1978 dot jl at gmail dot com 
Hi,

I have open a ticket to ioncube support.

Sorry for my error, I have also the crash on PHP 5.6.34.

I will keep you informed about the response of the ioncube support.

Greetings.
 [2018-04-19 17:39 UTC] 1978 dot jl at gmail dot com 
Hi,

after many tests, the crash doesn't appears when we deactivate the ioncube loader, but in this case, it reveals a "out of memory" PHP error.

Then, it seems to be this "out of memory" PHP error that only crash the PHP process when the ioncube loader is loaded.

The original error that cause this "out of memory" error seems to be in a miss use of laravel framework.

Sorry to disturb you.
 [2018-07-07 15:54 UTC] ab@php.net
-Status: Open +Status: Not a bug
 [2018-07-07 15:54 UTC] ab@php.net 
Closing, as this failure is not related to PHP core.

Thanks.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Apr 25 11:01:30 2024 UTC