php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #76443 php+php_interbase.dll crash on module_shutdown
Submitted: 2018-06-10 19:30 UTC Modified: 2018-06-11 09:32 UTC
From: phpdev at ehrhardt dot nl Assigned: kalle (profile)
Status: Closed Package: InterBase related
PHP Version: 7.3.0alpha1 OS: Windows 7
Private report: No CVE-ID: None
 [2018-06-10 19:30 UTC] phpdev at ehrhardt dot nl
Description:
------------
PHP 7.3.0 Alpha 1 crashes at the end of a script when extension=interbase is loaded.

PHP 7.3.0.Alpha 1 was compiled with VC15 after applying this patch:
https://github.com/php/php-src/commit/f96df64cb2219fda42ca875483f874cf3052647c

Config:
cscript /nologo configure.js "--disable-all" "--enable-cli" "--enable-cgi" "--enable-crt-debug" "--enable-debug-pack" "--disable-zts" "--with-interbase=shared"

build-dist with pdb's:
https://phpdev.toolsforresearch.com/php-7.3.0alpha1-nts-Win32-VC15-x86-interbase.zip

The same thing happens with every other full build (x86 / x64, TS / NTS). They are available here:
https://www.apachelounge.com/viewtopic.php?p=36936#36936

Test script:
---------------
php phpinfo.php or php-cgi phpinfo.php, where phpinfo.php =

<?php phpinfo();?>

php.ini:
[PHP] 
extension_dir = "ext" 
extension=interbase 



Expected result:
----------------
A graceful_reverse_destroy

Actual result:
--------------
The output of phpinfo() is echoed to the console, but at the end it crashes.

Unhandled exception at 0x7789BA26 (ntdll.dll) in php.exe: 0xC0000005: Access violation reading location 0xBE2C9F38. occurred

backtrace:

 	ntdll.dll!_LdrpUpdateLoadCount2@8()
 	ntdll.dll!_LdrpUpdateLoadCount2@8()
 	ntdll.dll!_LdrpUnloadDll@8()
 	ntdll.dll!_LdrUnloadDll@4()
 	KernelBase.dll!_FreeLibrary@4()
>	php7.dll!module_destructor(_zend_module_entry * module) Line 2624
 	php7.dll!module_destructor_zval(_zval_struct * zv) Line 748
 	[Inline Frame] php7.dll!_zend_hash_del_el_ex(_zend_array * idx, unsigned int) Line 1162
 	[Inline Frame] php7.dll!_zend_hash_del_el(_zend_array *) Line 1185
 	php7.dll!zend_hash_graceful_reverse_destroy(_zend_array * ht) Line 1639
 	php7.dll!zend_shutdown() Line 980
 	php7.dll!php_module_shutdown() Line 2330
 	php.exe!main(int argc, char * * argv) Line 1421
 	[External Code]	


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-06-10 20:52 UTC] cmb@php.net
According to GetModuleHandle docs[1]:

| Therefore, do not pass a handle returned by GetModuleHandle to
| the FreeLibrary function.

So please try again after removing the FreeLibrary() call[2].

[1] <https://msdn.microsoft.com/de-de/library/windows/desktop/ms683199(v=vs.85).aspx>
[2] <https://github.com/php/php-src/blob/php-7.3.0alpha1/ext/interbase/interbase.c#L837>.
 [2018-06-10 21:16 UTC] phpdev at ehrhardt dot nl
The hammer on the nail! So this commit by @KalleZ should be reversed:
https://github.com/php/php-src/commit/fd29202022ecd952c175a3d1f805678801092be4#diff-e9c0f3e6898bf699286fc2fa83998cb7
 [2018-06-10 23:22 UTC] kalle@php.net
-Status: Open +Status: Verified
 [2018-06-10 23:22 UTC] kalle@php.net
Ah yes I see, should be fine reverting it tho I never experienced any issue with it back when I implemented it which I guess is why it was not caught until now
 [2018-06-10 23:38 UTC] cmb@php.net
Thanks for testing (and for reporting this issue in the first
place), Jan!  I'm not quite sure how to resolve this; see
<http://news.php.net/php.internals.win/1188>.
 [2018-06-11 00:14 UTC] phpdev at ehrhardt dot nl
@kalle: I tested the same thing with one of the recent snapshots at https://windows.php.net/downloads/snaps/master/ with the same segfault as a result.

@christoph: I am not really into the internals of Windows, but reversing Kalle's commit did indeed solve it. FWIW: I recompiled all my builds at https://www.apachelounge.com/viewtopic.php?p=36936#36936 without any problems. Did not run any tests though, due to lack of a operating Firebird server. Maybe Kalle can run the tests.
 [2018-06-11 05:35 UTC] kalle@php.net
@jan I sadly don't have a working dev environment with Firebird setup, so it would be a while before I would be able to test.

@christoph Simply reverting my commit should do the trick. Do you have any other places in paticular where you could see this could be an issue?
 [2018-06-11 09:08 UTC] phpdev at ehrhardt dot nl
-Status: Verified +Status: Open -Operating System: Windows +Operating System: Windows 7
 [2018-06-11 09:08 UTC] phpdev at ehrhardt dot nl
Anatol's remark on the Internals Win mailinglist:
>On different Windows versions the system loader differs
>in its smartness, so it can handle it a different way.

This triggered me to retry the faulting build-dist under Windows 10: no segfault.
 [2018-06-11 09:09 UTC] requinix@php.net
-Status: Open +Status: Verified
 [2018-06-11 09:32 UTC] kalle@php.net
-Status: Verified +Status: Assigned -Assigned To: +Assigned To: kalle
 [2018-06-11 09:32 UTC] kalle@php.net
I think we are better off to simply just remove the call, I'm trying to setup a development environment on my new setup and will try take care of it
 [2018-06-11 09:50 UTC] kalle@php.net
Automatic comment on behalf of kalle
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a6b9ddbfe2934e4cfed331615dcc325a77e7778d
Log: Fixed bug #76443 (php+php_interbase.dll crash on module_shutdown)
 [2018-06-11 09:50 UTC] kalle@php.net
-Status: Assigned +Status: Closed
 
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Thu Dec 13 22:01:26 2018 UTC