PHP :: Bug #80881 :: open_basedir crashes Apache

Bug #80881

open_basedir crashes Apache

Submitted:

2021-03-18 11:16 UTC

Modified:

2021-03-23 14:05 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

simbiat at outlook dot com

Assigned:

Status:

Open

Package:

Safe Mode/open_basedir

PHP Version:

8.0.3

OS:

Windows 10.0.19042.868]

Private report:

CVE-ID:

None

View Developer Edit

[2021-03-18 11:16 UTC] simbiat at outlook dot com

Description:
------------
It looks like after some update for Windows (KB5000802 and/or later one) if you set open_basedir it will slow PHP down and cause Apache to crash.
More details including text of the dump can be found here https://www.apachelounge.com/viewtopic.php?p=39993

In summary: even on latest builds of Apache both PHP 7.4.16 and 8.0.3 crash if open_basedir is set. This is true both for mod_php and mod_fcgi (errors do differ a bit, of course). Once open_basedir is commented out the crashes stop and PHP seems to start working much faster, too.
Considering that !analyze -v command indicates "virtual_realpath" component on the 2nd line of the stack and open_basedir is supposed to disable realpath cache, I presume, that there is an issue in how it is being disabled.

Test script:
---------------
Not applicable. Any script does this

Expected result:
----------------
Apache does not crash

Actual result:
--------------
Apache restarts child process

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2021-03-18 12:16 UTC] cmb@php.net

-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb

[2021-03-18 12:16 UTC] cmb@php.net

> open_basedir = "C:/Users/simbi/OneDrive/…"
> […] if you set open_basedir it will slow PHP down and cause
> Apache to crash.

Assuming you have on-demand enabled, the former is to be expected.
You're generally better off to download a copy of the Website and
work with this.

The stack backtrace would be way more helpful, if you had debug
symbols for PHP installed.  You can get them from windows.php.net;
they're called "debug pack".  Then generate a stack backtrace[1]
with the Debug Diagnostic Tool and make sure that the debug
symbols are loaded.

Also, it might help if you can provide the output of

    fsutil reparsePoint query C:\Users\simbi\OneDrive

[1] <https://bugs.php.net/bugs-generating-backtrace-win32.php>

[2021-03-18 16:19 UTC] simbiat at outlook dot com

Based on that manual, should not the full dump that was generated by Windows for httpd.exe be enough? It can be taken from https://1drv.ms/u/s!AsaK_C2Xv0I4gunuXIptXRyLcx8YymA?e=NmL4AA

Also I'm not sure I understand what you mean by "on-demand" and why it's normal for Apache to crash this way. From what I understand "ondemand" is relevant for PHP-FPM, but it's not available for Windows, from what I know. I was able to replciate the crash with mod_php and mod_fcgi.

[2021-03-18 16:25 UTC] cmb@php.net

> Based on that manual, should not the full dump that was
> generated by Windows for httpd.exe be enough?

Well, I'm not a big fan of downloading 2 GB crash dumps, but I
might give it a try.

> Also I'm not sure I understand what you mean by "on-demand" […]

You can have your local OneDrive folder in on-demand mode, or you
can copy the files.  In the former case, the OneDrive folder is a
reparse point.

> […] and why it's normal for Apache to crash this way.

I don't know; I didn't say this.

[2021-03-18 16:55 UTC] simbiat at outlook dot com

I can try using Debug Diagnostic Tool, but I've used the build from Apache Lounge. Will the debug pack from https://windows.php.net/download/ work with them?

[2021-03-18 16:57 UTC] simbiat at outlook dot com

Oh and my OneDrive is not in on-demand mode. I do not use this feature.

[2021-03-18 17:48 UTC] cmb@php.net

> […] but I've used the build from Apache Lounge.

Do they provide their own PHP binaries?  If so, official PHP on
Windows debug packs will not work.  I have not been able to attach
x64 nor x86 pdbs.

> Oh and my OneDrive is not in on-demand mode. I do not use this
> feature.

That is super strange, because in that case C:\Users\simbi\OneDrive
should be a normal folder.  Again, please provide the output of

    fsutil reparsePoint query C:\Users\simbi\OneDrive

[2021-03-18 18:05 UTC] simbiat at outlook dot com

Yes, Apache Lounge has their own builds: https://www.apachelounge.com/viewtopic.php?t=6359
I will try to replicate the same with official build tomorrow.

C:\Users\simbi>fsutil reparsePoint query C:\Users\simbi\OneDrive
Error:  The file or directory is not a reparse point.

But:
C:\Users\simbi>fsutil reparsePoint query C:\Users\simbi\OneDrive\Documents\!Personal\Coding\WebServer
Reparse Tag Value : 0x9000a01a
Tag value: Microsoft
Tag value: Directory

Reparse Data Length: 0xa2
Reparse Data:
0000:  01 80 9c 01 9b b0 00 46  65 52 70 8f 29 35 0c 00  .......FeRp.)5..
0010:  98 01 00 00 02 00 0a 00  80 07 00 01 00 60 00 00  .............`..
0020:  00 48 18 04 00 64 00 38  05 10 11 00 30 9c 01 68  .H...d.8....0..h
0030:  08 3c 25 28 00 ac 00 96  00 58 3a 02 00 06 30 01  .<%(.....X:...0.
0040:  18 00 0e 09 04 33 38 00  34 32 42 46 39 37 32 44  .....38.42BF972D
0050:  00 46 43 38 41 43 36 21  32 52 37 00 01 39 38 0c  .FC8AC6!2R7..98.
0060:  26 00 24 27 74 b1 0e 27  31 30 34 0d 4b 00 0f 0c  &.$'t..'104.K...
0070:  10 13 2d 11 09 74 a4 13  25 13 66 81 4f 62 66 01  ..-..t..%.f.Obf.
0080:  80 77 64 66 63 38 61 63  36 00 00 00 ef 02 c0 e2  .wdfc8ac6.......
0090:  34 08 a0 ec a5 73 07 e0  80 03 00 80 03 00 b2 67  4....s.........g
00a0:  96 56                                             .V


C:\Users\simbi>fsutil reparsePoint query C:\Users\simbi\OneDrive\Documents\!Personal\Coding\WebServer\apache
Reparse Tag Value : 0x9000e01a
Tag value: Microsoft
Tag value: Directory

Reparse Data Length: 0xa1
Reparse Data:
0000:  01 80 84 01 9a b0 00 46  65 52 70 77 fa 71 3f 80  .......FeRpw.q?.
0010:  80 01 00 00 02 00 07 00  10 00 01 00 48 00 00 00  ............H...
0020:  0a 00 18 04 00 4c 00 38  05 10 11 00 30 9c 01 50  .....L.8....0..P
0030:  08 3c 0d 28 00 7c 00 d6  00 28 3a 02 00 06 30 01  .<.(.|...(:...0.
0040:  18 00 0e 09 04 33 38 00  34 32 42 46 39 37 32 44  .....38.42BF972D
0050:  00 46 43 38 41 43 36 21  32 70 37 38 34 37 0c 48  .FC8AC6!2p7847.H
0060:  00 0e 24 27 74 91 0e 27  31 30 34 0f 4d 00 0c 10  ..$'t..'104.M...
0070:  13 2d 11 12 74 a4 13 25  13 66 81 4f 62 66 01 80  .-..t..%.f.Obf..
0080:  77 64 66 63 38 61 63 36  00 00 00 ef 02 c0 e2 34  wdfc8ac6.......4
0090:  08 a0 ec a5 73 07 e0 80  03 00 80 03 00 b2 67 96  ....s.........g.
00a0:  56                                                V


C:\Users\simbi>fsutil reparsePoint query C:\Users\simbi\OneDrive\Documents\!Personal\Coding\WebServer\gfc (this is where my configs for apache, php and mysql are)
Reparse Tag Value : 0x9000e01a
Tag value: Microsoft
Tag value: Directory

Reparse Data Length: 0xa3
Reparse Data:
0000:  01 80 84 01 9c b0 00 46  65 52 70 33 5b ce cb 80  .......FeRp3[...
0010:  80 01 00 00 02 00 07 00  10 00 01 00 48 00 00 00  ............H...
0020:  0a 00 18 04 00 4c 00 38  05 10 11 00 30 9c 01 50  .....L.8....0..P
0030:  08 3c 0d 28 00 7c 00 d6  00 28 3a 02 00 06 30 01  .<.(.|...(:...0.
0040:  18 00 0e 09 04 33 38 00  34 32 42 46 39 37 32 44  .....38.42BF972D
0050:  00 46 43 38 41 43 36 21  32 40 37 32 37 33 34 31  .FC8AC6!2@727341
0060:  0c 4c 00 c5 24 27 74 0e  27 31 30 34 0d 4b 00 0f  .L..$'t.'104.K..
0070:  b6 0e 10 13 11 12 74 a4  13 25 13 66 81 4f 04 62  ......t..%.f.O.b
0080:  66 80 77 64 66 63 38 61  00 63 36 00 00 ef 02 c0  f.wdfc8a.c6.....
0090:  e2 80 34 08 ec a5 73 07  e0 80 03 02 00 80 03 b2  ..4...s.........
00a0:  67 96 56                                          g.V

C:\Users\simbi>fsutil reparsePoint query C:\Users\simbi\OneDrive\Documents\!Personal\Coding\WebServer\mysql
Reparse Tag Value : 0x9000e01a
Tag value: Microsoft
Tag value: Directory

Reparse Data Length: 0xa1
Reparse Data:
0000:  01 80 84 01 9a b0 00 46  65 52 70 a5 4c d4 a2 80  .......FeRp.L...
0010:  80 01 00 00 02 00 07 00  10 00 01 00 48 00 00 00  ............H...
0020:  0a 00 18 04 00 4c 00 38  05 10 11 00 30 9c 01 50  .....L.8....0..P
0030:  08 3c 0d 28 00 7c 00 d6  00 28 3a 02 00 06 30 01  .<.(.|...(:...0.
0040:  18 00 0e 09 04 33 38 00  34 32 42 46 39 37 32 44  .....38.42BF972D
0050:  00 46 43 38 41 43 36 21  32 70 37 38 35 32 0c 48  .FC8AC6!2p7852.H
0060:  00 0e 24 27 74 91 0e 27  31 30 34 0f 4d 00 0e 10  ..$'t..'104.M...
0070:  13 2d 11 12 74 a4 13 25  13 66 81 4f 62 66 01 80  .-..t..%.f.Obf..
0080:  77 64 66 63 38 61 63 36  00 00 00 ef 02 c0 e2 34  wdfc8ac6.......4
0090:  08 a0 ec a5 73 07 e0 80  03 00 80 03 00 b2 67 96  ....s.........g.
00a0:  56                                                V

[2021-03-18 18:22 UTC] cmb@php.net

> I will try to replicate the same with official build tomorrow.

Thank you!

And thanks for the fsutil reparsePoint query outputs.  These
reparse tag values should be supported; let's see what the new
crash dump reveals.

[2021-03-19 08:26 UTC] simbiat at outlook dot com

Crashed on official build as well: https://apaste.info/utsD (analyzed from WinDBG)
When I moved htdocs to C:/htdocs - it did not fail. But... It looks like it crashes during stopping of the service. No logs in Apache, but here's the debug: https://apaste.info/tX0l

Reports from DebugDiag for both cases - https://1drv.ms/u/s!AsaK_C2Xv0I4gunxGl8Cn2AOkewerww?e=aw1tGd

[2021-03-23 14:05 UTC] cmb@php.net

-Status: Feedback +Status: Open

[2021-03-23 14:05 UTC] cmb@php.net

> Crashed on official build as well: […]

It seems the memory mismanagement happens in virtual_file_ex[1],
but apparently the function is inlined, so the stack backtrace
isn't really helpful.

> It looks like it crashes during stopping of the service.

That backtrace looks like a new thread is started, and being shut
down right away.  This may be just a consequence of the former
crash.

Not sure how to go on with this, particularly since support for
OneDrive hosted Websites is of very low priority for the PHP on
Windows team.  I suggest to either download a copy of the Website
to your machine (or consider to use a VCS instead), or to disable
open_basedir.

[1] <https://github.com/php/php-src/blob/php-8.0.3/Zend/zend_virtual_cwd.c#L1248>

[2021-03-23 14:05 UTC] cmb@php.net

-Status: Assigned +Status: Open -Assigned To: cmb +Assigned To:

[2021-03-23 17:59 UTC] simbiat at outlook dot com

It is on my machine, it's just that I use OneDrive as backup as well and it's finicky with symlinks. It's not a critical issue, that's for sure, at least, unless someone decided to host actual PROD environment on OneDrive, which seems... Unadvisable. Still, if it will be fixed someday, that would be great.

[2021-04-13 09:02 UTC] simbiat at outlook dot com

Looks like something else has changed and now, when working in phpMyAdmin I am getting crashes even if basedir is not restricted. And crashes are different, now referencing php8ts.dl: https://apaste.info/yelL

Not sure, but I think the only thing, that has changed on my PC since last time is... Perhaps AV update? But definitely no new KBs were installed. I will check the behavior with AV disabled, but not sure if it will provide anything.

[2021-04-13 09:14 UTC] simbiat at outlook dot com

Nope, disabling AV did not help at all.

[2021-06-05 18:49 UTC] simbiat at outlook dot com

Looks like it can crash with commented out open_basedir. Replicable on 8.0.7: https://apaste.info/0cPr and may be related to https://bugs.php.net/bug.php?id=80726 since CLI can also crash periodically on same machine.

[2021-08-17 08:49 UTC] adam at thedudleys dot co dot uk

Found this on google search for
PHP Windows open_basedir slow

WOW. using this settings kills the performance of php.

info

Azure VM, Win server 2019 Data Centre edition
php-7.4.22-nts-Win32-vc15-x64.zip
IIS

With open_basedir set to c:\inetpub, the response time in postman for my home page is over 4 seconds.

comment out that one line in the php, iisreset

respons time is sub 600ms (not amazing, it's a slow/heavy site, but way better!) 

Not using onedrive, that's crazy, why not script to copy to a different folder for that every hour/change.

Anyway, thought I'd let you good peeps know.

[2021-08-17 08:59 UTC] rtrtrtrtrt at dfdfdfdf dot dfd

> With open_basedir set to c:\inetpub, the response 
> time in postman for my home page is over 4 seconds

must be a problem with window and/or your scripts


DOMAIN:                   http://corecms
COUNT:                    500
CMS UNCACHED:             700 us
CMS CACHED:               405 us
STATIC HTM:               259 us
STATIC PHP:               342 us
FACTOR CMS/STATIC HTM:    2.7
FACTOR CMS/STATIC PHP:    2
FACTOR CACHED/STATIC HTM: 1.6
FACTOR CACHED/STATIC PHP: 1.2
FACTOR STATIC PHP/STATIC: 1.3
RUNTIME:                  1.541

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Mon Nov 03 21:00:01 2025 UTC