#50241 [NEW]: Crash in gmp_init() function of php_gmp

Fri, 20 Nov 2009 04:41:08 -0800 

From:             Brian dot White at foxfire74 dot com
Operating system: Windows XP XP3
PHP version:      5.3.1
PHP Bug Type:     Reproducible crash
Bug description:  Crash in gmp_init() function of php_gmp

Description:
------------
Did the compiler options for GMP change between 5.3.0 and 5.3.1?  The code
below executes properly in 5.3.0; but crashes when run using 5.3.1,
however, the stack traces (attached) are uninformative.  Crash happens as
both an Apache2.2 module as well as CLI.  Crash does NOT happen on Core 2
Duo (Family 6, Model F, Stepping B), only on Pentium III EB(Family 6, Model
8, Stepping 6).  php_gmp on Windows usus MIPR which supports x86 processors
as old as the Pentium depending on how it was compiled.

Reproduce code:
---------------
<?php
      $a = '155172898181473697471232257763715539915724801'.
        '966915404479707795314057629378541917580651227423'.
        '698188993727816152646631438561595825688188889951'.
        '272158842675419950341258706556549803580104870537'.
        '681476726513255747040765857479291291572334510643'.
        '245094715007229621094194349783925984760375594985'.
        '848253359305585439638443';

    $n = gmp_init($a, 10);
    var_dump($n);
?>


Expected result:
----------------
resource(4) of type (GMP integer)


Actual result:
--------------
Apache 2.2 Backtrace
====================
Thread 148 - System ID 396
Entry point   msvcr90!_endthreadex+6f 
Create time   11/20/2009 5:20:47 AM 
Time spent in user mode   0 Days 0:0:8.502 
Time spent in kernel mode   0 Days 0:0:0.711 

Function     Arg 1     Arg 2     Arg 3   Source 
php_gmp!__gmpn_mul_1+1a     0681d1d8     0681d1d8     00000001    
php_gmp!__gmpn_set_str+11d     0681d1d8     0682e970     00000135    
php_gmp!__gmpz_set_str+1af     053691c8     0682e828     0000000a    
php_gmp!__gmpz_init_set_str+2d     053691c8     0682e828     0000000a    
php_gmp!zm_info_gmp+147     041ff988     0000000a     04832af0    
php_gmp!zif_gmp_init+7c     00000002     0682b7b8     00000000    
php5ts!execute+1110     05374270     04832a00     04832af0    
php5ts!execute+583a     00000000     041ffae0     04832af0    
php5ts!execute+2e8     04a3c148     04832a01     04832af0    
php5ts!zend_call_function+884     00000000     041ffacc     05371e08    
php5ts!zif_call_user_func_array+63     00000002     05367188     00000000 
  
php5ts!execute+1110     05371e08     04832a00     04832af0    
php5ts!execute+583a     04832af0     041ffbe4     00000000    
php5ts!execute+2e8     0533e2e8     04832a00     04832af0    
php5ts!zend_execute_scripts+fe     00000008     04832af0     00000000    
php5ts!php_execute_script+239     041ffe70     04832af0     00000005    
php5apache2_2!zm_info_apache+1744     047b5b60     012522c8     047b5b60  
 
libhttpd!ap_run_handler+25     00000000     00000000     00000000    

In
httpd__PID__5396__Date__11_20_2009__Time_05_25_09AM__793__Second_Chance_Exception_C000001D.dmp
the assembly instruction at php_gmp!__gmpn_mul_1+1a in
C:\PHP\ext\php_gmp.dll from The PHP Group has caused an unknown exception
(0xc000001d) on thread 148

CLI Backtrace
=============
Thread 0 - System ID 4656
Entry point   php+2fa2 
Create time   11/20/2009 7:00:15 AM 
Time spent in user mode   0 Days 0:0:1.181 
Time spent in kernel mode   0 Days 0:0:0.340 

Function     Arg 1     Arg 2     Arg 3   Source 
php_gmp!get_module+c85a     0114e7a0     0114e7a0     00000001    
php_gmp!get_module+15e0d     0114fc48     00000004     00000088    
php_gmp!get_module+c08d     0114e7a0     0114ea10     00000135    
php_gmp!get_module+b82f     0114fc18     0114e8c8     0000000a    
php_gmp!get_module+53ad     00000000     00000000     00000000    

In
php__PID__440__Date__11_20_2009__Time_07_00_22AM__370__Second_Chance_Exception_C000001D.dmp
the assembly instruction at php_gmp!get_module+c85a in
C:\TEMP\PHP\ext\php_gmp.dll from The PHP Group has caused an unknown
exception (0xc000001d) on thread 0


-- 
Edit bug report at http://bugs.php.net/?id=50241&edit=1
-- 
Try a snapshot (PHP 5.2):            
http://bugs.php.net/fix.php?id=50241&r=trysnapshot52
Try a snapshot (PHP 5.3):            
http://bugs.php.net/fix.php?id=50241&r=trysnapshot53
Try a snapshot (PHP 6.0):            
http://bugs.php.net/fix.php?id=50241&r=trysnapshot60
Fixed in SVN:                        
http://bugs.php.net/fix.php?id=50241&r=fixed
Fixed in SVN and need be documented: 
http://bugs.php.net/fix.php?id=50241&r=needdocs
Fixed in release:                    
http://bugs.php.net/fix.php?id=50241&r=alreadyfixed
Need backtrace:                      
http://bugs.php.net/fix.php?id=50241&r=needtrace
Need Reproduce Script:               
http://bugs.php.net/fix.php?id=50241&r=needscript
Try newer version:                   
http://bugs.php.net/fix.php?id=50241&r=oldversion
Not developer issue:                 
http://bugs.php.net/fix.php?id=50241&r=support
Expected behavior:                   
http://bugs.php.net/fix.php?id=50241&r=notwrong
Not enough info:                     
http://bugs.php.net/fix.php?id=50241&r=notenoughinfo
Submitted twice:                     
http://bugs.php.net/fix.php?id=50241&r=submittedtwice
register_globals:                    
http://bugs.php.net/fix.php?id=50241&r=globals
PHP 4 support discontinued:          http://bugs.php.net/fix.php?id=50241&r=php4
Daylight Savings:                    http://bugs.php.net/fix.php?id=50241&r=dst
IIS Stability:                       
http://bugs.php.net/fix.php?id=50241&r=isapi
Install GNU Sed:                     
http://bugs.php.net/fix.php?id=50241&r=gnused
Floating point limitations:          
http://bugs.php.net/fix.php?id=50241&r=float
No Zend Extensions:                  
http://bugs.php.net/fix.php?id=50241&r=nozend
MySQL Configuration Error:           
http://bugs.php.net/fix.php?id=50241&r=mysqlcfg

Reply via email to