Edit report at https://bugs.php.net/bug.php?id=48034&edit=1
ID: 48034
Comment by: bugzilla33 at gmail dot com
Reported by: ninzya at inbox dot lv
Summary: Crash when script is 8192 (8KB) bytes long
Status: Assigned
Type: Bug
Package: Reproducible crash
Operating System: *
PHP Version: 5.*, 6CVS (2009-04-21)
Assigned To: dmitry
Block user comment: N
Private report: N
New Comment:
Description:
------------
1. use Test script to generate crash.php, size 8192 bytes
2. now let crash php engine crash.php
3. Any php file of size 8192 bytes crashes Apache and PHP!
4. Tested with Apache 2.2.21 V9 apache longue, PHP 5.4.0 RC5 or RC6 dev on
three other machines, Win 7 x86 or Win 7 x64.
Test script:
---------------
testcase php file generator:
<?php
$out='<?php//';
for($z=0;$z<8192-9;$z++){$out.=mt_rand(0,9);}
$out.='?>';
file_put_contents('crash.php',$out);
print('1. testcase file generated: crash.php, size '.strlen($out).'
bytes<br/>');
print('2. now let crash php engine <a href="crash.php">crash.php</a><br/>');
print('<b style="color:red">3. Any php file of size 8192 bytes crashes Apache
and PHP!</b><br/>');
print('4. Tested with Apache 2.2.21 V9 apache longue, PHP 5.4.0 RC5 or RC6 dev
on three other machines, Win 7 x86 or Win 7 x64.<br/>');
?>
Expected result:
----------------
NO crash
Actual result:
--------------
CRASH
Previous Comments:
------------------------------------------------------------------------
[2009-05-04 16:06:37] [email protected]
Not fixed. Only a temp hack.
------------------------------------------------------------------------
[2009-04-28 07:16:19] [email protected]
This bug has been fixed in CVS.
Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
Thank you for the report, and for helping us make PHP better.
------------------------------------------------------------------------
[2009-04-22 11:09:23] [email protected]
See also bug#48043
------------------------------------------------------------------------
[2009-04-21 17:20:21] ninzya at inbox dot lv
I did everything mentioned in
http://bugs.php.net/bugs-generating-backtrace-win32.php
and got these results:
Thread 250 - System ID 5552
Entry point msvcrt!_endthreadex+3a
Create time 21.04.2009 15:20:51
Time spent in user mode 0 Days 0:0:0.656
Time spent in kernel mode 0 Days 0:0:0.921
Function Arg 1 Arg 2 Arg 3 Source
php5ts!lex_scan+447c 0550fa34 010f54a0 0000002f
php5ts!zend_register_auto_global+11f 00000000 00000000 00000000
------------------------------------------------------------------------
[2009-04-21 15:31:46] [email protected]
It seems related to http://bugs.php.net/bug.php?id=47596 . Not exactly the same
problem, though.
It seems php_stream_open_for_zend() does not mmap() enough for ZEND_MMAP_AHEAD
(PHP_STREAM_OPTION_MMAP_API in plain_wrapper adjusts the mmap length to the
filesize, so ignoring ZEND_MMAP_AHEAD), and this may crash when the parser
reads ahead of the mmap()ed region.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
https://bugs.php.net/bug.php?id=48034
--
Edit this bug report at https://bugs.php.net/bug.php?id=48034&edit=1
