Edit report at https://bugs.php.net/bug.php?id=65927&edit=1
ID: 65927 Updated by: larue...@php.net Reported by: it dot vie at virtual-identity dot com Summary: _zend_mm_free_int caused access violation -Status: Open +Status: Feedback Type: Bug Package: Reproducible crash Operating System: Windows 2012 PHP Version: 5.4.21 Block user comment: N Private report: N New Comment: Thank you for this bug report. To properly diagnose the problem, we need a short but complete example script to be able to reproduce this bug ourselves. A proper reproducing script starts with <?php and ends with ?>, is max. 10-20 lines long and does not require any external resources such as databases, etc. If the script requires a database to demonstrate the issue, please make sure it creates all necessary tables, stored procedures etc. Please avoid embedding huge scripts into the report. Previous Comments: ------------------------------------------------------------------------ [2013-10-18 09:47:54] it dot vie at virtual-identity dot com I further investigated and found out that the access violation only happens with the SQLSRV30 dll Package and not with the SQLSRV20 Dll Package found http://www.microsoft.com/en-us/download/details.aspx?id=20098 ------------------------------------------------------------------------ [2013-10-18 08:15:43] it dot vie at virtual-identity dot com Sorry! The debugging output is from the first test with 5.3.24, but we could reproduce this also in the current build of php 5.4.21 for Windows. ------------------------------------------------------------------------ [2013-10-18 08:07:48] it dot vie at virtual-identity dot com Description: ------------ We are using: * Windows 2012 * httpd-2.4.4-win32 * mod_fcgid-2.3.7-win32 * php_sqlsrv_54_nts * php 5.4.21 * drupal 7.x The php-cgi.exe crashes on "high" load (20-50 r/sec) with an access violation. I created a debugging output as shown on "bugs-generating-backtrace-win32". IMHO the #define ZEND_MM_IS_FREE_BLOCK(b) (!((b)->info._size & ZEND_MM_USED_BLOCK)) should check if b is a valid pointer or there should be more checks when using ZEND_MM_IS_FREE_BLOCK, but I'm not a C pro :) Can you help me with this issue? Actual result: -------------- php5!_zend_mm_free_int+57 [c:\php-sdk\php53dev\vc9\x86\php-5.3.24\zend\zend_alloc.c @ 2028] c:\php-sdk\php53dev\vc9\x86\php-5.3.24\zend\zend_alloc.c @ 2028 php5!_efree+19 [c:\php-sdk\php53dev\vc9\x86\php-5.3.24\zend\zend_alloc.c @ 2361 + a] c:\php-sdk\php53dev\vc9\x86\php-5.3.24\zend\zend_alloc.c @ 2361 + a php_pdo_sqlsrv_53_nts+6833 ... ... ... sqlncli11!SNIPacketSetConnection+b4 sqlncli11!Session::ProcessDataPacket+1ef sqlncli11!CCriticalSectionNT::Leave+d 0x018e5c58 ntdll!RtlpHeapFindListLookupEntry+40 ntdll!RtlpFindEntry+49 0x0673d4d0 ntdll!RtlpAllocateHeap+6e6 0x06720000 ntdll!RtlAllocateHeap+2de php_pdo_sqlsrv_53_nts+12903 ntdll!RtlpAllocateHeap+76d ntdll!RtlAllocateHeap+176 ntdll!RtlpHeapFindListLookupEntry+40 ntdll!RtlpFindEntry+49 ntdll!RtlpFreeHeap+667 0x067287c8 ntdll!RtlpFreeHeap+667 ntdll!RtlFreeHeap+206 sqlncli11!CImpISOSHost_MPMemObj::OperatorDelete+1c sqlncli11!BATCHCTX::Release+a1 ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=65927&edit=1