Edit report at https://bugs.php.net/bug.php?id=60895&edit=1
ID: 60895 Updated by: paj...@php.net Reported by: root at ihack dot net Summary: null pointer dereference in php_win32_free_rng_lock() -Status: Open +Status: Closed Type: Bug Package: Unknown/Other Function Operating System: Windows Server 2008 R2 x64 PHP Version: 5.3.9 -Assigned To: +Assigned To: pajoye Block user comment: N Private report: N New Comment: This bug has been fixed in SVN. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. For Windows: http://windows.php.net/snapshots/ Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2012-01-27 10:56:31] paj...@php.net Automatic comment from SVN on behalf of pajoye Revision: http://svn.php.net/viewvc/?view=revision&revision=322843 Log: - fix #60895, possible invalid handler usage ------------------------------------------------------------------------ [2012-01-26 19:47:22] root at ihack dot net BTW, this bug was introduced in revision 312201, during the 5.3.7 release cycle. ------------------------------------------------------------------------ [2012-01-26 19:45:21] root at ihack dot net Description: ------------ If php_win32_get_random_bytes() has never been called, then this line of code: + CryptReleaseContext(hCryptProv, 0); passes a null pointer, resulting in a C0000005 exception in CryptReleaseContext(). This line should be preceded by: if (has_crypto_ctx) This was specifically tested with the windows.php.net 32-bit TS build running on 64-bit Windows. I do not know how it behaves in other configurations. Test script: --------------- I do not have a short test case, but the bug is pretty obvious. ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=60895&edit=1