ID: 19325
Updated by: [email]sniperphp.net[/email]
Reported By: screen at brainkrash dot com
-Status: Open
+Status: Closed
Bug Type: Apache related
Operating System: Win2000
-PHP Version: php4-win32-200211061900
+PHP Version: 4-win32-200211061900
New Comment:

wrong version used -> bug got lost. Closing since I can't reproduce
this with latest stable CVS.




Previous Comments:
------------------------------------------------------------------------

[2002-11-06 14:20:57] screen at brainkrash dot com

The problem still persists in the latest daily build.

------------------------------------------------------------------------

[2002-11-06 09:25:26] [email]iliaaphp.net[/email]

Please try using this CVS snapshot:

[url]http://snaps.php.net/php4-latest.tar.gz[/url]

For Windows:

[url]http://snaps.php.net/win32/php4-win32-latest.zip[/url]



------------------------------------------------------------------------

[2002-09-10 07:33:03] screen at brainkrash dot com

Ok, i've created the simplest example I can. Unfortunately it's not as
simple as i'd like. It requires a php handler to be defined in apache.
The example handles a page request for the defined path in apache. It
checks the requested type and includes php files with an output buffer
function which then registered a shutdown function. This is done so
that the output can still be captured if the requested php file
performs an exit;. The crash doesn't occur unless the requested file
generates multiple browser requests for files within the handled path
(i haven't tested with files outside this path).

Here's the link to the example:

[url]http://brainkrash.com/~screen/brainkrash_debug.zip[/url]

the README.txt file contains apache conf, file layout, and reproduction
instructions.

------------------------------------------------------------------------

[2002-09-10 06:00:40] screen at brainkrash dot com

Through a long night of compiling i've generated the following debug
information. I hope it's helpful. As far as generating code, i'll try
and see what I can do. To be honest i'm completely uncertain as to even
where to begin. I'll try though...

Unhandled exception in Apache.exe (NTDLL.DLL): 0xC0000005: Access
Violation.

Call Stack:

NTDLL! 77fcb032()
_emalloc(unsigned int 10, char * 0x00a709bc `string', unsigned int 227,
char * 0x00000000, unsigned int 0) line 154 + 62 bytes
_estrdup(const char * 0x005896d0, char * 0x00a709bc `string', unsigned
int 227, char * 0x00000000, unsigned int 0) line 335 + 25 bytes
sapi_get_default_content_type(void * * * 0x005de040) line 227 + 29
bytes
php_apache_get_default_mimetype(request_rec * 0x00726fb8, void * * *
0x005de040) line 456 + 10 bytes
send_php(request_rec * 0x00726fb8, int 0, char * 0x00727b58) line 551 +
13 bytes
send_pd_php(request_rec * 0x00726fb8) line 578 + 13 bytes
ap_invoke_handler(request_rec * 0x00726fb8) line 517 + 10 bytes
process_request_internal(request_rec * 0x00726fb8) line 1308 + 9 bytes
ap_process_request(request_rec * 0x00726fb8) line 1324 + 9 bytes
child_sub_main(int 0) line 5928
child_main(int 0) line 5998 + 9 bytes
_threadstartex(void * 0x005ddf80) line 212 + 13 bytes
KERNEL32! 77e887dd()


Registers:

EAX = 00000000 EBX = 00000247
ECX = 00000000 EDX = 043814D0
ESI = 04380000 EDI = 04380298
EIP = 77FCB032 ESP = 0127F9C0
EBP = 0127FB58 EFL = 00000246 CS = 001B
DS = 0023 ES = 0023 SS = 0023 FS = 003B
GS = 0000 OV=0 UP=0 EI=1 PL=0 ZR=1 AC=0
PE=1 CY=0 ST0 = +4.97601634110320460e+3400
ST1 = +0.58830211741752350e+4085
ST2 = -0.00828635751169817e+4399
ST3 = +0.00000000000000000e+0000
ST4 = -3.97005806646183370e+4383
ST5 = +0.00635385167867965e+4930
ST6 = +9.64965820312500000e-0001
ST7 = +2.00000000000000000e+0001
CTRL = 027F STAT = 0120 TAGS = FFFF
EIP = 1024929D CS = 001B DS = 0023
EDO = 0127F264

Disassembly:

77FCAFFF add byte ptr ds:[0FFFh],al
77FCB005 and ax,0F000h
77FCB009 jmp 77FCC95D
77FCB00E mov byte ptr [edi+5],al
77FCB011 push dword ptr [ebp-30h]
77FCB014 mov esi,dword ptr [ebp-5Ch]
77FCB017 push esi
77FCB018 call 77F83573
77FCB01D mov ecx,dword ptr [ebp-30h]
77FCB020 mov eax,dword ptr [ecx+8]
77FCB023 mov dword ptr [ebp-128h],eax
77FCB029 mov ecx,dword ptr [ecx+0Ch]
77FCB02C mov dword ptr [ebp-12Ch],ecx
> 77FCB032 mov dword ptr [ecx],eax
77FCB034 mov dword ptr [eax+4],ecx
77FCB037 cmp eax,ecx
77FCB039 je 77FCD49C
77FCB03F mov eax,dword ptr [ebp-30h]
77FCB042 movzx ecx,word ptr [eax]
77FCB045 sub dword ptr [esi+28h],ecx
77FCB048 movzx eax,word ptr [eax]
77FCB04B add ebx,eax
77FCB04D mov dword ptr [ebp-58h],ebx
77FCB050 cmp ebx,0FE00h
77FCB056 jbe 77FCB065
77FCB058 push ebx
77FCB059 push edi
77FCB05A push esi
77FCB05B call 77FCBA97
77FCB060 jmp 77FCB4E2
77FCB065 mov word ptr [edi],bx
77FCB068 test byte ptr [edi+5],10h
77FCB06C je 77FCD4D6
77FCB072 cmp bx,80h
77FCB077 jb 77FCD4E0
77FCB07D and byte ptr [edi+5],10h
77FCB081 lea edx,[esi+178h]
77FCB087 mov dword ptr [ebp-150h],edx
77FCB08D cmp dword ptr [esi+170h],0
77FCB094 je 77FCD544
77FCB09A movzx eax,bx
77FCB09D push eax
77FCB09E push esi

------------------------------------------------------------------------

[2002-09-10 05:27:11] [email]edinkphp.net[/email]

Could you try to isolate a small piece of code that craches Apache?

------------------------------------------------------------------------

The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
[url]http://bugs.php.net/19325[/url]

--
Edit this bug report at [url]http://bugs.php.net/?id=19325&edit=1[/url]