ID: 10904
User Update by: [EMAIL PROTECTED]
Status: Open
Bug Type: Reproducible crash
Operating system: WINNT SP4
PHP Version: 4.0.5
Description: php.exe accesses unreadable memory and crashes
This script reproduces the bug on my machine:
<?php
print "<html>";
print "<head>";
print " <title>bug</title>";
print "</head>";
print "<body>";
for ($i=0; $i<1000; $i++) {
print "<BR>hello" ;
}
print "</body>";
print "</html>";
?>
Change 1000 to 333 and the bug disappears,
Change 1000 to 22222 and the bug disappears.
Previous Comments:
---------------------------------------------------------------------------
[2001-05-16 11:02:35] [EMAIL PROTECTED]
WINNT SP4, APACHE 1.3.14, PHP 4.0.4 and 4.0.5
I cannot make a gdb backtrace, but I can give you the following:
1) It is an access violation -- the instruction at 0x0dsd5973 referenced 0x00000000.
the memory could not be read.
2) It always occurs near the end of a script and is not related to what HTML happens
to be generated. Most scripts do not show the error at all, but when one does only
changing the size of the output (either very small or very large) will suppress it.
3) After clearing the error (by clicking OK on the error message on the server), the
full HTML is always produced correctly. However, until OK is clicked, the client is
left waiting for the last 1K or so of output).
4) It is defintely related to the size of the output. Scripts that make output
smaller then 1K never show the error. Larger scripts may or may not show the error,
but when they do, the error can always be removed by making the script generate a very
large output (~100K). I just repeated the same content x times. Once x is large
enough, the bug goes away.
5) On my system, calling phpinfo causes it -- <?php phpinfo() ?> -- but only on the
second and subsequent calls after rebooting the server. Just starting and stopping
Apache does not allow the first good call to succeed--the server must be rebooted.
6) changing imlicit_flush, output_buffering, and memory_limit in php.ini do not fix
it, but might(???) alter the size of output that exhibts the problem. flush() in the
code does not fix it.
7) I theorize it is related to some final cleanup or garbage collection code.
8) I first saw it in 4.0.4 and upgraded to 4.0.5 hoping to see it go away. It did
not, but again the size of output that shows the error might(???) have changed. One
point about the upgrade, I could not copy msvcrt.dll to the system root because it was
always locked by the OS, even after closing all closable services. My msvcrt.dll is
dated three days earlier than the one distributed with PHP 4.0.4 and 4.0.5. There
appears to be no way to change it.
--This bug could easily exist under another OS, but be invisible (and harmless) if the
OS does not generate an error message for the address violation.
Hope this is helpful. Feel free to contact me.
Steve
---------------------------------------------------------------------------
Full Bug description available at: http://bugs.php.net/?id=10904
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
