Special:Badtitle/NS100:EN/Mysterious bug in PHP 5.3.5 crashes Apache in conjunction with MediaWiki 1.16.2: Difference between revisions

<summary> Today I encountered a mysterious bug in PHP 5.3.5 while using MediaWiki software. When I try to add following content to a MediaWiki page, Apache crashes and all websites hosted on the server are not reachable anymore: </summary>

<syntaxhighlight lang="html" highlight="12" line> <source lang="bibtex"> @article{Maki20001115,

   title = "Estimation of illuminant direction and surface reconstruction by Geotensity constraint",
   journal = "Pattern Recognition Letters",
   volume = "21",
   number = "13-14",
   pages = "1115 - 1123",
   year = "2000",
   note = "Selected Papers from The 11th Scandinavian Conference on Image",
   issn = "0167-8655",
   doi = "DOI: 10.1016/S0167-8655(00)00072-6",
   url = "http://www.sciencedirect.com/science/article/B6V15-48CPFDG-5G/2/4bb1b7eba24901b8e89ddf321c6bee25",
   author = "Atsuto Maki"

} </source> </syntaxhighlight>

This is a serious issue! I identified line 12 as source of the trouble. If the enclosing quotation marks (") are changed to standard BibTeX curly brackets ({})

<syntaxhighlight lang="html" start="12" line>

   url = {http://www.sciencedirect.com/science/article/B6V15-48CPFDG-5G/2/4bb1b7eba24901b8e89ddf321c6bee25},

</syntaxhighlight>

the problem is gone. Nevertheless, this is a critical issue for administrators, because if a user is adding the above code to a MediaWiki page, the webserver could crash – a kind of denial of service attack.

The following software is involved:

Due to the astonishing decision of PHP to deliver the last binary built with VC6 for Windows with PHP 5.3.5, a fast change to PHP 5.3.6 built with VC9 is a problem for many administrators operating Windows in conjunction with Apache and PHP, because the whole webserver environment has to be built with VC9 – even for me it is a big problem, because I operate several very special Apache and PHP modules, which have to be rebuilt too. So I decided to switch back to PHP 5.2.17 for those virtual Apache hosts serving MediaWiki contents (invoked as CGI module). In PHP 5.2.17 everything is fine. So probably the error is gone in PHP 5.3.6 too, but at the moment I have no chance to verify that.

The following two errors are given in my system event log when Apache crashed:

<syntaxhighlight lang="plain"> Name der fehlerhaften Anwendung: httpd.exe, Version: 2.2.17.0, Zeitstempel: 0x4cbbe9e8 Name des fehlerhaften Moduls: php5ts.dll, Version: 5.3.5.0, Zeitstempel: 0x4d26013e Ausnahmecode: 0xc00000fd Fehleroffset: 0x00172a76 ID des fehlerhaften Prozesses: 0x288f0 Startzeit der fehlerhaften Anwendung: 0x01cbf6c634583b6e Pfad der fehlerhaften Anwendung: [censored]\Apache2.2\bin\httpd.exe Pfad des fehlerhaften Moduls: [censored]\php-5.3.5\php5ts.dll Berichtskennung: 76cdba97-62b9-11e0-8a69-00ff00000561 </syntaxhighlight>

<syntaxhighlight lang="plain"> Name der fehlerhaften Anwendung: httpd.exe, Version: 2.2.17.0, Zeitstempel: 0x4cbbe9e8 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695, Zeitstempel: 0x4cc7ab86 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00038db9 ID des fehlerhaften Prozesses: 0x28cd0 Startzeit der fehlerhaften Anwendung: 0x01cbf6c3f8969fac Pfad der fehlerhaften Anwendung: [censored]\Apache2.2\bin\httpd.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 6ceddcff-62b7-11e0-8a69-00ff00000561 </syntaxhighlight>

I haven't filed any bug report for PHP yet, because I can't verify whether the bug exists in PHP 5.3.6 too or not. But it seems that an Apache crash is quite a common problem with PHP.

I appreciate any comments regarding this problem. Template:Wl-publish: 2011-04-09 18:10:18 +0200