Science
Mysterious bug in PHP 5.3.5 crashes Apache in conjunction with MediaWiki 1.16.2
Today I encountered a mysterious bug in PHP 5.3.5 while using MediaWiki software. When I try to add following content to a MediaWiki page, Apache crashes and all websites hosted on the server are not reachable anymore:
<source lang="bibtex">
@article{Maki20001115,
title = "Estimation of illuminant direction and surface reconstruction by Geotensity constraint",
journal = "Pattern Recognition Letters",
volume = "21",
number = "13-14",
pages = "1115 - 1123",
year = "2000",
note = "Selected Papers from The 11th Scandinavian Conference on Image",
issn = "0167-8655",
doi = "DOI: 10.1016/S0167-8655(00)00072-6",
url = "http://www.sciencedirect.com/science/article/B6V15-48CPFDG-5G/2/4bb1b7eba24901b8e89ddf321c6bee25",
author = "Atsuto Maki"
}
</source>This is a serious issue! I identified line 12 as source of the trouble. If the enclosing quotation marks (") are changed to standard BibTeX curly brackets ({})
url = {http://www.sciencedirect.com/science/article/B6V15-48CPFDG-5G/2/4bb1b7eba24901b8e89ddf321c6bee25},the problem is gone. Nevertheless, this is a critical issue for administrators, because if a user is adding the above code to a MediaWiki page, the webserver could crash – a kind of denial of service attack.
The following software is involved:
| Server OS | Microsoft Windows Server 2008 R2 x64 |
|---|---|
| Webserver | Apache 2.2.17 x86 VC6 |
| PHP | PHP 5.3.5 x86 Thread Safe VC6 as Apache module |
| Database server | MySQL 5.5.10 |
| MediaWiki | MediaWiki 1.16.2 |
| SyntaxHighlight Extension for MediaWiki | SyntaxHighlight r50696 with GeSHi 1.0.8.6 |
Due to the astonishing decision of PHP to deliver the last binary built with VC6 for Windows with PHP 5.3.5, a fast change to PHP 5.3.6 built with VC9 is a problem for many administrators operating Windows in conjunction with Apache and PHP, because the whole webserver environment has to be built with VC9 – even for me it is a big problem, because I operate several very special Apache and PHP modules, which have to be rebuilt too. So I decided to switch back to PHP 5.2.17 for those virtual Apache hosts serving MediaWiki contents (invoked as CGI module). In PHP 5.2.17 everything is fine. So probably the error is gone in PHP 5.3.6 too, but at the moment I have no chance to verify that.
The following two errors are given in my system event log when Apache crashed:
Name der fehlerhaften Anwendung: httpd.exe, Version: 2.2.17.0, Zeitstempel: 0x4cbbe9e8
Name des fehlerhaften Moduls: php5ts.dll, Version: 5.3.5.0, Zeitstempel: 0x4d26013e
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x00172a76
ID des fehlerhaften Prozesses: 0x288f0
Startzeit der fehlerhaften Anwendung: 0x01cbf6c634583b6e
Pfad der fehlerhaften Anwendung: [censored]\Apache2.2\bin\httpd.exe
Pfad des fehlerhaften Moduls: [censored]\php-5.3.5\php5ts.dll
Berichtskennung: 76cdba97-62b9-11e0-8a69-00ff00000561Name der fehlerhaften Anwendung: httpd.exe, Version: 2.2.17.0, Zeitstempel: 0x4cbbe9e8
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695, Zeitstempel: 0x4cc7ab86
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00038db9
ID des fehlerhaften Prozesses: 0x28cd0
Startzeit der fehlerhaften Anwendung: 0x01cbf6c3f8969fac
Pfad der fehlerhaften Anwendung: [censored]\Apache2.2\bin\httpd.exe
Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung: 6ceddcff-62b7-11e0-8a69-00ff00000561I haven't filed any bug report for PHP yet, because I can't verify whether the bug exists in PHP 5.3.6 too or not. But it seems that an Apache crash is quite a common problem with PHP.
I appreciate any comments regarding this problem.
