From: slangley at google dot com Operating system: N/A PHP version: 5.4.14 Package: XSLT related Bug Type: Bug Bug description:The XSLT extension is not thread safe.
Description: ------------ ThreadSanitizer has detected a data race in php_xsl.c. The function xsltSetGenericErrorFunc is not thread safe, yet it can be accessed concurrently by separate threads from the request INIT & SHUTDOWN handlers in the xslt extension. /* {{{ PHP_RINIT_FUNCTION */ PHP_RINIT_FUNCTION(xsl) { xsltSetGenericErrorFunc(NULL, php_libxml_error_handler); return SUCCESS; } /* }}} */ /* {{{ PHP_RSHUTDOWN_FUNCTION */ PHP_RSHUTDOWN_FUNCTION(xsl) { xsltSetGenericErrorFunc(NULL, NULL); return SUCCESS; } xsltSetGenericErrorFunc uses two global variables to record state, with no protection against concurrent access. from xsltutils.c xmlGenericErrorFunc xsltGenericError = xsltGenericErrorDefaultFunc; void *xsltGenericErrorContext = NULL; /** * xsltSetGenericErrorFunc: * @ctx: the new error handling context * @handler: the new handler function * * Function to reset the handler and the error context for out of * context error messages. * This simply means that @handler will be called for subsequent * error messages while not parsing nor validating. And @ctx will * be passed as first argument to @handler * One can simply force messages to be emitted to another FILE * than * stderr by setting @ctx to this file handle and @handler to NULL. */ void xsltSetGenericErrorFunc(void *ctx, xmlGenericErrorFunc handler) { xsltGenericErrorContext = ctx; if (handler != NULL) xsltGenericError = handler; else xsltGenericError = xsltGenericErrorDefaultFunc; } Calling xsltSetGenericErrorFunc from the module initializer should solve this problem. Test script: --------------- build PHP with --enable-maintainer-zts. Execute concurrent requests. -- Edit bug report at https://bugs.php.net/bug.php?id=64776&edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=64776&r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=64776&r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=64776&r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=64776&r=fixed Fixed in release: https://bugs.php.net/fix.php?id=64776&r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=64776&r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=64776&r=needscript Try newer version: https://bugs.php.net/fix.php?id=64776&r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=64776&r=support Expected behavior: https://bugs.php.net/fix.php?id=64776&r=notwrong Not enough info: https://bugs.php.net/fix.php?id=64776&r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=64776&r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=64776&r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=64776&r=php4 Daylight Savings: https://bugs.php.net/fix.php?id=64776&r=dst IIS Stability: https://bugs.php.net/fix.php?id=64776&r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=64776&r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=64776&r=float No Zend Extensions: https://bugs.php.net/fix.php?id=64776&r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=64776&r=mysqlcfg