ID: 28568
User updated by: novicky at aarongroup dot cz
Reported By: novicky at aarongroup dot cz
Status: Bogus
Bug Type: Reproducible crash
Operating System: win32
PHP Version: 4.3.7RC1
New Comment:
It does change at least in MBSTRING module where post handlers are
being registered.
We have debugged crash of PHP as IIS isapi module and there was a
problem with different threads manipulates the same memory of
known_post_content_types.
Previous Comments:
------------------------------------------------------------------------
[2004-05-30 19:47:30] [EMAIL PROTECTED]
It is safe because it does not actually change.
------------------------------------------------------------------------
[2004-05-29 15:07:41] novicky at aarongroup dot cz
Description:
------------
Variable known_post_content_types used in SAPI.c is declared as static
which is not thread safe and can lead to crash under multithread
webservers like IIS.
Here is a patch for SAPI.h and SAPI.c
--- php-4.3.7RC1.orig/main/SAPI.h 2003-04-09 22:27:55.000000000 +0200
+++ php-4.3.7RC1/main/SAPI.h 2004-05-26 10:08:34.000000000 +0200
@@ -120,6 +120,7 @@
long post_max_size;
int options;
zend_bool sapi_started;
+ HashTable known_post_content_types;
} sapi_globals_struct;
--- php-4.3.7RC1.orig/main/SAPI.c 2004-03-27 02:45:44.000000000 +0100
+++ php-4.3.7RC1/main/SAPI.c 2004-05-29 14:34:47.000000000 +0200
@@ -48,7 +48,6 @@
#include "php_content_types.h"
-static HashTable known_post_content_types;
#ifdef ZTS
SAPI_API int sapi_globals_id;
@@ -59,6 +58,11 @@
static void sapi_globals_ctor(sapi_globals_struct *sapi_globals
TSRMLS_DC)
{
memset(sapi_globals, 0, sizeof(*sapi_globals));
+ zend_hash_init_ex(&SG(known_post_content_types), 5, NULL, NULL, 1,
0);
+}
+
+static void sapi_globals_dtor(sapi_globals_struct *sapi_globals
TSRMLS_DC) {
+ zend_hash_destroy(&SG(known_post_content_types));
}
/* True globals (no need for thread safety) */
@@ -68,10 +72,9 @@
SAPI_API void sapi_startup(sapi_module_struct *sf)
{
sapi_module = *sf;
- zend_hash_init_ex(&known_post_content_types, 5, NULL, NULL, 1, 0);
#ifdef ZTS
- ts_allocate_id(&sapi_globals_id, sizeof(sapi_globals_struct),
(ts_allocate_ctor) sapi_globals_ctor, NULL);
+ ts_allocate_id(&sapi_globals_id, sizeof(sapi_globals_struct),
(ts_allocate_ctor) sapi_globals_ctor,
(ts_allocate_dtor)sapi_globals_dtor);
#else
sapi_globals_ctor(&sapi_globals TSRMLS_CC);
#endif
@@ -98,7 +101,6 @@
tsrm_win32_shutdown();
#endif
- zend_hash_destroy(&known_post_content_types);
}
@@ -151,7 +153,7 @@
}
/* now try to find an appropriate POST content handler */
- if (zend_hash_find(&known_post_content_types, content_type,
content_type_length+1, (void **) &post_entry)==SUCCESS) {
+ if (zend_hash_find(&SG(known_post_content_types), content_type,
content_type_length+1, (void **) &post_entry)==SUCCESS) {
/* found one, register it for use */
SG(request_info).post_entry = post_entry;
post_reader_func = post_entry->post_reader;
@@ -795,12 +797,14 @@
SAPI_API int sapi_register_post_entry(sapi_post_entry *post_entry)
{
- return zend_hash_add(&known_post_content_types,
post_entry->content_type, post_entry->content_type_len+1, (void *)
post_entry, sizeof(sapi_post_entry), NULL);
+ TSRMLS_FETCH();
+ return zend_hash_add(&SG(known_post_content_types),
post_entry->content_type, post_entry->content_type_len+1, (void *)
post_entry, sizeof(sapi_post_entry), NULL);
}
SAPI_API void sapi_unregister_post_entry(sapi_post_entry *post_entry)
{
- zend_hash_del(&known_post_content_types, post_entry->content_type,
post_entry->content_type_len+1);
+ TSRMLS_FETCH();
+ zend_hash_del(&SG(known_post_content_types),
post_entry->content_type, post_entry->content_type_len+1);
}
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=28568&edit=1
