ID: 29915
Updated by: [EMAIL PROTECTED]
Reported By: test dot 007 at seznam dot cz
-Status: Assigned
+Status: Closed
Bug Type: Reproducible crash
Operating System: *
PHP Version: 4CVS, 5CVS (2005-03-09)
Assigned To: andi
New Comment:
Fixed in CVS (picked Moriyoshi's approach to be on the safe side)
Previous Comments:
------------------------------------------------------------------------
[2005-03-19 23:52:22] [EMAIL PROTECTED]
- tsrm_mutex_unlock(tsmm_mutex);
if (tsrm_new_thread_end_handler) {
tsrm_new_thread_end_handler(thread_id,
&((*thread_resources_ptr)->storage));
}
+ tsrm_mutex_unlock(tsmm_mutex);
}
IMO simply putting the mutex release point ahead would
make more sense..
------------------------------------------------------------------------
[2005-03-19 22:38:19] [EMAIL PROTECTED]
Again a patch, can you review it or do I blindly commit it?
------------------------------------------------------------------------
[2005-03-08 15:29:49] test dot 007 at seznam dot cz
--- TSRM/TSRM.c 2004-05-23 19:05:10.000000000 +0200
+++ TSRM/TSRM.c 2005-03-08 14:36:33.250000000 +0100
@@ -260,9 +260,11 @@
static void allocate_new_resource(tsrm_tls_entry
**thread_resources_ptr, THREAD_T thread_id)
{
int i;
+ tsrm_tls_entry *new_resource;
TSRM_ERROR((TSRM_ERROR_LEVEL_CORE, "Creating data structures for
thread %x", thread_id));
(*thread_resources_ptr) = (tsrm_tls_entry *)
malloc(sizeof(tsrm_tls_entry));
+ new_resource = (*thread_resources_ptr);
(*thread_resources_ptr)->storage = (void **) malloc(sizeof(void
*)*id_count);
(*thread_resources_ptr)->count = id_count;
(*thread_resources_ptr)->thread_id = thread_id;
@@ -299,7 +301,7 @@
tsrm_mutex_unlock(tsmm_mutex);
if (tsrm_new_thread_end_handler) {
- tsrm_new_thread_end_handler(thread_id,
&((*thread_resources_ptr)->storage));
+ tsrm_new_thread_end_handler(thread_id,
&(new_resource->storage));
}
}
http://test-007.webpark.cz/php29915.u.patch
As I already explained, it may crash with any scripts, it only needs
many concurrent threads, thus I can't give you a good example script.
------------------------------------------------------------------------
[2005-03-07 21:35:28] [EMAIL PROTECTED]
Please provide any patches in unified diff format (diff -u)
and also, put them online somewhere where we can download them.
Can you also give some short example script which illustrates the
problem this patch supposedly fixes?
------------------------------------------------------------------------
[2005-02-16 16:48:31] test dot 007 at seznam dot cz
Hello Tony,
I found the bug in 4.3.8, but I've checked sources of PHP5 (a link you
provided), and the bug is still present in both 4.x and 5.x.
The bug only occurs if there are more PHP threads running, and you have
a bad luck. It is unrelated to a PHP script, it can crash with any
script(s) => I can't provide you with a particular "crashing" or even
"crashes here" script.
To sum up the problem, allocate_new_resource() uses a resource a
microsecond after it has unlocked a mutex. If another thread removes
the resource during the microsecond, crash.
tsrm_mutex_unlock(tsmm_mutex);
if (tsrm_new_thread_end_handler) {
tsrm_new_thread_end_handler(thread_id,
&((*thread_resources_ptr)->storage));
My patch is obviously harmless, and, believe me, it helps :-)
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/29915
--
Edit this bug report at http://bugs.php.net/?id=29915&edit=1
