PHP :: Bug #19627 :: IPC sem

PHP :: Bug #19627 :: IPC sem_remove SIGSEGV

Bug #19627	IPC sem_remove SIGSEGV
Submitted:	2002-09-26 23:12 UTC	Modified:	2002-09-27 05:30 UTC
From:	malekjo at aphrodite dot com	Assigned:
Status:	Closed	Package:	Reproducible crash
PHP Version:	4.2.3	OS:	Linux 2.4.18-10 Kernel
Private report:	No	CVE-ID:	None

[2002-09-26 23:12 UTC] malekjo at aphrodite dot com

Here's my php environment
*************************

[joe@willyslide joe]$ php -m
Running PHP 4.2.3
Zend Engine v1.2.0, Copyright (c) 1998-2002 Zend Technologies

[PHP Modules]
xml, wddx, sysvshm, sysvsem, standard, sockets, session, posix, pcre, openssl, mysql, ftp, ctype, calendar, bcmath, zlib

'./configure' '--prefix=/usr' '--enable-debug' '--with-openssl' '--enable-sockets' '--with-regex=system' '--enable-inline-optimization' '--with- config-file-path=/etc' '--with-zlib' '--enable-bcmath' '--enable-calendar' '-- enable-ftp' '--with-mysql' '--enable-sysvshm' '--enable-sysvsem' '-- enable-wddx' '--enable-memory-limit'

My issue
*********

sem_remove() seg.faults when called.  I'm trying to write a script for creating unique serial numbers on the fly.

(gdb) run -e ../serial.php4 
Starting program: /usr//bin/php -e ../serial.php4
X-Powered-By: PHP/4.2.3
Content-type: text/html

got semkey: 1628011873
semID: 1
got sem 1
MD5: 0a5d400ea944a83abe69221024433f56
released sem

Program received signal SIGSEGV, Segmentation fault.
0x08101e3b in zif_sem_remove (ht=1032230416, return_value=0x0, 
    this_ptr=0x3d86960f, return_value_used=0) at sysvsem.c:392
392             if(semctl(sem_ptr->semid, 0, IPC_RMID, &un) < 0) {
(gdb) bt
#0  0x08101e3b in zif_sem_remove (ht=1032230416, return_value=0x0, 
    this_ptr=0x3d86960f, return_value_used=0) at sysvsem.c:392
(gdb) print sem_ptr
$1 = (sysvsem_sem *) 0x0

*************************************************
It would appear that somewhere in the code behind sem_remove($semId) the sem_ptr->semid is NULL? 
*************************************************

My php code
***********

<?php

$semKey = ftok("php-serial.ipc",'a');

$semId = sem_get($semKey, 1, 0666);
if ($semId === FALSE) {
  echo "missed semkey\n";
  exit();
} 
else {
  echo "got semkey: $semKey\n";
  echo "semID: $semId\n";
}

$semAcquired = sem_acquire($semId);
if ($semAcquired === FALSE) {
  echo "missed sem acquisition\n";
  sem_remove($semId);
  exit(3);
}
else echo "got sem $semAcquired\n";
sleep(1);

// this probably is not SMP safe without the semaphore
$str = md5(uniqid(rand(),1));

echo "MD5: $str\n";
$r = sem_release($semId);
if ($r === FALSE) {
   echo "didn't release sem";
   exit(1);
 }
else echo "released sem\n";

/* SIGSEGV in sem_remove, so we'll not do it now
$r = sem_remove($semId);
if ($r === FALSE) {
  echo "didn't remove sem\n";
  exit(1);
}
else echo "removed sem\n";

*/

echo "\n\nDONE\n\n";

?>

I've had the same problem on PHP 4.1.2 (where I originally found it) on Red Hat 7.3 with the PHP RPM installed and 'up2date'd.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-09-27 04:39 UTC] wez@php.net

Verified with current CVS.

BTW: you probably shouldn't be removing the semaphore when your script is successful anyway, especially if your ID generating script is run quite often (be kind to your hardware :-).

[2002-09-27 05:30 UTC] wez@php.net

This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.