SIGALRM cause segfault in php_error_cb
| Bug #60038 | SIGALRM cause segfault in php_error_cb | ||||
|---|---|---|---|---|---|
| Submitted: | 2011-10-11 09:13 UTC | Modified: | 2011-10-16 06:03 UTC | ||
| From: | laruence@php.net | Assigned: | laruence (profile) | ||
| Status: | Closed | Package: | Scripting Engine problem | ||
| PHP Version: | 5.4.0beta1 | OS: | |||
| Private report: | No | CVE-ID: | None | ||
[2011-10-11 09:13 UTC] laruence@php.net
Description:
------------
in php_error_cb:
freeing PG(last_error_message) and PG(last_error_file) without blocking alarm
signal.
so there is a chance that php will segfault when max_execution_time limit
reachead.
since zend_signal was introduced in PHP 5.4, so I think it's okey to add signal
block mechanism for this codes.
Test script:
---------------
<?php
error_reporting(E_ALL|E_NOTICE);
set_time_limit(1);
while(1) {
$a = $arr['index_miss'];
}
?>
do following steps:
1. gdb php
2. b php_error_cb
3. r "above script"
4. when breakpoint reach:
893 if (PG(last_error_message)) {
(gdb)
894 free(PG(last_error_message));
5. signal SIGPROF
6. next (*n)
*** glibc detected *** double free or corruption (fasttop): 0x0000000001207ca0 ***
Expected result:
----------------
no segfault
Actual result:
--------------
segfault
Patches
bug60038.patch (last revision 2011-10-13 00:42 UTC by laruence@php.net)Pull Requests
History
AllCommentsChangesGit/SVN commits
[2011-10-11 09:31 UTC] laruence@php.net
[2011-10-13 00:44 UTC] laruence@php.net
[2011-10-16 06:03 UTC] laruence@php.net
-Status: Assigned +Status: Closed -PHP Version: 5.3.8 +PHP Version: 5.4.0beta1