php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #64776 The XSLT extension is not thread safe.
Submitted: 2013-05-05 10:48 UTC Modified: -
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: slangley at google dot com Assigned:
Status: Closed Package: XSLT related
PHP Version: 5.4.14 OS: N/A
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: slangley at google dot com
New email:
PHP Version: OS:

 

 [2013-05-05 10:48 UTC] slangley at google dot com 
Description:
------------
ThreadSanitizer has detected a data race in php_xsl.c.

The function xsltSetGenericErrorFunc is not thread safe, yet it can be accessed 
concurrently by separate threads from the request INIT & SHUTDOWN handlers in the 
xslt extension.


/* {{{ PHP_RINIT_FUNCTION
 */
PHP_RINIT_FUNCTION(xsl)
{
	xsltSetGenericErrorFunc(NULL, php_libxml_error_handler);
	return SUCCESS;
}
/* }}} */

/* {{{ PHP_RSHUTDOWN_FUNCTION
 */
PHP_RSHUTDOWN_FUNCTION(xsl)
{
	xsltSetGenericErrorFunc(NULL, NULL);
	return SUCCESS;
}

xsltSetGenericErrorFunc uses two global variables to record state, with no 
protection against concurrent access.


from xsltutils.c

xmlGenericErrorFunc xsltGenericError = xsltGenericErrorDefaultFunc;
void *xsltGenericErrorContext = NULL;


/**
 * xsltSetGenericErrorFunc:
 * @ctx:  the new error handling context
 * @handler:  the new handler function
 *
 * Function to reset the handler and the error context for out of
 * context error messages.
 * This simply means that @handler will be called for subsequent
 * error messages while not parsing nor validating. And @ctx will
 * be passed as first argument to @handler
 * One can simply force messages to be emitted to another FILE * than
 * stderr by setting @ctx to this file handle and @handler to NULL.
 */
void
xsltSetGenericErrorFunc(void *ctx, xmlGenericErrorFunc handler) {
    xsltGenericErrorContext = ctx;
    if (handler != NULL)
	xsltGenericError = handler;
    else
	xsltGenericError = xsltGenericErrorDefaultFunc;
}

Calling xsltSetGenericErrorFunc from the module initializer should solve this 
problem.

Test script:
---------------
build PHP with --enable-maintainer-zts.

Execute concurrent requests.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-12-02 14:01 UTC] mike@php.net 
Automatic comment on behalf of mike
Revision: http://git.php.net/?p=php-src.git;a=commit;h=7cd702640de648a4fd5d49234b9ce4704c007f5d
Log: Fix Bug #64776 	The XSLT extension is not thread safe.
 [2013-12-02 14:01 UTC] mike@php.net
-Status: Open +Status: Closed
 [2013-12-02 16:51 UTC] ab@php.net 
Automatic comment on behalf of mike
Revision: http://git.php.net/?p=php-src.git;a=commit;h=7cd702640de648a4fd5d49234b9ce4704c007f5d
Log: Fix Bug #64776 	The XSLT extension is not thread safe.
 [2014-01-17 21:59 UTC] bwoebi@php.net 
Automatic comment on behalf of mike
Revision: http://git.php.net/?p=php-src.git;a=commit;h=7cd702640de648a4fd5d49234b9ce4704c007f5d
Log: Fix Bug #64776 	The XSLT extension is not thread safe.
 [2014-02-06 08:43 UTC] bwoebi@php.net 
Automatic comment on behalf of mike
Revision: http://git.php.net/?p=php-src.git;a=commit;h=7cd702640de648a4fd5d49234b9ce4704c007f5d
Log: Fix Bug #64776 	The XSLT extension is not thread safe.
 [2016-07-20 11:41 UTC] davey@php.net 
Automatic comment on behalf of mike
Revision: http://git.php.net/?p=php-src.git;a=commit;h=7cd702640de648a4fd5d49234b9ce4704c007f5d
Log: Fix Bug #64776 	The XSLT extension is not thread safe.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Tue Dec 03 17:01:29 2024 UTC