|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2016-07-02 15:20 UTC] cmb@php.net
[2021-08-16 14:37 UTC] cmb@php.net
-Status: Open
+Status: Feedback
-Assigned To:
+Assigned To: cmb
[2021-08-16 14:37 UTC] cmb@php.net
[2021-08-29 04:22 UTC] php-bugs at lists dot php dot net
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Wed Oct 29 13:00:01 2025 UTC |
Description: ------------ I've recompiled PHP in order to bypass the 1024 socket limit (FD_SETSIZE). The only change I've made is setting FD_SETSIZE to a higher value in:- /usr/include/linux/posix_types.h /usr/include/bits/typesizes.h When calling either socket_select() or stream_select() with more than 1024 handles in the read array, the script terminates with a buffer overflow error. Test script: --------------- $handles = array(); for($x = 0; $x < 1030; $x++){ $handle = socket_create(AF_INET, SOCK_STREAM, SOL_TCP) or die('Failed to create socket'); socket_connect($handle, '127.0.0.1', 80) or die('Failed to connect'); socket_set_nonblock($handle) or die('Failed to set non-block on socket'); $handles[] = $handle; } socket_select($handles, $w = null, $e = null, null, null); die('Done'); Expected result: ---------------- The test script should return "Done" Actual result: -------------- The script opens more than 1024 sockets successfully but when socket_select() is called it terminates with the following output:- *** buffer overflow detected ***: php terminated ======= Backtrace: ========= /lib64/libc.so.6(__fortify_fail+0x37)[0x7f08bf489b37] /lib64/libc.so.6(+0x10bcf0)[0x7f08bf487cf0] /lib64/libc.so.6(+0x10daa7)[0x7f08bf489aa7] /usr/lib64/php/modules/sockets.so(+0x586e)[0x7f08b0a1086e] /usr/lib64/php/modules/sockets.so(+0x5e45)[0x7f08b0a10e45] php(dtrace_execute_internal+0x2b)[0x7f08c282135b] php(+0x330844)[0x7f08c28da844] php(execute_ex+0x38)[0x7f08c286f138] php(dtrace_execute_ex+0x79)[0x7f08c2821239] php(zend_execute_scripts+0x18b)[0x7f08c2833f5b] php(php_execute_script+0x282)[0x7f08c27cf452] php(+0x332748)[0x7f08c28dc748] php(+0xbca2a)[0x7f08c2666a2a] /lib64/libc.so.6(__libc_start_main+0xf5)[0x7f08bf39db15] php(+0xbcac5)[0x7f08c2666ac5] ======= Memory map: ======== 7f08a8000000-7f08a8021000 rw-p 00000000 00:00 0 7f08a8021000-7f08ac000000 ---p 00000000 00:00 0 7f08af16f000-7f08af1b0000 rw-p 00000000 00:00 0 7f08af1b0000-7f08af1bc000 r-xp 00000000 fd:00 134350849 /usr/lib64/libnss_files-2.17.so 7f08af1bc000-7f08af3bb000 ---p 0000c000 fd:00 134350849 /usr/lib64/libnss_files-2.17.so 7f08af3bb000-7f08af3bc000 r--p 0000b000 fd:00 134350849 /usr/lib64/libnss_files-2.17.so 7f08af3bc000-7f08af3bd000 rw-p 0000c000 fd:00 134350849 /usr/lib64/libnss_files-2.17.so 7f08af3bd000-7f08af3c3000 rw-p 00000000 00:00 0 7f08af3c3000-7f08af3c4000 ---p 00000000 00:00 0 7f08af3c4000-7f08afbc4000 rw-p 00000000 00:00 0 7f08afbc4000-7f08afbdf000 r-xp 00000000 fd:00 204981416 /usr/lib64/php/modules/zip.so 7f08afbdf000-7f08afdde000 ---p 0001b000 fd:00 204981416 /usr/lib64/php/modules/zip.so 7f08afdde000-7f08afde0000 r--p 0001a000 fd:00 204981416 /usr/lib64/php/modules/zip.so 7f08afde0000-7f08afde1000 rw-p 0001c000 fd:00 204981416 /usr/lib64/php/modules/zip.so 7f08afde1000-7f08afdec000 r-xp 00000000 fd:00 204981415 /usr/lib64/php/modules/xml.so 7f08afdec000-7f08affeb000 ---p 0000b000 fd:00 204981415 /usr/lib64/php/modules/xml.so 7f08affeb000-7f08affed000 r--p 0000a000 fd:00 204981415 /usr/lib64/php/modules/xml.so 7f08affed000-7f08affee000 rw-p 0000c000 fd:00 204981415 /usr/lib64/php/modules/xml.so 7f08affee000-7f08afff2000 r-xp 00000000 fd:00 204682692 /usr/lib64/php/modules/tokenizer.so 7f08afff2000-7f08b01f1000 ---p 00004000 fd:00 204682692 /usr/lib64/php/modules/tokenizer.so 7f08b01f1000-7f08b01f2000 r--p 00003000 fd:00 204682692 /usr/lib64/php/modules/tokenizer.so 7f08b01f2000-7f08b01f3000 rw-p 00004000 fd:00 204682692 /usr/lib64/php/modules/tokenizer.so 7f08b01f3000-7f08b01f6000 r-xp 00000000 fd:00 204981426 /usr/lib64/php/modules/sysvshm.so 7f08b01f6000-7f08b03f5000 ---p 00003000 fd:00 204981426 /usr/lib64/php/modules/sysvshm.so 7f08b03f5000-7f08b03f6000 r--p 00002000 fd:00 204981426 /usr/lib64/php/modules/sysvshm.so 7f08b03f6000-7f08b03f7000 rw-p 00003000 fd:00 204981426 /usr/lib64/php/modules/sysvshm.so 7f08b03f7000-7f08b03f9000 r-xp 00000000 fd:00 204981424 /usr/lib64/php/modules/sysvsem.so 7f08b03f9000-7f08b05f8000 ---p 00002000 fd:00 204981424 /usr/lib64/php/modules/sysvsem.so 7f08b05f8000-7f08b05f9000 r--p 00001000 fd:00 204981424 /usr/lib64/php/modules/sysvsem.so 7f08b05f9000-7f08b05fa000 rw-p 00002000 fd:00 204981424 /usr/lib64/php/modules/sysvsem.so 7f08b05fa000-7f08b05fd000 r-xp 00000000 fd:00 204981423 /usr/lib64/php/modules/sysvmsg.so 7f08b05fd000-7f08b07fd000 ---p 00003000 fd:00 204981423 /usr/lib64/php/modules/sysvmsg.so 7f08b07fd000-7f08b07fe000 r--p 00003000 fd:00 204981423 /usr/lib64/php/modules/sysvmsg.so 7f08b07fe000-7f08b07ff000 rw-p 00004000 fd:00 204981423 /usr/lib64/php/modules/sysvmsg.so 7f08b07ff000-7f08b080a000 r-xp 00000000 fd:00 204981442 /usr/lib64/php/modules/sqlite3.so 7f08b080a000-7f08b0a09000 ---p 0000b000 fd:00 204981442 /usr/lib64/php/modules/sqlite3.so 7f08b0a09000-7f08b0a0a000 r--p 0000a000 fd:00 204981442 /usr/lib64/php/modules/sqlite3.so 7f08b0a0a000-7f08b0a0b000 rw-p 0000b000 fd:00 204981442 /usr/lib64/php/modules/sqlite3.so 7f08b0a0b000-7f08b0a1e000 r-xp 00000000 fd:00 204142194 /usr/lib64/php/modules/sockets.so 7f08b0a1e000-7f08b0c1e000 ---p 00013000 fd:00 204142194 /usr/lib64/php/modules/sockets.so 7f08b0c1e000-7f08b0c20000 r--p 00013000 fd:00 204142194 /usr/lib64/php/modules/sockets.so 7f08b0c20000-7f08b0c21000 rw-p 00015000 fd:00 204142194 /usr/lib64/php/modules/sockets.so 7f08b0c21000-7f08b0c2c000 r-xp 00000000 fd:00 202964585 /usr/lib64/php/modules/simplexml.so 7f08b0c2c000-7f08b0e2c000 ---p 0000b000 fd:00 202964585 /usr/lib64/php/modules/simplexml.so 7f08b0e2c000-7f08b0e2d000 r--p 0000b000 fd:00 202964585 /usr/lib64/php/modules/simplexml.so 7f08b0e2d000-7f08b0e2e000 rw-p 0000c000 fd:00 202964585 /usr/lib64/php/modules/simplexml.so 7f08b0e2e000-7f08b0e30000 r-xp 00000000 fd:00 202780726 /usr/lib64/php/modules/shmop.so 7f08b0e30000-7f08b1030000 ---p 00002000 fd:00 202780726 /usr/lib64/php/modules/shmop.so 7f08b1030000-7f08b1031000 r--p 00002000 fd:00 202780726 /usr/lib64/php/modules/shmop.so 7f08b1031000-7f08b1032000 rw-p 00003000 fd:00 202780726 /usr/lib64/php/modules/shmop.so 7f08b1032000-7f08b1038000 r-xp 00000000 fd:00 204981422 /usr/lib64/php/modules/posix.so 7f08b1038000-7f08b1238000 ---p 00006000 fd:00 204981422 /usr/lib64/php/modules/posix.so 7f08b1238000-7f08b1239000 r--p 00006000 fd:00 204981422 /usr/lib64/php/modules/posix.so 7f08b1239000-7f08b123a000 rw-p 00007000 fd:00 204981422 /usr/lib64/php/modules/posix.so 7f08b123a000-7f08b1279000 r-xp 00000000 fd:00 202780725 /usr/lib64/php/modules/phar.so 7f08b1279000-7f08b1478000 ---p 0003f000 fd:00 202780725 /usr/lib64/php/modules/phar.so 7f08b1478000-7f08b147a000 r--p 0003e000 fd:00 202780725 /usr/lib64/php/modules/phar.so 7f08b147a000-7f08b147c000 rw-p 00040000 fd:00 202780725 /usr/lib64/php/modules/phar.so 7f08b147c000-7f08b152d000 r-xp 00000000 fd:00 135344360 /usr/lib64/libsqlite3.so.0.8.6 7f08b152d000-7f08b172c000 ---p 000b1000 fd:00 135344360 /usr/lib64/libsqlite3.so.0.8.6Aborted (core dumped)