php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #75601 Thread race in PCRE JIT support
Submitted: 2017-11-30 14:23 UTC Modified: 2017-11-30 20:08 UTC
From: rperper at litespeedtech dot com Assigned: ab (profile)
Status: Closed Package: PCRE related
PHP Version: 7.2.0 OS: OpenSuSE
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: rperper at litespeedtech dot com
New email:
PHP Version: OS:

 

 [2017-11-30 14:23 UTC] rperper at litespeedtech dot com 
Description:
------------
I am a developer at LiteSpeed Technologies and am working on a thread-capable version of the PHP module to be included in the Open-LiteSpeed web server.  During load testing, using PCRE with JIT support enabled (the default) with the thread-sanitizer enabled, we detected a race condition in sljitUtils.c line 224.  It appears that there are unprotected globals which will never be successful in a multi-threaded environment.  We recommend protecting these globals with atomic functions, or in some other way to avoid the race conditions.

Test script:
---------------
Can not be reproduced in a script.

Actual result:
--------------
WARNING: ThreadSanitizer: data race (pid=49992)
  Read of size 8 at 0x7ffff4de1798 by thread T2 (mutexes: write M546):
    #0 sljit_allocate_stack /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/ext/pcre/pcrelib/sljit/sljitUtils.c:224 (mod_lsphp72.so+0x000000323c2f)
    #1 php_pcre_jit_stack_alloc /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/ext/pcre/pcrelib/pcre_jit_compile.c:11625 (mod_lsphp72.so+0x000000323b9f)
    #2 zm_activate_pcre /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/ext/pcre/php_pcre.c:229 (mod_lsphp72.so+0x00000037f31b)
    #3 zend_activate_modules /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/Zend/zend_API.c:2600 (mod_lsphp72.so+0x0000012ebfab)
    #4 php_request_startup /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/main/main.c:1696 (mod_lsphp72.so+0x0000010c528e)
    #5 lsiapi_module_main /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/sapi/mod_lsphp/mod_lsphp.c:1489 (mod_lsphp72.so+0x000001586250)
    #6 process_req /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/sapi/mod_lsphp/mod_lsphp.c:1536 (mod_lsphp72.so+0x0000015847c5)
    #7 mod_lsphp_begin_process /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/sapi/mod_lsphp/mod_lsphp.c:1667 (mod_lsphp72.so+0x00000157f3a0)
    #8 MtHandlerProcess(ls_lfnodei_s*) /home/user/proj/openlitespeed/src/lsiapi/modulehandler.cpp:46 (openlitespeed+0x00000088ced5)
    #9 WorkCrew::workerRoutine(CrewWorker*) /home/user/proj/openlitespeed/src/thread/workcrew.cpp:448 (openlitespeed+0x000000944a11)
    #10 CrewWorker::thr_main(void*) /home/user/proj/openlitespeed/src/thread/crewworker.cpp:36 (openlitespeed+0x00000094531e)
    #11 Thread::start_routine(void*) /home/user/proj/openlitespeed/src/thread/thread.cpp:43 (openlitespeed+0x000000942657)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-11-30 20:08 UTC] ab@php.net
-Status: Open +Status: Verified -Assigned To: +Assigned To: ab
 [2017-11-30 20:08 UTC] ab@php.net 
Confirmed. What is merely needed is to mutex protect the jit stack allocation, patching the bundled library is not needed. If you have a patch for this, please attach, otherwise i'm going to work on a fix next days.

Thanks.
 [2017-12-05 16:42 UTC] ab@php.net 
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=31b2b14a712f9a8e6beddec4522e12484259422b
Log: Fixed bug #75601 Thread race in PCRE JIT support
 [2017-12-05 16:42 UTC] ab@php.net
-Status: Verified +Status: Closed
 [2017-12-05 16:42 UTC] ab@php.net 
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=75a2ee7f7bad4d3bc7bc60c181eabcc6d58c7937
Log: Fixed bug #75601 Thread race in PCRE JIT support
 [2017-12-05 16:42 UTC] ab@php.net 
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=9cca85ff0760603dfa8ac58e1828f4c5ab3a5afe
Log: Fixed bug #75601 Thread race in PCRE JIT support
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Tue Jul 01 22:01:36 2025 UTC