php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #19627 IPC sem_remove SIGSEGV
Submitted: 2002-09-26 23:12 UTC Modified: 2002-09-27 05:30 UTC
From: malekjo at aphrodite dot com Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 4.2.3 OS: Linux 2.4.18-10 Kernel
Private report: No CVE-ID:
 [2002-09-26 23:12 UTC] malekjo at aphrodite dot com
Here's my php environment
*************************

[joe@willyslide joe]$ php -m
Running PHP 4.2.3
Zend Engine v1.2.0, Copyright (c) 1998-2002 Zend Technologies

[PHP Modules]
xml, wddx, sysvshm, sysvsem, standard, sockets, session, posix, pcre, openssl, mysql, ftp, ctype, calendar, bcmath, zlib

'./configure' '--prefix=/usr' '--enable-debug' '--with-openssl' '--enable-sockets' '--with-regex=system' '--enable-inline-optimization' '--with- config-file-path=/etc' '--with-zlib' '--enable-bcmath' '--enable-calendar' '-- enable-ftp' '--with-mysql' '--enable-sysvshm' '--enable-sysvsem' '-- enable-wddx' '--enable-memory-limit'

My issue
*********

sem_remove() seg.faults when called.  I'm trying to write a script for creating unique serial numbers on the fly.

(gdb) run -e ../serial.php4 
Starting program: /usr//bin/php -e ../serial.php4
X-Powered-By: PHP/4.2.3
Content-type: text/html

got semkey: 1628011873
semID: 1
got sem 1
MD5: 0a5d400ea944a83abe69221024433f56
released sem

Program received signal SIGSEGV, Segmentation fault.
0x08101e3b in zif_sem_remove (ht=1032230416, return_value=0x0, 
    this_ptr=0x3d86960f, return_value_used=0) at sysvsem.c:392
392             if(semctl(sem_ptr->semid, 0, IPC_RMID, &un) < 0) {
(gdb) bt
#0  0x08101e3b in zif_sem_remove (ht=1032230416, return_value=0x0, 
    this_ptr=0x3d86960f, return_value_used=0) at sysvsem.c:392
(gdb) print sem_ptr
$1 = (sysvsem_sem *) 0x0

*************************************************
It would appear that somewhere in the code behind sem_remove($semId) the sem_ptr->semid is NULL? 
*************************************************

My php code
***********

<?php

$semKey = ftok("php-serial.ipc",'a');

$semId = sem_get($semKey, 1, 0666);
if ($semId === FALSE) {
  echo "missed semkey\n";
  exit();
} 
else {
  echo "got semkey: $semKey\n";
  echo "semID: $semId\n";
}

$semAcquired = sem_acquire($semId);
if ($semAcquired === FALSE) {
  echo "missed sem acquisition\n";
  sem_remove($semId);
  exit(3);
}
else echo "got sem $semAcquired\n";
sleep(1);

// this probably is not SMP safe without the semaphore
$str = md5(uniqid(rand(),1));

echo "MD5: $str\n";
$r = sem_release($semId);
if ($r === FALSE) {
   echo "didn't release sem";
   exit(1);
 }
else echo "released sem\n";

/* SIGSEGV in sem_remove, so we'll not do it now
$r = sem_remove($semId);
if ($r === FALSE) {
  echo "didn't remove sem\n";
  exit(1);
}
else echo "removed sem\n";

*/

echo "\n\nDONE\n\n";

?>

I've had the same problem on PHP 4.1.2 (where I originally found it) on Red Hat 7.3 with the PHP RPM installed and 'up2date'd.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-09-27 04:39 UTC] wez@php.net
Verified with current CVS.

BTW: you probably shouldn't be removing the semaphore when your script is successful anyway, especially if your ID generating script is run quite often (be kind to your hardware :-).


 [2002-09-27 05:30 UTC] wez@php.net
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sat Apr 19 22:02:16 2014 UTC