|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #19627 IPC sem_remove SIGSEGV
Submitted: 2002-09-26 23:12 UTC Modified: 2002-09-27 05:30 UTC
From: malekjo at aphrodite dot com Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 4.2.3 OS: Linux 2.4.18-10 Kernel
Private report: No CVE-ID:
 [2002-09-26 23:12 UTC] malekjo at aphrodite dot com
Here's my php environment

[joe@willyslide joe]$ php -m
Running PHP 4.2.3
Zend Engine v1.2.0, Copyright (c) 1998-2002 Zend Technologies

[PHP Modules]
xml, wddx, sysvshm, sysvsem, standard, sockets, session, posix, pcre, openssl, mysql, ftp, ctype, calendar, bcmath, zlib

'./configure' '--prefix=/usr' '--enable-debug' '--with-openssl' '--enable-sockets' '--with-regex=system' '--enable-inline-optimization' '--with- config-file-path=/etc' '--with-zlib' '--enable-bcmath' '--enable-calendar' '-- enable-ftp' '--with-mysql' '--enable-sysvshm' '--enable-sysvsem' '-- enable-wddx' '--enable-memory-limit'

My issue

sem_remove() seg.faults when called.  I'm trying to write a script for creating unique serial numbers on the fly.

(gdb) run -e ../serial.php4 
Starting program: /usr//bin/php -e ../serial.php4
X-Powered-By: PHP/4.2.3
Content-type: text/html

got semkey: 1628011873
semID: 1
got sem 1
MD5: 0a5d400ea944a83abe69221024433f56
released sem

Program received signal SIGSEGV, Segmentation fault.
0x08101e3b in zif_sem_remove (ht=1032230416, return_value=0x0, 
    this_ptr=0x3d86960f, return_value_used=0) at sysvsem.c:392
392             if(semctl(sem_ptr->semid, 0, IPC_RMID, &un) < 0) {
(gdb) bt
#0  0x08101e3b in zif_sem_remove (ht=1032230416, return_value=0x0, 
    this_ptr=0x3d86960f, return_value_used=0) at sysvsem.c:392
(gdb) print sem_ptr
$1 = (sysvsem_sem *) 0x0

It would appear that somewhere in the code behind sem_remove($semId) the sem_ptr->semid is NULL? 

My php code


$semKey = ftok("php-serial.ipc",'a');

$semId = sem_get($semKey, 1, 0666);
if ($semId === FALSE) {
  echo "missed semkey\n";
else {
  echo "got semkey: $semKey\n";
  echo "semID: $semId\n";

$semAcquired = sem_acquire($semId);
if ($semAcquired === FALSE) {
  echo "missed sem acquisition\n";
else echo "got sem $semAcquired\n";

// this probably is not SMP safe without the semaphore
$str = md5(uniqid(rand(),1));

echo "MD5: $str\n";
$r = sem_release($semId);
if ($r === FALSE) {
   echo "didn't release sem";
else echo "released sem\n";

/* SIGSEGV in sem_remove, so we'll not do it now
$r = sem_remove($semId);
if ($r === FALSE) {
  echo "didn't remove sem\n";
else echo "removed sem\n";


echo "\n\nDONE\n\n";


I've had the same problem on PHP 4.1.2 (where I originally found it) on Red Hat 7.3 with the PHP RPM installed and 'up2date'd.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2002-09-27 04:39 UTC]
Verified with current CVS.

BTW: you probably shouldn't be removing the semaphore when your script is successful anyway, especially if your ID generating script is run quite often (be kind to your hardware :-).

 [2002-09-27 05:30 UTC]
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at
In case this was a documentation problem, the fix will show up soon at

In case this was a website problem, the change will show
up on the site and on the mirror sites in short time.
Thank you for the report, and for helping us make PHP better.

PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Wed Nov 25 10:02:22 2015 UTC