php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #24189 big problem on stream function
Submitted: 2003-06-15 07:31 UTC Modified: 2004-09-17 16:56 UTC
From: anton at valuehost dot ru Assigned: wez (profile)
Status: Closed Package: Sockets related
PHP Version: 5CVS, 4CVS OS: FreeBSD 4.8
Private report: No CVE-ID: None
 [2003-06-15 07:31 UTC] anton at valuehost dot ru
Description:
------------
phpinfo:
http://v6test.valuehost.ru/phpinfo.php

The problem has the following character, after long work php as mod_php in apache, various variations of sockets, fsockopen, include, fopen and etc cease to work.

As did not work and curl, but it managed to be solved rebuild libcurl with FD_SETSIZE=16384 (sys/types.h).

Such sensation that descriptors come to an end.

At occurrence of this problem fsockopen starts to return a mistake " Operation now in progress "
Function include in general causes Segmentation fault (11)

Unfortunately there is no opportunity to include an option debug as ZendOptimazer does not work in debug a mode.


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-07-01 13:53 UTC] jorton at redhat dot com
This is a real bug.

The issue is that fd_set is a fixed-size array, and if FD_SET is passed an fd number greater than FD_SETSIZE, it has undefined behaviour, i.e. it overruns the array and corrupts memory.

All uses of select() in PHP look to be unsafe because of this.  The proper fix is to use poll() on platforms where it is available, and to always check that fd < FD_SETSIZE before using FD_SET.
 [2004-09-16 09:44 UTC] daniel at haxx dot se
Sorry, but the fix is not _that_ simple.

FD_SETSIZE is a maximum count. Not all operating systems keep the fd numbers in the sequence 0 - (MAX-1).

Microsoft Windows is one such exception AFAIK.

Thus. It is a lot harder than that to know if you have reached the FD_SETSIZE maximum in a platform independent way.
 [2004-09-16 13:45 UTC] wez@php.net
win32 is a different beast here, but we can work around it.
I've been giving this matter some thought; I might be able to cook up a fix in a weeks time.

 [2004-09-17 16:46 UTC] wez@php.net
Fixed in PHP 5 HEAD; tested on linux and win32, should also work on *bsd.
 [2004-09-17 16:56 UTC] wez@php.net
PS: this fix can't touch the libcurl internals, of course, just the uses of select(2) by PHP.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 12 23:01:36 2024 UTC