php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #47675 File descriptor leaked due to HAVE_BROKEN_GETCWD
Submitted: 2009-03-16 14:07 UTC Modified: 2013-04-05 02:30 UTC
Votes:10
Avg. Score:4.5 ± 0.8
Reproduced:9 of 9 (100.0%)
Same Version:2 (22.2%)
Same OS:9 (100.0%)
From: cs at ecn dot purdue dot edu Assigned: rasmus
Status: Closed Package: Apache2 related
PHP Version: 5.2.9 OS: Solaris 10
Private report: No CVE-ID:
 [2009-03-16 14:07 UTC] cs at ecn dot purdue dot edu
Description:
------------
mod_php contains a potential file descriptor leak on Solaris 10 when 
script executes "exit()".

Reproduce code:
---------------
<?php exit(0); ?>

The change in behavior is due to the addition of HAVE_BROKEN_GETCWD for Solaris 10. In php_execute_script, a file descriptor is opened to hold the current working directory, but is not closed in the case where php code may not return to this function after executing a script. mod_php isn't aware of the resource that was allocated and not freed.

Expected result:
----------------
Normally web server runs for days without resource trouble. In the 
case where a PHP script does an "exit(0)", the web server will run 
out of file descriptors and will need restarting.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-03-16 16:21 UTC] jani@php.net
Apache1 or Apache2 ?
 [2009-03-16 16:25 UTC] cs at ecn dot purdue dot edu
I am using apache 2.2.11.
 [2009-06-22 00:18 UTC] dsp@php.net
Not enough information was provided for us to be able
to handle this bug. Please re-read the instructions at
http://bugs.php.net/how-to-report.php

If you can provide more information, feel free to add it
to this bug and change the status back to "Open".

Thank you for your interest in PHP.


I run OpenSolaris 2009.06 with Apache 2.2.11 and cannot reproduce this 
behavior. The old_cwd_fd is closed. ZEND_EXIT calls zend_bailout which 
jumps back to the end of the try/catch block in php_execute_script where 
the descriptor is closed.

Can you be more specific about the behavior you encountered?


 [2009-06-29 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2010-01-09 06:59 UTC] bryan at stansell dot org
I've encountered this problem using OpenSolaris (snv_115), apache 1.3.41 and php-5.2.12 (via mod_php5).  It was also a problem with php 5.2.9.  My apache processes continue to accumulate open files pointing to the directory which contains the php script.

I am using gcc 4.3.3, gnu as, and solaris ld.  It makes me wonder if it's a compiler-related thing.

I was also talking to a friend and we checked his httpd processes and saw the same file descriptor leak.  His setup is Solaris 9 (sparc), apache 1.3.41, php 4.4.8, and gcc 4.0.2.

I worked around my problem by unsetting HAVE_BROKEN_GETCWD.  I have a couple other ideas on possibly narrowing down the problem, but I haven't had a chance to try them.
 [2010-01-12 15:40 UTC] bryan at stansell dot org
I finally got a chance to test a theory.  Looks like the volatile attribute fixed things for me.

#if HAVE_BROKEN_GETCWD
        volatile int old_cwd_fd = -1;
#else

Once I added that, the setjmp/longjmp worked as expected.  I got the idea from the manpage on Solaris:

     The values of register and  automatic  variables  are  unde-
     fined.  Register  or automatic variables whose value must be
     relied upon must be declared as volatile.

Perhaps it's a gcc/gas/Solaris/x86 optimization somewhere that overlooked the case, but this is a workaround.  Of course, undefining HAVE_BROKEN_GETCWD for Solaris also works, if you have a web tree that isn't restricted in some way.
 [2010-08-08 10:20 UTC] php at marino dot st
I've been trying to track down this file descriptor leakage problem for months.  I was stuck on 5.2.8 because of it.  I confirm that the issue is specifically with Solaris 10.  I have opensolaris sxce nevada 130 locally and I've not seen FD leakage on it.

I confirm that patch suggested by bryan at stansell dot org seemed to correct the problem.  FYI, PHP was spawned and remains persistent for use with the Litespeed web server (uses the LSAPI interface), so it would run out of file descriptors between 1 and 12 hours on my site.  It's a bit disappointing that this error has been present for 5 releases and was never fixed.
 [2011-05-18 18:23 UTC] pyorke at joyent dot com
This still broken in PHP 5.3.3

When is it going to be fixed
 [2011-09-28 00:58 UTC] jsjohnst@php.net
I've heard that this was fixed in PHP 5.3.5. It's not listed in the release notes 
from what I can see, so can someone confirm if 5.3.5 addresses this issue?
 [2011-09-28 01:07 UTC] jsjohnst@php.net
-Status: No Feedback +Status: Re-Opened
 [2013-04-05 02:30 UTC] rasmus@php.net
-Status: Re-Opened +Status: Closed -Assigned To: +Assigned To: rasmus
 [2013-04-05 02:30 UTC] rasmus@php.net
Will be in the next batch of releases
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 17 16:02:22 2014 UTC