php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #51424 crypt() function hangs after 3rd call
Submitted: 2010-03-29 12:30 UTC Modified: 2010-08-08 16:18 UTC
Votes:4
Avg. Score:4.2 ± 0.8
Reproduced:4 of 4 (100.0%)
Same Version:4 (100.0%)
Same OS:4 (100.0%)
From: laacz at laacz dot lv Assigned: pajoye
Status: Closed Package: Strings related
PHP Version: 5.3.2 OS: *
Private report: No CVE-ID:
 [2010-03-29 12:30 UTC] laacz at laacz dot lv
Description:
------------
When calling crypt() function more than once, it hangs after third call to it.

Configure parameters:

$ php -i | grep configure
Configure Command =>  './configure'  '--enable-bcmath' '--enable-soap' '--with-
pgsql' '--with-ldap' '--enable-sqlite-utf8' '--with-apxs2=/usr/bin/apxs2' '--
prefix=/usr/local' '--with-pdo-mysql' '--with-config-file-path=/etc/httpd' '--
with-openssl=/usr' '--with-mysql=mysqlnd' '--with-mysqli=mysqlnd' '--with-pdo-
mysql=mysqlnd' '--enable-zip' '--localstatedir=/var' '--enable-ftp' '--with-
jpeg-dir=/usr' '--with-gd' '--enable-sockets' '--with-zlib-dir=/usr' '--with-
xmlrpc' '--enable-mbstring=all' '--with-iconv' '--with-gettext' '--with-
imap=/usr' '--with-imap-ssl=/usr' '--with-curl' '--with-mcrypt=/usr/local' '--
with-freetype-dir=/usr/include/freetype2' '--enable-gd-native-ttf' '--with-
mssql' '--with-snmp' '--with-kerberos' '--enable-maintainer-zts' '--enable-
pcntl'

Compiled in and loaded modules (from get_loaded_extensions()): Core, date, ereg, 
libxml, openssl, pcre, sqlite3, zlib, bcmath, ctype, curl, dom, fileinfo, 
filter, ftp, gd, gettext, hash, iconv, session, json, ldap, mbstring, mcrypt, 
mssql, standard, SPL, pcntl, PDO, mysqlnd, pdo_sqlite, pgsql, Phar, posix, 
Reflection, pdo_mysql, SimpleXML, snmp, soap, sockets, mysqli, SQLite, imap, 
tokenizer, xml, xmlreader, xmlrpc, xmlwriter, zip, mysql

Test script:
---------------
<?php
echo "#1: " . crypt('MUrGtL', 'AB') . "\n"; 
echo "#2: " . crypt('MUrGtL', 'AB') . "\n"; 
echo "#3: " . crypt('MUrGtL', 'AB') . "\n"; 
?>

Expected result:
----------------
$ php crypt.php
#1: ABcghTMliojv2
#2: ABcghTMliojv2
#3: ABcghTMliojv2
$ 

Actual result:
--------------
#  php crypt.php
#1: ABcghTMliojv2
#2: ABcghTMliojv2

Patches

membar-solaris.patch (last revision 2010-06-16 22:59 UTC) by SRIRAM dot NATARAJAN at GMAIL dot COM)
Dead_lock_fix_attempt (last revision 2010-03-29 11:54 UTC) by pajoye@php.net)
GDB-backtrace-proper (last revision 2010-03-29 11:27 UTC) by laacz at laacz dot lv)
GDB-backtrace (last revision 2010-03-29 11:13 UTC) by laacz at laacz dot lv)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-03-29 12:41 UTC] pajoye@php.net
-Status: Open +Status: Feedback
 [2010-03-29 12:41 UTC] pajoye@php.net
I can't reproduce it here using ubuntu 9.10.

Can you attach the config.log and main/php_config.h (from the build directory if you compile PHP outside the root src directory).
 [2010-03-29 12:50 UTC] laacz at laacz dot lv
-Status: Feedback +Status: Open
 [2010-03-29 12:50 UTC] laacz at laacz dot lv
Since I do not know how to attach files here, there goes links:

php_config.h: http://pastebin.com/xxKxuBS2
config.h: http://pastebin.com/8KcBe0FF

Also, added strace output: http://pastebin.com/sP4hT4LB
 [2010-03-29 13:05 UTC] pajoye@php.net
"Click Here to Submit a Patch" sounds like what you need
 [2010-03-29 13:07 UTC] pajoye@php.net
-Status: Open +Status: Feedback
 [2010-03-29 13:07 UTC] pajoye@php.net
It works just fine here.

Can you try to run it through gdb, stop the app when it reached the endless loop, and get a backtrace (bt)?
 [2010-03-29 13:14 UTC] laacz at laacz dot lv
-Status: Feedback +Status: Open
 [2010-03-29 13:14 UTC] laacz at laacz dot lv
Added GDB backtrace as a patch (what a system:).
 [2010-03-29 13:18 UTC] pajoye@php.net
-Status: Open +Status: Feedback
 [2010-03-29 13:18 UTC] pajoye@php.net
It does not look like a crypt issue at all. Is the src file you call exactly what you pasted here? Or can you attach it as zip please?
 [2010-03-29 13:21 UTC] pajoye@php.net
Stupid me, you did not call crypt php. Please do it again using:

gdb --args php crypt.php

or

gdb php
> run crypt.php
<break>
> bt
 [2010-03-29 13:27 UTC] laacz at laacz dot lv
-Status: Feedback +Status: Open
 [2010-03-29 13:27 UTC] laacz at laacz dot lv
Updated backtrace (patch:).
 [2010-03-29 13:54 UTC] pajoye@php.net
The following patch has been added/updated:

Patch Name: Dead_lock_fix_attempt
Revision:   1269863696
URL:        http://bugs.php.net/patch-display.php?bug=51424&patch=Dead_lock_fix_attempt&revision=1269863696
 [2010-03-29 13:55 UTC] pajoye@php.net
-Status: Open +Status: Feedback
 [2010-03-29 13:55 UTC] pajoye@php.net
Can you try using the attached patch please? It should fix the dead lock.
 [2010-03-29 14:40 UTC] laacz at laacz dot lv
-Status: Feedback +Status: Open
 [2010-03-29 14:40 UTC] laacz at laacz dot lv
Thank you. Provided fixes this exact bug.
 [2010-03-29 16:25 UTC] pajoye@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: pajoye
 [2010-05-27 02:34 UTC] thbley at gmail dot com
Same problem on windows (5.3.2 binary, php5apache2_2.dll):

Run 2 requests in parallel:
for ($i=0; $i<500000; $i++) {
  crypt('a', '_');
}

ab -n 1 -c 1 http://localhost/test.php
=> ~1 second, ok

ab -n 2 -c 2 http://localhost/test.php
=> hangs
 [2010-06-05 01:18 UTC] tallyce at gmail dot com
Also confirmed third call hang on Win7/Apache2.2/PHP5.3.2.

Can anyone suggest a workaround until the next release?
 [2010-06-15 11:26 UTC] pajoye@php.net
Automatic comment from SVN on behalf of pajoye
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=300459
Log: - Fix #51424, crypt() function hangs after 3rd call
 [2010-06-15 11:26 UTC] pajoye@php.net
Automatic comment from SVN on behalf of pajoye
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=300460
Log: - Fix #51424, crypt() function hangs after 3rd call
 [2010-06-15 15:43 UTC] pajoye@php.net
Automatic comment from SVN on behalf of pajoye
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=300466
Log: - #51424, silent warnings on win
 [2010-06-16 15:04 UTC] srinatar@php.net
hi  laacz at laacz dot lv
 can u please try with this patch and see if this addresses u r issue

to apply this patch, u will need to save the below contents into a file and 
run

cd php-5.3.2
patch -d . < <saved-file-name>

gmake clean
gmake

 
--- ext/standard/php_crypt_r.c.orig     Wed Jun 16 05:59:16 2010
+++ ext/standard/php_crypt_r.c  Wed Jun 16 06:00:17 2010
@@ -81,9 +81,7 @@
        tsrm_mutex_lock(php_crypt_extended_init_lock);
 #endif
 
-       if (initialized) {
-               return;
-       } else {
+       if (!initialized) {
                _crypt_extended_init();
                initialized = 1;
        }
 [2010-06-16 16:30 UTC] pajoye@php.net
-Operating System: Ubuntu 9.04 x64 +Operating System: *
 [2010-06-16 16:30 UTC] pajoye@php.net
This patch was what I proposed initially, it only reduces the risk but does not fix all cases.

What I committed is over safe as we could remove the tsrm lock. However I do need to know how we can do the membar on solaris.
 [2010-06-17 01:01 UTC] srinatar@php.net
i have attached a patch to add membar functionality for solaris. af course, this would be more relevant if we want to remove the tsrm lock around this.
 [2010-06-17 12:22 UTC] pajoye@php.net
Automatic comment from SVN on behalf of pajoye
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=300511
Log: - #51424, solaris part
 [2010-06-17 12:22 UTC] pajoye@php.net
Automatic comment from SVN on behalf of pajoye
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=300512
Log: - #51424
 [2010-08-08 16:18 UTC] pajoye@php.net
-Status: Assigned +Status: Closed
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sun Apr 20 01:02:05 2014 UTC