php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #59601 Segfault when accessing multiple repositories
Submitted: 2011-02-01 13:21 UTC Modified: 2011-02-01 22:02 UTC
From: jimmy at velsoft dot com Assigned:
Status: Closed Package: svn (PECL)
PHP Version: 5.3.3 OS: Ubuntu 10.10
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: jimmy at velsoft dot com
New email:
PHP Version: OS:

 

 [2011-02-01 13:21 UTC] jimmy at velsoft dot com
Description:
------------
If a script accesses multiple repositories, a segmentation fault may occur after the script finishes.  This is caused by SVN "pools" not being destroyed safely when svn-repos resources are destructed.

When an svn-repos resource is created using svn_repos_open(), a subpool is allocated to this resource.  This subpool belongs to a root pool (SVN_G(pool)), initialized earlier by the extension.  The destructor for svn-repos destroys the resource's subpool.  The RSHUTDOWN function destroys the root pool, which also destroys all svn-repos subpools.

When a script finishes, the extension's RSHUTDOWN function is called before the svn-repos destructors are called, so the subpools are destroyed twice (assuming the resources weren't destructed beforehand), which may cause a segfault.  It seems the more svn-repos resources there are alive, the more likely there will be a segfault.

Reproduce code:
---------------
Reproducible with this script:  http://pastebin.com/xuP7YUnL
- Create 100 repositories (repo0, repo1, ..., repo99) in the same folder as this script
- Not reproducible through CLI -- only through Apache
- May produce segfaults in Apache's error.log (run the script several times)

Patch: http://pastebin.com/d5cWURH0
- This adds a check to ensure the root pool still exists before destroying an svn-repos resource's subpool

Expected result:
----------------
Script runs normally without any segfaults.

Actual result:
--------------
Script does one of the following:
- Runs normally without any segfaults
- Runs normally, but a segfault is logged in Apache's error.log
- Crashes Apache, requiring restarting Apache
- Crashes with a segfault and no output to browser

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-02-01 22:02 UTC] alan at akbkhome dot com
This bug has been fixed in SVN.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on pecl.php.net.

In case this was a pecl.php.net website problem, the change will show
up on the website in short time.
 
Thank you for the report, and for helping us make PECL better.

Thanks,

Very nice bug report, I wish they where all this clear.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Mon Nov 29 22:03:14 2021 UTC