PHP :: Bug #62444 :: Handle leak in is

Bug #62444

Handle leak in is_readable

Submitted:

2012-06-29 00:10 UTC

Modified:

2012-11-02 11:03 UTC

Votes:	23
Avg. Score:	4.9 ± 0.4
Reproduced:	23 of 23 (100.0%)
Same Version:	12 (52.2%)
Same OS:	9 (39.1%)

From:

sergio dot nalin at gmail dot com

Assigned:

pajoye (profile)

Status:

Closed

Package:

Filesystem function related

PHP Version:

5.3.14

OS:

Win 7 64bit

Private report:

CVE-ID:

None

View Developer Edit

[2012-06-29 00:10 UTC] sergio dot nalin at gmail dot com

Description:
------------
PHP vc9 5.3.14, thread safe version + Apache Httpd 2.2.22 + Win 7/Win Server 2008 
R2

Each time is_readable in invoked, it leaves an open handle in the httpd process.



Test script:
---------------
for($i=0; $i<100;$i++) {
  is_readable("c:\\temp");
}

NOTE: the folder/file must exist for the leak to happen.

Expected result:
----------------
No leaked handles

Actual result:
--------------
100 leaked handles

Patches

is_readable-handle-leak-fix (last revision 2012-11-02 09:44 UTC by krazyest at seznam dot cz)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2012-07-25 22:26 UTC] smiles_indonesia at yahoo dot co dot id

It seems happened since introduction of php 5.3.0. If you see in the changelogs:

http://www.php.net/ChangeLog-5.php

Added support for ACL (is_writable, is_readable, reports now correct results) on Windows. (Pierre, Venkat Raman Don, Kanwaljeet Singla)

This issue is very critical, because it makes php running on windows production server impractical / unusable...

My quad xeon box becomes very slow after some days, the ram usage is mysteriously increased (httpd process usage still remains the same, I thought handle consumes kernel spaces)...

If your webserver servers 1 million request, then there will be about 1 million handle opened... Usual application only consumes 20 to 2000 handles...

[2012-07-26 17:24 UTC] mr_pain at operamail dot com

Memory leak confirmed for the following configurations:

PHP vc9 5.3.15, thread safe version + Apache Httpd 2.4.2 + Win XP SP3 
PHP vc9 5.4.5,  thread safe version + Apache Httpd 2.4.2 + Win XP SP3 

Running Test script:
--------------------
for($i=0; $i<100;$i++) {
  is_readable("c:\\temp");
}

PHP vc9 5.4.5 tested on WAMP stacks:
------------------------------------

XAMPP USB Lite 1.8.0        (Windows XP SP3)
Uniform Server 8.5.8-Coral  (Windows XP SP3)

For details see:
http://forum.uniformserver.com/index.php?showtopic=2627&hl=

Windows 7 SP1 and Windows Server 2008 R2 (both is 64-bit OS)

I agree with above comment, it makes running PHP on a Windows production server impractical.

[2012-08-13 05:48 UTC] pajoye@php.net

-Status: Open +Status: Assigned -Assigned To: +Assigned To: pajoye

[2012-10-31 22:21 UTC] vseticka dot martin at gmail dot com

Is there any progress? This issue makes PHP really hard to use on Windows.

[2012-11-02 08:57 UTC] krazyest at seznam dot cz

The problem is in TSRM\tsrm_win32.c in function

TSRM_API int tsrm_win32_access(const char *pathname, int mode TSRMLS_DC)

A local variable 

	HANDLE thread_token;

is being initialized by this call

		if(!OpenThreadToken(GetCurrentThread(), TOKEN_ALL_ACCESS, TRUE, &thread_token)) {

which is likely to succeed, but even if it does not there is another call

				if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &thread_token)) {

that creates the handle.  

However, no CloseHandle is called, which causes the handle to leak. 

We need to change the code like this

	HANDLE thread_token;
->	
	HANDLE thread_token=NULL;



Finished:
		if(real_path != NULL) {
			free(real_path);
			real_path = NULL;
		}
->
Finished:
		if (thread_token) CloseHandle(thread_token);

		if(real_path != NULL) {
			free(real_path);
			real_path = NULL;
		}

[2012-11-02 10:53 UTC] laruence@php.net

Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=3fe3029ecb9f121eb6f535970d5cd18ecc8373a6
Log: Fixed bug #62444 (Handle leak in is_readable on windows).

[2012-11-02 10:53 UTC] laruence@php.net

-Status: Assigned +Status: Closed

[2012-11-02 10:56 UTC] laruence@php.net

Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=3fe3029ecb9f121eb6f535970d5cd18ecc8373a6
Log: Fixed bug #62444 (Handle leak in is_readable on windows).

[2012-11-02 10:58 UTC] laruence@php.net

Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=3fe3029ecb9f121eb6f535970d5cd18ecc8373a6
Log: Fixed bug #62444 (Handle leak in is_readable on windows).

[2012-11-02 11:03 UTC] laruence@php.net

according to the msdn, the fix is okey to me, merged.

" Remarks
Tokens with the anonymous impersonation level cannot be opened.
Close the access token handle returned through the TokenHandle parameter by 
calling CloseHandle. "

http://msdn.microsoft.com/en-us/library/windows/desktop/aa379296(v=vs.85).aspx

[2014-10-07 23:21 UTC] stas@php.net

Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=3fe3029ecb9f121eb6f535970d5cd18ecc8373a6
Log: Fixed bug #62444 (Handle leak in is_readable on windows).

[2014-10-07 23:32 UTC] stas@php.net

Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=3fe3029ecb9f121eb6f535970d5cd18ecc8373a6
Log: Fixed bug #62444 (Handle leak in is_readable on windows).

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sun Oct 26 01:00:01 2025 UTC