php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #64287 sendmsg/recvmsg shutdown handler causes segfault
Submitted: 2013-02-23 17:37 UTC Modified: 2013-02-24 10:59 UTC
From: bobwei9 at hotmail dot com Assigned:
Status: Closed Package: Reproducible crash
PHP Version: master-Git-2013-02-23 (Git) OS: Mac OS X Mountain Lion
Private report: No CVE-ID: None
 [2013-02-23 17:37 UTC] bobwei9 at hotmail dot com
Description:
------------
Somehow the sendrecvmsg shutdown handler crashes when freeing. See also the backtrace. (I don't even do a single call to these functions)

But it only crashes on apache (not on cli).

It doesn't crash every time, but every two or three requests with every time the same backtrace.

Test script:
---------------
I am unable to provide a test script as it happens on every sort of scripts since updating to a version which includes sendmsg/recvmsg support.

Actual result:
--------------
#0  0x00007fff9868dd46 in __kill ()
#1  0x00007fff99ac5df0 in abort ()
#2  0x00007fff99a99959 in free ()
#3  0x0000000107d78b2f in tsrm_mutex_free (mutexp=0x7fc5498ab670) at TSRM.c:632
#4  0x0000000107b3fcfe in php_socket_sendrecvmsg_shutdown (type=1, module_number=45, tsrm_ls=0x7fc548c33130) at sendrecvmsg.c:448
#5  0x0000000107b361a8 in zm_deactivate_sockets (type=1, module_number=45, tsrm_ls=0x7fc548c33130) at sockets.c:750
#6  0x0000000107e685ba in zend_deactivate_modules (tsrm_ls=0x7fc548c33130) at zend_API.c:2364
#7  0x0000000107d818bd in php_request_shutdown (dummy=0x0) at main.c:1769
#8  0x0000000108034322 in php_apache_request_dtor (r=0x7fc5494216a0, tsrm_ls=0x7fc548c33130) at sapi_apache2.c:507
#9  0x0000000108032dd1 in php_handler (r=0x7fc5494216a0) at sapi_apache2.c:679


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-02-23 20:22 UTC] bobwei9 at hotmail dot com
If I comment the line 448 (the call to tsrm_mutex_free()) out, it doesn't leak nor it segfaults anymore...
 [2013-02-24 02:51 UTC] cataphract@php.net
-Status: Open +Status: Feedback
 [2013-02-24 02:51 UTC] cataphract@php.net
Please try using this snapshot:

  http://snaps.php.net/php-trunk-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/


 [2013-02-24 10:59 UTC] bobwei9 at hotmail dot com
-Status: Feedback +Status: Closed
 [2013-02-24 10:59 UTC] bobwei9 at hotmail dot com
Thank you, your change worked ;)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 11:01:29 2024 UTC