|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #64287 sendmsg/recvmsg shutdown handler causes segfault
Submitted: 2013-02-23 17:37 UTC Modified: 2013-02-24 10:59 UTC
From: bobwei9 at hotmail dot com Assigned:
Status: Closed Package: Reproducible crash
PHP Version: master-Git-2013-02-23 (Git) OS: Mac OS X Mountain Lion
Private report: No CVE-ID: None
 [2013-02-23 17:37 UTC] bobwei9 at hotmail dot com
Somehow the sendrecvmsg shutdown handler crashes when freeing. See also the backtrace. (I don't even do a single call to these functions)

But it only crashes on apache (not on cli).

It doesn't crash every time, but every two or three requests with every time the same backtrace.

Test script:
I am unable to provide a test script as it happens on every sort of scripts since updating to a version which includes sendmsg/recvmsg support.

Actual result:
#0  0x00007fff9868dd46 in __kill ()
#1  0x00007fff99ac5df0 in abort ()
#2  0x00007fff99a99959 in free ()
#3  0x0000000107d78b2f in tsrm_mutex_free (mutexp=0x7fc5498ab670) at TSRM.c:632
#4  0x0000000107b3fcfe in php_socket_sendrecvmsg_shutdown (type=1, module_number=45, tsrm_ls=0x7fc548c33130) at sendrecvmsg.c:448
#5  0x0000000107b361a8 in zm_deactivate_sockets (type=1, module_number=45, tsrm_ls=0x7fc548c33130) at sockets.c:750
#6  0x0000000107e685ba in zend_deactivate_modules (tsrm_ls=0x7fc548c33130) at zend_API.c:2364
#7  0x0000000107d818bd in php_request_shutdown (dummy=0x0) at main.c:1769
#8  0x0000000108034322 in php_apache_request_dtor (r=0x7fc5494216a0, tsrm_ls=0x7fc548c33130) at sapi_apache2.c:507
#9  0x0000000108032dd1 in php_handler (r=0x7fc5494216a0) at sapi_apache2.c:679


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2013-02-23 20:22 UTC] bobwei9 at hotmail dot com
If I comment the line 448 (the call to tsrm_mutex_free()) out, it doesn't leak nor it segfaults anymore...
 [2013-02-24 02:51 UTC]
-Status: Open +Status: Feedback
 [2013-02-24 02:51 UTC]
Please try using this snapshot:
For Windows:

 [2013-02-24 10:59 UTC] bobwei9 at hotmail dot com
-Status: Feedback +Status: Closed
 [2013-02-24 10:59 UTC] bobwei9 at hotmail dot com
Thank you, your change worked ;)
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Tue Dec 05 03:01:26 2023 UTC