PHP :: Bug #67466 :: Mapping error during startup leads to unpredictable AV in opcode cache

Bug #67466

Mapping error during startup leads to unpredictable AV in opcode cache

Submitted:

2014-06-18 15:37 UTC

Modified:

2014-06-25 14:14 UTC

Votes:	1
Avg. Score:	3.0 ± 0.0
Reproduced:	0 of 1 (0.0%)

From:

ericsten@php.net

Assigned:

ericsten (profile)

Status:

Closed

Package:

WinCache (PECL)

PHP Version:

5.4.29

OS:

Windows

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	ericsten@php.net
New email:
PHP Version:		OS:

New Comment:

[2014-06-18 15:37 UTC] ericsten@php.net

Description:
------------
Problem:
Two processes race in to create the cross-process, shared memory map for the opcode cache.  During initialization of that memory mapped file, there's an error, that leaves partial information about the memory mapped file in a different chunk of cross-process, shared memory used to figure out where Wincache mapped things (php_wincache!filemap_global_context).  This partial information guarantees that all Wincache instances will attempt to map the opcode cache at different addresses.  The failures may not be instantaneous, since some processes might "accidently" map their opcode cache at the same address as a majority of other instances.
  
Fix:
Detect this failure, and clear out the (now invalid) filemap_global_context entry, so other processes don't accidently use the entry.

Expected result:
----------------
No AV

Actual result:
--------------
AV deref'ing a zend_op_array in an address not mapped to the current process.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2014-06-18 15:37 UTC] ericsten@php.net

-Assigned To: +Assigned To: ericsten

[2014-06-20 16:51 UTC] ericsten@php.net

Automatic comment from SVN on behalf of ericsten
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=333880
Log: PHP 5.6 RC1 build
BUG #67466: Mapping error during startup leads to unpredictable AV in opcode cache

[2014-06-25 14:14 UTC] ericsten@php.net

-Status: Assigned +Status: Closed

[2014-06-25 14:14 UTC] ericsten@php.net

Confirmed SVN 333880 fixes customer issue.

[2014-07-02 21:41 UTC] mattficken@php.net

BTW, when Opcache detects the equivalent of this condition, it produces the 'unable to reattach to base address' error message and then exits.

When Opcache detects this condition, it should replace the file (at least for that PHP process), which is what this patch to Wincache does (code looks different b/c Wincache can have multiple memory mapped files, while Opcache only has 1).

If Wincache can fix this issue this way, so can Opcache.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Mon Apr 29 00:01:32 2024 UTC