php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #69175 posix_strerror is not thread-safe
Submitted: 2015-03-03 18:33 UTC Modified: -
From: james at jamesreno dot com Assigned:
Status: Open Package: POSIX related
PHP Version: 5.6.6 OS: Linux
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2015-03-03 18:33 UTC] james at jamesreno dot com
Description:
------------
As with alot of the PHP extensions some are not thread-safe by nature however posix_strerror could easily be thread-safe by making a small change to the way it operates and as such is fully capable of becoming thread-safe. It is my impression that this use is not thread-safe (I could be wrong).

The problem is that posix_strerror makes a call to strerror() which returns a pointer to the string which may *not* be modified as it is reused and overwritten by the next call to strerror. Instead posix_strerror should call strerror_r which accepts a buffer and buffer length and writes the data there instead.

Granted that PHP seems to be making a copy of the output for its own use there is a possibility of a race condition occurring with other threads. This is just a small potential improvement that shouldnt take much time to implement and would be a a step forward for thread-safety. 

There may be other cases of thread-safety issues in the posix extension but those can be tackled one at a time. This is just a very limited and specific report for one use case. If someone wants to scan the entire extension for said issues more power to them but I am just requesting this particular case be resolved.

Test script:
---------------
<?php
 echo posix_strerror(110);
?>

Expected result:
----------------
No corruption should ever be possible to occur.

Actual result:
--------------
Corruption could possibly occur in a build utilizing multiple threads.

Patches

Add a Patch

Pull Requests

Add a Pull Request

 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Mon Apr 19 11:01:29 2021 UTC