|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #69175 posix_strerror is not thread-safe
Submitted: 2015-03-03 18:33 UTC Modified: 2021-09-01 12:53 UTC
From: james at jamesreno dot com Assigned:
Status: Open Package: POSIX related
PHP Version: 5.6.6 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: james at jamesreno dot com
New email:
PHP Version: OS:


 [2015-03-03 18:33 UTC] james at jamesreno dot com
As with alot of the PHP extensions some are not thread-safe by nature however posix_strerror could easily be thread-safe by making a small change to the way it operates and as such is fully capable of becoming thread-safe. It is my impression that this use is not thread-safe (I could be wrong).

The problem is that posix_strerror makes a call to strerror() which returns a pointer to the string which may *not* be modified as it is reused and overwritten by the next call to strerror. Instead posix_strerror should call strerror_r which accepts a buffer and buffer length and writes the data there instead.

Granted that PHP seems to be making a copy of the output for its own use there is a possibility of a race condition occurring with other threads. This is just a small potential improvement that shouldnt take much time to implement and would be a a step forward for thread-safety. 

There may be other cases of thread-safety issues in the posix extension but those can be tackled one at a time. This is just a very limited and specific report for one use case. If someone wants to scan the entire extension for said issues more power to them but I am just requesting this particular case be resolved.

Test script:
 echo posix_strerror(110);

Expected result:
No corruption should ever be possible to occur.

Actual result:
Corruption could possibly occur in a build utilizing multiple threads.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2021-09-01 12:53 UTC]
Seems like a good idea, but would require to check whether
strerror_r(3) is available at build time.

PRs welcome!
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Jun 24 21:01:30 2024 UTC