|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #69175 posix_strerror is not thread-safe
Submitted: 2015-03-03 18:33 UTC Modified: 2021-09-01 12:53 UTC
From: james at jamesreno dot com Assigned:
Status: Open Package: POSIX related
PHP Version: 5.6.6 OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: james at jamesreno dot com
New email:
PHP Version: OS:


 [2015-03-03 18:33 UTC] james at jamesreno dot com
As with alot of the PHP extensions some are not thread-safe by nature however posix_strerror could easily be thread-safe by making a small change to the way it operates and as such is fully capable of becoming thread-safe. It is my impression that this use is not thread-safe (I could be wrong).

The problem is that posix_strerror makes a call to strerror() which returns a pointer to the string which may *not* be modified as it is reused and overwritten by the next call to strerror. Instead posix_strerror should call strerror_r which accepts a buffer and buffer length and writes the data there instead.

Granted that PHP seems to be making a copy of the output for its own use there is a possibility of a race condition occurring with other threads. This is just a small potential improvement that shouldnt take much time to implement and would be a a step forward for thread-safety. 

There may be other cases of thread-safety issues in the posix extension but those can be tackled one at a time. This is just a very limited and specific report for one use case. If someone wants to scan the entire extension for said issues more power to them but I am just requesting this particular case be resolved.

Test script:
 echo posix_strerror(110);

Expected result:
No corruption should ever be possible to occur.

Actual result:
Corruption could possibly occur in a build utilizing multiple threads.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2021-09-01 12:53 UTC]
Seems like a good idea, but would require to check whether
strerror_r(3) is available at build time.

PRs welcome!
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Mon Sep 27 23:03:36 2021 UTC