php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #69175 posix_strerror is not thread-safe
Submitted: 2015-03-03 18:33 UTC Modified: 2021-09-01 12:53 UTC
From: james at jamesreno dot com Assigned:
Status: Open Package: POSIX related
PHP Version: 5.6.6 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!
Your email address:
MUST BE VALID
Solve the problem:
30 - 25 = ?
Subscribe to this entry?

 
 [2015-03-03 18:33 UTC] james at jamesreno dot com
Description:
------------
As with alot of the PHP extensions some are not thread-safe by nature however posix_strerror could easily be thread-safe by making a small change to the way it operates and as such is fully capable of becoming thread-safe. It is my impression that this use is not thread-safe (I could be wrong).

The problem is that posix_strerror makes a call to strerror() which returns a pointer to the string which may *not* be modified as it is reused and overwritten by the next call to strerror. Instead posix_strerror should call strerror_r which accepts a buffer and buffer length and writes the data there instead.

Granted that PHP seems to be making a copy of the output for its own use there is a possibility of a race condition occurring with other threads. This is just a small potential improvement that shouldnt take much time to implement and would be a a step forward for thread-safety. 

There may be other cases of thread-safety issues in the posix extension but those can be tackled one at a time. This is just a very limited and specific report for one use case. If someone wants to scan the entire extension for said issues more power to them but I am just requesting this particular case be resolved.

Test script:
---------------
<?php
 echo posix_strerror(110);
?>

Expected result:
----------------
No corruption should ever be possible to occur.

Actual result:
--------------
Corruption could possibly occur in a build utilizing multiple threads.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-09-01 12:53 UTC] cmb@php.net
Seems like a good idea, but would require to check whether
strerror_r(3) is available at build time.

PRs welcome!
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Mon Sep 27 23:03:36 2021 UTC