php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #73005 In child process overdo call sem_release resulting max_acquire overflow
Submitted: 2016-09-02 18:35 UTC Modified: -
Votes:2
Avg. Score:4.0 ± 1.0
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:1 (50.0%)
From: consatan at gmail dot com Assigned:
Status: Open Package: Semaphore related
PHP Version: Irrelevant OS: Unix like OS
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: consatan at gmail dot com
New email:
PHP Version: OS:

 

 [2016-09-02 18:35 UTC] consatan at gmail dot com
Description:
------------
Test in 
OS: Debian 8.5 and CentOS 7.2.1511
PHP: 5.6.25 and 7.0.10
configure:  --enable-pcntl --enable-sysvshm --enable-sysvsem --enable-sysvmsg

Look like the semaphore resource in each child process is an clone not a reference.

The semaphore resources state in child process was cloned from the last state before parent process triggered pcntl_fork().

Test script:
---------------
<?php
$ipcs = "ipcs -s -i `ipcs -s | grep 0x0001e240 | awk '{print $2}'` | awk 'NR==9'";
$sem = sem_get(123456, 3, 0666, 0);
echo exec($ipcs) . " first\n";

for ($i = 0; $i < 3; $i++) {
    sem_acquire($sem);
    if (pcntl_fork() === 0) {
        echo exec($ipcs) . " $i start\n";
        for ($j = 0; $j < 3; $j++) sem_release($sem);
        echo exec($ipcs) . " $i end\n";
        exit(0);
    }
}

usleep(50000);
echo exec($ipcs) . " last\n";
sem_remove($sem);

Expected result:
----------------
6 times Warning
semaphore's max_acquirce <= 3

Actual result:
--------------
0          3          0          0          7128 first
0          0          0          0          7128 2 start
0          3          0          0          7138 1 start

Warning: sem_release(): SysV semaphore 4 (key 0x1e240) is not currently acquired in /tmp/sem.php on line 10
0          5          0          0          7137 0 start

Warning: sem_release(): SysV semaphore 4 (key 0x1e240) is not currently acquired in /tmp/sem.php on line 10

Warning: sem_release(): SysV semaphore 4 (key 0x1e240) is not currently acquired in /tmp/sem.php on line 10
0          6          0          0          7136 1 end
0          4          0          0          7137 2 end
0          1          0          0          7138 0 end
0          0          0          0          7136 last

Patches

Add a Patch

Pull Requests

Add a Pull Request

 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sun Nov 17 09:01:33 2019 UTC