|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75601 Thread race in PCRE JIT support
Submitted: 2017-11-30 14:23 UTC Modified: 2017-11-30 20:08 UTC
From: rperper at litespeedtech dot com Assigned: ab (profile)
Status: Closed Package: PCRE related
PHP Version: 7.2.0 OS: OpenSuSE
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
Solve the problem:
24 + 32 = ?
Subscribe to this entry?

 [2017-11-30 14:23 UTC] rperper at litespeedtech dot com
I am a developer at LiteSpeed Technologies and am working on a thread-capable version of the PHP module to be included in the Open-LiteSpeed web server.  During load testing, using PCRE with JIT support enabled (the default) with the thread-sanitizer enabled, we detected a race condition in sljitUtils.c line 224.  It appears that there are unprotected globals which will never be successful in a multi-threaded environment.  We recommend protecting these globals with atomic functions, or in some other way to avoid the race conditions.

Test script:
Can not be reproduced in a script.

Actual result:
WARNING: ThreadSanitizer: data race (pid=49992)
  Read of size 8 at 0x7ffff4de1798 by thread T2 (mutexes: write M546):
    #0 sljit_allocate_stack /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/ext/pcre/pcrelib/sljit/sljitUtils.c:224 (
    #1 php_pcre_jit_stack_alloc /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/ext/pcre/pcrelib/pcre_jit_compile.c:11625 (
    #2 zm_activate_pcre /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/ext/pcre/php_pcre.c:229 (
    #3 zend_activate_modules /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/Zend/zend_API.c:2600 (
    #4 php_request_startup /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/main/main.c:1696 (
    #5 lsiapi_module_main /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/sapi/mod_lsphp/mod_lsphp.c:1489 (
    #6 process_req /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/sapi/mod_lsphp/mod_lsphp.c:1536 (
    #7 mod_lsphp_begin_process /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/sapi/mod_lsphp/mod_lsphp.c:1667 (
    #8 MtHandlerProcess(ls_lfnodei_s*) /home/user/proj/openlitespeed/src/lsiapi/modulehandler.cpp:46 (openlitespeed+0x00000088ced5)
    #9 WorkCrew::workerRoutine(CrewWorker*) /home/user/proj/openlitespeed/src/thread/workcrew.cpp:448 (openlitespeed+0x000000944a11)
    #10 CrewWorker::thr_main(void*) /home/user/proj/openlitespeed/src/thread/crewworker.cpp:36 (openlitespeed+0x00000094531e)
    #11 Thread::start_routine(void*) /home/user/proj/openlitespeed/src/thread/thread.cpp:43 (openlitespeed+0x000000942657)


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2017-11-30 20:08 UTC]
-Status: Open +Status: Verified -Assigned To: +Assigned To: ab
 [2017-11-30 20:08 UTC]
Confirmed. What is merely needed is to mutex protect the jit stack allocation, patching the bundled library is not needed. If you have a patch for this, please attach, otherwise i'm going to work on a fix next days.

 [2017-12-05 16:42 UTC]
Automatic comment on behalf of ab
Log: Fixed bug #75601 Thread race in PCRE JIT support
 [2017-12-05 16:42 UTC]
-Status: Verified +Status: Closed
 [2017-12-05 16:42 UTC]
Automatic comment on behalf of ab
Log: Fixed bug #75601 Thread race in PCRE JIT support
 [2017-12-05 16:42 UTC]
Automatic comment on behalf of ab
Log: Fixed bug #75601 Thread race in PCRE JIT support
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Thu Sep 16 19:03:38 2021 UTC