php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #76109 Unsafe access to fpm scoreboard
Submitted: 2018-03-17 13:59 UTC Modified: 2018-06-10 15:54 UTC
From: backhaus at traum-ferienwohnungen dot de Assigned:
Status: Open Package: FPM related
PHP Version: PHP-7.1 OS: Linux
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2018-03-17 13:59 UTC] backhaus at traum-ferienwohnungen dot de
Description:
------------
It seems there is an unsafe access to the scoreboard procs in fpm_status_handle_request. The scoreboard is copied under a lock, but later scoreboard procs are copied from scoreboard_p without locking. 
This was pointed out to me by bukka in https://github.com/php/php-src/pull/3182#discussion_r174150992 .
The risk of this is pretty low. The only impact in can imagine being inconsistent readings on the status page.



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-03-17 19:38 UTC] backhaus at traum-ferienwohnungen dot de
Pull request is https://github.com/php/php-src/pull/3185. Cannot attach because the bug tracker cannot load it from github for some reason.
 [2018-03-29 08:36 UTC] backhaus at traum-ferienwohnungen dot de
Pull request is https://github.com/php/php-src/pull/3185
 [2018-03-29 08:37 UTC] backhaus at traum-ferienwohnungen dot de
Actually it's not 3185 again, it's https://github.com/php/php-src/pull/3188 now.
 [2018-06-10 15:54 UTC] cmb@php.net
-PHP Version: master-Git-2018-03-17 (Git) +PHP Version: PHP-7.1
 [2018-06-10 15:54 UTC] cmb@php.net
Changing PHP version to match the PR.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sat Jul 20 20:01:26 2019 UTC