archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 21:48:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix GH-8789 and GH-10015: Fix ZTS zend signal crashes due to NULL globals

Browse source 
Fixes GH-8789.
Fixes GH-10015.

This is one small part of the underlying bug for GH-10737, as in my
attempts to reproduce the issue I constantly hit this crash easily.
(The fix for the other underlying issue for that bug will follow soon.)

It's possible that a signal arrives at a thread that never handled a PHP
request before. This causes the signal globals to dereference a NULL
pointer because the TSRM pointers for the thread aren't set up to point
to the thread resources yet.

PR GH-9766 previously fixed this for master by ignoring the signal if
the thread didn't handle a PHP request yet. While this fixes the crash
bug, I think the solution is suboptimal for 3 reasons:

1) The signal is ignored and a message is printed saying there is a bug.
   However, this is not a bug at all. For example in Apache, the signal
   set up happens on child process creation, and the thread resource
   creation happens lazily when the first request is handled by the
   thread. Hence, the fact that the thread resources aren't set up yet
   is not actually buggy behaviour.

2) I believe since it was believed to be buggy behaviour, that fix was
   only applied to master, so 8.1 & 8.2 keep on crashing.

3) We can do better than ignoring the signal. By just acting in the
   same way as if the signals aren't active. This means we need to
   take the same path as if the TSRM had already shut down.

Closes GH-10861.
This commit is contained in:
Niels Dossche 2023-03-15 22:28:08 +01:00
parent 5adeed3051
commit 06ae75007a
2 changed files with 9 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
NEWS
View file

@ -9,6 +9,10 @@ PHP NEWS
. Fixed bug GH-8646 (Memory leak PHP FPM 8.1). (nielsdos) . Fixed bug GH-8646 (Memory leak PHP FPM 8.1). (nielsdos)
. Fixed bug GH-10801 (Named arguments in CTE functions cause a segfault). . Fixed bug GH-10801 (Named arguments in CTE functions cause a segfault).
(nielsdos) (nielsdos)
. Fixed bug GH-8789 (PHP 8.0.20 (ZTS) zend_signal_handler_defer crashes on
apache). (nielsdos)
. Fixed bug GH-10015 (zend_signal_handler_defer crashes on apache shutdown).
(nielsdos)
- FPM: - FPM:
. Fixed bug GH-10611 (fpm_env_init_main leaks environ). (nielsdos) . Fixed bug GH-10611 (fpm_env_init_main leaks environ). (nielsdos)

8
Zend/zend_signal.c
View file

@ -85,8 +85,10 @@ void zend_signal_handler_defer(int signo, siginfo_t *siginfo, void *context)
zend_signal_queue_t *queue, *qtmp; zend_signal_queue_t *queue, *qtmp;
#ifdef ZTS #ifdef ZTS
/* A signal could hit after TSRM shutdown, in this case globals are already freed. */ /* A signal could hit after TSRM shutdown, in this case globals are already freed.
if (tsrm_is_shutdown()) { * Or it could be delivered to a thread that didn't execute PHP yet.
* In the latter case we act as if SIGG(active) is false. */
if (tsrm_is_shutdown() || !tsrm_get_ls_cache()) {
/* Forward to default handler handler */ /* Forward to default handler handler */
zend_signal_handler(signo, siginfo, context); zend_signal_handler(signo, siginfo, context);
return; return;
@ -178,7 +180,7 @@ static void zend_signal_handler(int signo, siginfo_t *siginfo, void *context)
sigset_t sigset; sigset_t sigset;
zend_signal_entry_t p_sig; zend_signal_entry_t p_sig;
#ifdef ZTS #ifdef ZTS
if (tsrm_is_shutdown()) { if (tsrm_is_shutdown() || !tsrm_get_ls_cache()) {
p_sig.flags = 0; p_sig.flags = 0;
p_sig.handler = SIG_DFL; p_sig.handler = SIG_DFL;
} else } else