From: Operating system: Linux 2.6+ PHP version: 5.3.3 Package: PCNTL related Bug Type: Bug Bug description:Race condition when handling many concurrent signals
Description: ------------ When a user-defined signal handler has been defined and many concurrent signals are being delivered to it through ext/pcntl, a race-condition can occur causing memory corruption. ext/pcntl handles signals to user-defined functions by placing incoming signals in to a "pending signals queue" (linked-list), which is then iterated when pcntl_signal_dispatch() is called (either explicitly, or via a tick). However, if another signal interrupts the execution of the signal handler whilst it is manipulating this linked list, it can become corrupted. The correct solution is to block signals from being delivered to the handler whilst it is handling a signal. This is achieved using sigprocmask(SIG_BLOCK). We have two patches, the first just cleans up the allocation of the pending signals queue. The second directly addresses the problem by wrapping any block of code that alters the pending signal queue with a set of syscalls to block the handling of any new signals. This is the safest approach as blocking the signals will cause the kernel to queue and deliver them once the handler has been unblocked. -- Edit bug report at http://bugs.php.net/bug.php?id=52784&edit=1 -- Try a snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=52784&r=trysnapshot52 Try a snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=52784&r=trysnapshot53 Try a snapshot (trunk): http://bugs.php.net/fix.php?id=52784&r=trysnapshottrunk Fixed in SVN: http://bugs.php.net/fix.php?id=52784&r=fixed Fixed in SVN and need be documented: http://bugs.php.net/fix.php?id=52784&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=52784&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=52784&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=52784&r=needscript Try newer version: http://bugs.php.net/fix.php?id=52784&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=52784&r=support Expected behavior: http://bugs.php.net/fix.php?id=52784&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=52784&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=52784&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=52784&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=52784&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=52784&r=dst IIS Stability: http://bugs.php.net/fix.php?id=52784&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=52784&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=52784&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=52784&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=52784&r=mysqlcfg
