Bug#662662: marked as done (php5-memcached: Segfault or abort when getServerByKey, get called)

Sat, 17 Mar 2012 02:51:43 -0700 

Your message dated Sat, 17 Mar 2012 09:47:11 +0000
with message-id <[email protected]>
and subject line Bug#662662: fixed in php-memcached 1.0.2-1+squeeze1
has caused the Debian Bug report #662662,
regarding php5-memcached: Segfault or abort when getServerByKey, get called
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
662662: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662662
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: php5-memcached
Version: 1.0.2-1
Severity: important
Tags: upstream


Calls to getServerByKey can cause a segfault or abort when followed
by any other call that will read or write with the same key, or any
key that happens to live on the same server.

The bug is caused by a call to free the server entry at the end of
getServerByKey in php_memcached.c:

1540:        memcached_server_free(server);

And the first thing that function does is sends "quit" to the memcache
server. This has been fixed upstream btw, with a note:

https://github.com/php-memcached-dev/php-memcached/blob/master/php_memcached.c

"
        /* memcached_server_add(3) states that the server instance is cloned. */
        /* In actuality it is not, possibly a bug in libmemcached 0.40. */
        /* remove server freeing */

        /* memcached_server_free(server); */
"

I'm guessing that the client is not automatically reconnecting ('cause
it doesn't know to) and then we end up with a segfault or abort.

Would it be possible for this to be used as a patch in an update for 
squeeze's version of php-memcached-1.0.2? I believe this is a serious 
enough bug to warrant an update as it is possible a call made by one 
script can lead to an sigfault or sigabort when a later script is run.

This code triggers the segabort. The same failure occurs in Apache and
CLI modes.

<?php
$mcd = new memcached();
$mcd->addServer('127.0.0.1', '11211', 1);
$result = $mcd->set('anykey', 2);
$mcd->getServerByKey('anykey');
?>

and this triggers the sigabort:

<?php
$mcd = new memcached();
$mcd->addServer('127.0.0.1', '11211', 1);
$result = $mcd->set('anykey', 2);
$mcd->getServerByKey('anykey');
?>

These two scripts will eventually trigger a segfault when you hit one
followed by the other:

<?php
$mcd = new memcached(1);
$mcd->addServer('127.0.0.1', '11211', 1);
$mcd->getServerByKey('anykey');
print "Done\n";
?>

<?php
$mcd = new memcached(1);
$mcd->addServer('127.0.0.1', '11211', 1);
$result = $mcd->set('anykey', 2);
print "Done\n";
?>

"Eventually", in this case, means when the same Apache prefork child
happens to run the two scripts one after the other.

-- System Information:
Debian Release: 6.0.4
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.39.1-x86_64-linode19 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages php5-memcached depends on:
ii  libapache2-mod-php5 [ph 5.3.3-7+squeeze8 server-side, HTML-embedded scripti
ii  libc6                   2.11.3-2         Embedded GNU C Library: Shared lib
ii  libmemcached5           0.40-1           A C and C++ client library to the 
ii  php5-cli [phpapi-200906 5.3.3-7+squeeze8 command-line interpreter for the p
ii  php5-common             5.3.3-7+squeeze8 Common files for packages built fr
ii  ucf                     3.0025+nmu1      Update Configuration File: preserv

php5-memcached recommends no packages.

php5-memcached suggests no packages.

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: php-memcached
Source-Version: 1.0.2-1+squeeze1

We believe that the bug you reported is fixed in the latest version of
php-memcached, which is due to be installed in the Debian FTP archive:

php-memcached_1.0.2-1+squeeze1.debian.tar.gz
  to main/p/php-memcached/php-memcached_1.0.2-1+squeeze1.debian.tar.gz
php-memcached_1.0.2-1+squeeze1.dsc
  to main/p/php-memcached/php-memcached_1.0.2-1+squeeze1.dsc
php5-memcached_1.0.2-1+squeeze1_amd64.deb
  to main/p/php-memcached/php5-memcached_1.0.2-1+squeeze1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sergey B Kirpichev <[email protected]> (supplier of updated php-memcached 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 05 Mar 2012 22:56:33 +0400
Source: php-memcached
Binary: php5-memcached
Architecture: source amd64
Version: 1.0.2-1+squeeze1
Distribution: stable
Urgency: low
Maintainer: Sergey B Kirpichev <[email protected]>
Changed-By: Sergey B Kirpichev <[email protected]>
Description: 
 php5-memcached - memcached extension module for PHP5
Closes: 662662
Changes: 
 php-memcached (1.0.2-1+squeeze1) stable; urgency=low
 .
   * Apply patch from upstream to fix double free in getServerByKey().
     Closes: #662662.
   * New maintainer (See: #620030)
Checksums-Sha1: 
 381e378119874cfd99bdc5e0f62cf6a47822afc7 1161 
php-memcached_1.0.2-1+squeeze1.dsc
 c695716c2b1963a63703f00f47269e2f0c2e2172 4719 
php-memcached_1.0.2-1+squeeze1.debian.tar.gz
 fcb48bc56b420ccda6573b50b7dccb71cee27367 27624 
php5-memcached_1.0.2-1+squeeze1_amd64.deb
Checksums-Sha256: 
 afff9208603f9ea672adf55f2cfd1d6212ce4c86d830f137808580b23cca2d2f 1161 
php-memcached_1.0.2-1+squeeze1.dsc
 217fd317e31eb89fdeea76b2de16e51f772ab02995ccc1c8ea1a464b7d261e3e 4719 
php-memcached_1.0.2-1+squeeze1.debian.tar.gz
 ec4237b340b6e746e26ec37c575f04e0590465e72b00060ff9ce666283430275 27624 
php5-memcached_1.0.2-1+squeeze1_amd64.deb
Files: 
 f41acbfcba0f130908190c08a66d606a 1161 php optional 
php-memcached_1.0.2-1+squeeze1.dsc
 f923e61427ffcde21fc0301ba51d5052 4719 php optional 
php-memcached_1.0.2-1+squeeze1.debian.tar.gz
 daae8f36eb8195e39946e8fdd5d660a5 27624 php optional 
php5-memcached_1.0.2-1+squeeze1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAk9jz/gACgkQFViURZnoHaDIqQCbBIQzF9SDtfv+xKo/jxm9QJCw
WlYAnRcWktQWAQcKQPs9VAV9X77ert3q
=wjD9
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to