Bug #60629 [Com]: memory corruption when web server closed the fcgi fd(?)

Tue, 03 Jan 2012 11:44:50 -0800 

Edit report at https://bugs.php.net/bug.php?id=60629&edit=1

 ID:                 60629
 Comment by:         phpbugs at oops dot mooo dot com
 Reported by:        phpbugs at oops dot mooo dot com
 Summary:            memory corruption when web server closed the fcgi
                     fd(?)
 Status:             Feedback
 Type:               Bug
 Package:            FPM related
 Operating System:   Debian Squeeze
 PHP Version:        5.3.9RC4
 Assigned To:        fat
 Block user comment: N
 Private report:     N

 New Comment:

Looks good to me, I don't understand
a) Why was fcgi_write's return value changed to ssize_t
b) Why the explicit (size_t) casts was added
but I can't see any problem with them either :)

(I only did this part.)
-       size_t ret;
+       ssize_t ret


Previous Comments:
------------------------------------------------------------------------
[2012-01-03 18:03:28] f...@php.net

Can you please test and validate the attached patch please ?

thx
++ jerome

------------------------------------------------------------------------
[2012-01-03 18:02:55] f...@php.net

The following patch has been added/updated:

Patch Name: fpm-bugs-60629.patch
Revision:   1325613774
URL:        
https://bugs.php.net/patch-display.php?bug=60629&patch=fpm-bugs-60629.patch&revision=1325613774

------------------------------------------------------------------------
[2012-01-03 12:13:34] f...@php.net

it's on my todo list. I'll try to take time to look at this bugs this week.

++ jerome

------------------------------------------------------------------------
[2012-01-03 12:12:09] larue...@php.net

fat, could you plz look at this? thanks

------------------------------------------------------------------------
[2011-12-30 23:40:43] phpbugs at oops dot mooo dot com

I think it might've been introduced in this commit (~line 270).

http://svn.php.net/viewvc/php/php-src/tags/php_5_3_9RC4/sapi/fpm/fpm/fpm_main.c?r1=317894&r2=317897

It looks like write() might have the same problem, since it returns a ssize_t 
that's casted to size_t.

Fix might be to use ssize_t instead?

------------------------------------------------------------------------


The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

    https://bugs.php.net/bug.php?id=60629


-- 
Edit this bug report at https://bugs.php.net/bug.php?id=60629&edit=1

Reply via email to