From: novicky at aarongroup dot cz Operating system: win32 PHP version: 4.3.7RC1 PHP Bug Type: Reproducible crash Bug description: known_post_content_types is not thread safe
Description: ------------ Variable known_post_content_types used in SAPI.c is declared as static which is not thread safe and can lead to crash under multithread webservers like IIS. Here is a patch for SAPI.h and SAPI.c --- php-4.3.7RC1.orig/main/SAPI.h 2003-04-09 22:27:55.000000000 +0200 +++ php-4.3.7RC1/main/SAPI.h 2004-05-26 10:08:34.000000000 +0200 @@ -120,6 +120,7 @@ long post_max_size; int options; zend_bool sapi_started; + HashTable known_post_content_types; } sapi_globals_struct; --- php-4.3.7RC1.orig/main/SAPI.c 2004-03-27 02:45:44.000000000 +0100 +++ php-4.3.7RC1/main/SAPI.c 2004-05-29 14:34:47.000000000 +0200 @@ -48,7 +48,6 @@ #include "php_content_types.h" -static HashTable known_post_content_types; #ifdef ZTS SAPI_API int sapi_globals_id; @@ -59,6 +58,11 @@ static void sapi_globals_ctor(sapi_globals_struct *sapi_globals TSRMLS_DC) { memset(sapi_globals, 0, sizeof(*sapi_globals)); + zend_hash_init_ex(&SG(known_post_content_types), 5, NULL, NULL, 1, 0); +} + +static void sapi_globals_dtor(sapi_globals_struct *sapi_globals TSRMLS_DC) { + zend_hash_destroy(&SG(known_post_content_types)); } /* True globals (no need for thread safety) */ @@ -68,10 +72,9 @@ SAPI_API void sapi_startup(sapi_module_struct *sf) { sapi_module = *sf; - zend_hash_init_ex(&known_post_content_types, 5, NULL, NULL, 1, 0); #ifdef ZTS - ts_allocate_id(&sapi_globals_id, sizeof(sapi_globals_struct), (ts_allocate_ctor) sapi_globals_ctor, NULL); + ts_allocate_id(&sapi_globals_id, sizeof(sapi_globals_struct), (ts_allocate_ctor) sapi_globals_ctor, (ts_allocate_dtor)sapi_globals_dtor); #else sapi_globals_ctor(&sapi_globals TSRMLS_CC); #endif @@ -98,7 +101,6 @@ tsrm_win32_shutdown(); #endif - zend_hash_destroy(&known_post_content_types); } @@ -151,7 +153,7 @@ } /* now try to find an appropriate POST content handler */ - if (zend_hash_find(&known_post_content_types, content_type, content_type_length+1, (void **) &post_entry)==SUCCESS) { + if (zend_hash_find(&SG(known_post_content_types), content_type, content_type_length+1, (void **) &post_entry)==SUCCESS) { /* found one, register it for use */ SG(request_info).post_entry = post_entry; post_reader_func = post_entry->post_reader; @@ -795,12 +797,14 @@ SAPI_API int sapi_register_post_entry(sapi_post_entry *post_entry) { - return zend_hash_add(&known_post_content_types, post_entry->content_type, post_entry->content_type_len+1, (void *) post_entry, sizeof(sapi_post_entry), NULL); + TSRMLS_FETCH(); + return zend_hash_add(&SG(known_post_content_types), post_entry->content_type, post_entry->content_type_len+1, (void *) post_entry, sizeof(sapi_post_entry), NULL); } SAPI_API void sapi_unregister_post_entry(sapi_post_entry *post_entry) { - zend_hash_del(&known_post_content_types, post_entry->content_type, post_entry->content_type_len+1); + TSRMLS_FETCH(); + zend_hash_del(&SG(known_post_content_types), post_entry->content_type, post_entry->content_type_len+1); } -- Edit bug report at http://bugs.php.net/?id=28568&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=28568&r=trysnapshot4 Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=28568&r=trysnapshot5 Fixed in CVS: http://bugs.php.net/fix.php?id=28568&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=28568&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=28568&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=28568&r=needscript Try newer version: http://bugs.php.net/fix.php?id=28568&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=28568&r=support Expected behavior: http://bugs.php.net/fix.php?id=28568&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=28568&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=28568&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=28568&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=28568&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=28568&r=dst IIS Stability: http://bugs.php.net/fix.php?id=28568&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=28568&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=28568&r=float