#25316 [Opn]: _php_stream_write() gets stuck in infinite loop on any error to send()

Fri, 29 Aug 2003 19:03:01 +0000 

 ID:               25316
 User updated by:  polone at townnews dot com
 Reported By:      polone at townnews dot com
 Status:           Open
-Bug Type:         *PDF functions
+Bug Type:         Reproducible crash
 Operating System: Any
 PHP Version:      4.3.3
 New Comment:

Changing category to a reproducible crash, accidentally set it to *PDF
Functions.


Previous Comments:
------------------------------------------------------------------------

[2003-08-29 13:49:54] polone at townnews dot com

Description:
------------
(Please note, this looks like a similiar bug as #22753, but it is not -
it's in a function layer much more abstract than the main/network.c
bug, this one is in main/streams.c)

A problem that occurs quite often with PHP scripts when remote hosts
disconnect applications in PHP using the streams API is infinite
looping with SIGPIPE. It appears an early attempt to remedy the
situation was to ignore SIGPIPE, but this is not where the problem is.
After reviewing the _php_stream_write() code and testing the loop in an
error condition of -1, it became obvious why the looping occurs.

The while() loop will never exit if an error occurs in the underlying
send() call. This is because it returns a negative value (-1), but the
type assigned in _php_stream_write() is size_t for the variable
justwrote. For reference, "size_t" IS AN UNSIGNED INT, which means the
condition:

if (justwrote > 0) {

   // Buffering code

} else {
   break;
}

will never execute the "else" condition. To fix this, change the
following:

size_t didwrite = 0, towrite;
int justwrote;

This bug has been present (as far as I can tell) since PHP 4.3.0. In
addition, another change I've made is too main/network.c, in the
php_sockop_write() function. Instead of ignoring SIGPIPE as the default
handler, it would be better to set:

didwrite = send(sock->socket, buf, count, MSG_NOSIGNAL);

This will still work correctly when SIGPIPE would have been issued as
EPIPE is still returned.

Reproduce code:
---------------
<?php

$fp = fsockopen ("localhost", 80);
while(fwrite($fp, "GET /doesntmatter HTTP/1.0\n\n")) {

    sleep(1);

}

?>

Expected result:
----------------
To end eventually. Instead, the script will eventually issue a SIGPIPE
and create an infinite loop.

Actual result:
--------------
It never ends.


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=25316&edit=1

Reply via email to