Fix #61557: CGI/FPM process could crash when using libxml #194

Closed
wants to merge 1 commit into
from

Conversation

Projects
None yet
3 participants

Discussion @ https://bugs.php.net/bug.php?id=61557

Since d8bddb9 some SAPI would only
setup/reset callbacks to libxml once, instead of for each request
processed. However, this also included a callback for structured
errors, which should remain per request (as it can be defined through
PHP's libxml_use_internal_errors).

As a result, after the internal handler was set in a request,
processing another request would result in the handler being triggered
while the memory associated with it (LIBXML(error_list)) had been
free-d/reset, leading to the process segfaulting.

This reset the handler for structured errors after each request.

(Bug #61325 might possibly also be the same bug)

@jjk-jacky jjk-jacky Fix #61557: CGI/FPM process could crash when using libxml
Since d8bddb9 some SAPI would only
setup/reset callbacks to libxml once, instead of for each request
processed. However, this also included a callback for structured
errors, which should remain per request (as it can be defined through
PHP's libxml_use_internal_errors).

As a result, after the internal handler was set in a request,
processing another request would result in the handler being triggered
while the memory associated with it (LIBXML(error_list)) had been
free-d/reset, leading to the process segfaulting.

This reset the handler for structured errors after each request.

(Bug #61325 might possibly also be the same bug)
3628204
Contributor

lstrojny commented Sep 18, 2012

As far as I understand the FPM codebase, the patch looks sane. Could you add a testcase for it as well?

I tried to see how tests work, but I'm not sure how to do it. This is a bit of a "special" case I suppose, because in order to test this bug we need to have two different requests processed by the same cgi/fpm process, and I don't know how to make that happen in a test.

Otherwise the test can be as simple as running:

<?php var_dump(libxml_use_internal_errors(true)); ?>

It should always return bool(false), but the second request (on the same process) will return bool(true). Which also means that if the callback was to be used, the process would segfault.

Contributor

lstrojny commented Dec 2, 2012

Hm, I see. I guess we are unlucky getting a test here.

Comment on behalf of lstrojny at php.net:

Already merged. Thanks!

php-pulls closed this Jan 6, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment