From: slangley at google dot com
Operating system: N/A
PHP version: 5.4.14
Package: XSLT related
Bug Type: Bug
Bug description:The XSLT extension is not thread safe.
Description:
------------
ThreadSanitizer has detected a data race in php_xsl.c.
The function xsltSetGenericErrorFunc is not thread safe, yet it can be
accessed
concurrently by separate threads from the request INIT & SHUTDOWN handlers
in the
xslt extension.
/* {{{ PHP_RINIT_FUNCTION
*/
PHP_RINIT_FUNCTION(xsl)
{
xsltSetGenericErrorFunc(NULL, php_libxml_error_handler);
return SUCCESS;
}
/* }}} */
/* {{{ PHP_RSHUTDOWN_FUNCTION
*/
PHP_RSHUTDOWN_FUNCTION(xsl)
{
xsltSetGenericErrorFunc(NULL, NULL);
return SUCCESS;
}
xsltSetGenericErrorFunc uses two global variables to record state, with no
protection against concurrent access.
from xsltutils.c
xmlGenericErrorFunc xsltGenericError = xsltGenericErrorDefaultFunc;
void *xsltGenericErrorContext = NULL;
/**
* xsltSetGenericErrorFunc:
* @ctx: the new error handling context
* @handler: the new handler function
*
* Function to reset the handler and the error context for out of
* context error messages.
* This simply means that @handler will be called for subsequent
* error messages while not parsing nor validating. And @ctx will
* be passed as first argument to @handler
* One can simply force messages to be emitted to another FILE * than
* stderr by setting @ctx to this file handle and @handler to NULL.
*/
void
xsltSetGenericErrorFunc(void *ctx, xmlGenericErrorFunc handler) {
xsltGenericErrorContext = ctx;
if (handler != NULL)
xsltGenericError = handler;
else
xsltGenericError = xsltGenericErrorDefaultFunc;
}
Calling xsltSetGenericErrorFunc from the module initializer should solve
this
problem.
Test script:
---------------
build PHP with --enable-maintainer-zts.
Execute concurrent requests.
--
Edit bug report at https://bugs.php.net/bug.php?id=64776&edit=1
--
Try a snapshot (PHP 5.4):
https://bugs.php.net/fix.php?id=64776&r=trysnapshot54
Try a snapshot (PHP 5.3):
https://bugs.php.net/fix.php?id=64776&r=trysnapshot53
Try a snapshot (trunk):
https://bugs.php.net/fix.php?id=64776&r=trysnapshottrunk
Fixed in SVN: https://bugs.php.net/fix.php?id=64776&r=fixed
Fixed in release: https://bugs.php.net/fix.php?id=64776&r=alreadyfixed
Need backtrace: https://bugs.php.net/fix.php?id=64776&r=needtrace
Need Reproduce Script: https://bugs.php.net/fix.php?id=64776&r=needscript
Try newer version: https://bugs.php.net/fix.php?id=64776&r=oldversion
Not developer issue: https://bugs.php.net/fix.php?id=64776&r=support
Expected behavior: https://bugs.php.net/fix.php?id=64776&r=notwrong
Not enough info:
https://bugs.php.net/fix.php?id=64776&r=notenoughinfo
Submitted twice:
https://bugs.php.net/fix.php?id=64776&r=submittedtwice
register_globals: https://bugs.php.net/fix.php?id=64776&r=globals
PHP 4 support discontinued: https://bugs.php.net/fix.php?id=64776&r=php4
Daylight Savings: https://bugs.php.net/fix.php?id=64776&r=dst
IIS Stability: https://bugs.php.net/fix.php?id=64776&r=isapi
Install GNU Sed: https://bugs.php.net/fix.php?id=64776&r=gnused
Floating point limitations: https://bugs.php.net/fix.php?id=64776&r=float
No Zend Extensions: https://bugs.php.net/fix.php?id=64776&r=nozend
MySQL Configuration Error: https://bugs.php.net/fix.php?id=64776&r=mysqlcfg
