From: novicky at aarongroup dot cz
Operating system: all
PHP version: 4.3.7RC1
PHP Bug Type: Informix related
Bug description: connection id is not thread safe, possible crash during module
shutdown
Description:
------------
Identification strings used for connections, statements and descriptors
are not thread safe. There is a possible mix-up of identifications under
multithread webservers.
There is a possible memory allocation during module shutdown in function
ifx_do_close which can lead crash.
Here is a patch for ifx.ec
--- php-4.3.7RC1.orig/ext/informix/ifx.ec 2003-11-03 00:14:06.000000000
+0100
+++ php-4.3.7RC1/ext/informix/ifx.ec 2004-05-29 18:14:16.000000000 +0200
@@ -297,30 +297,13 @@
if (ifx_check() == 0) {
/* DISCONNECT again, after rollback */
EXEC SQL DISCONNECT :link;
- if (ifx_check() < 0) {
- IFXG(sv_sqlcode) = SQLCODE;
- php_error_docref(NULL TSRMLS_CC, E_WARNING,
"Disconnect link %s
after Automatic Rollback fails (%s)", link, ifx_error(link));
- }
}
- if (ifx_check() < 0) {
+ else if (ifx_check() < 0) {
/* CLOSE database if rollback or disconnect fails */
EXEC SQL CLOSE DATABASE;
- if (ifx_check() < 0) {
- IFXG(sv_sqlcode) = SQLCODE;
- php_error_docref(NULL TSRMLS_CC, E_WARNING,
"Close database fails %s
(%s)", link, ifx_error(link));
- }
- }
- }
- else if (SQLCODE < 0) {
- IFXG(sv_sqlcode) = SQLCODE;
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Disconnect link
%s fails
(%s)", link, ifx_error(link));
}
}
- else {
- IFXG(sv_sqlcode) = SQLCODE;
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Set connection %s fails
(%s)", link, ifx_error(link));
}
-
}
static void _close_ifx_link(zend_rsrc_list_entry *rsrc TSRMLS_DC)
@@ -532,7 +515,11 @@
/* create the link */
ifx = (char *) malloc(sizeof(IFX));
IFXG(connectionid)++;
+#ifdef ZTS
+ sprintf(ifx, "%s%x_%x", SAFE_STRING(user), tsrm_thread_id(),
IFXG(connectionid));
+#else
sprintf(ifx, "%s%x", SAFE_STRING(user), IFXG(connectionid));
+#endif
EXEC SQL CONNECT TO :host AS :ifx USER :user USING :passwd WITH
CONCURRENT TRANSACTION;
@@ -629,7 +616,11 @@
ifx = (char *) emalloc(sizeof(IFX));
IFXG(connectionid)++;
+#ifdef ZTS
+ sprintf(ifx, "connec%x_%x", tsrm_thread_id(), IFXG(connectionid));
+#else
sprintf(ifx, "connec%x", IFXG(connectionid));
+#endif
EXEC SQL CONNECT TO :host AS :ifx USER :user USING :passwd WITH
CONCURRENT TRANSACTION;
@@ -800,10 +791,17 @@
statement = Z_STRVAL_PP(query);
IFXG(cursorid)++;
+#ifdef ZTS
+ sprintf(statemid, "statem%x_%x", tsrm_thread_id(), IFXG(cursorid));
+ sprintf(cursorid, "cursor%x_%x", tsrm_thread_id(), IFXG(cursorid));
+ sprintf(descrpid, "descrp%x_%x", tsrm_thread_id(), IFXG(cursorid));
+ sprintf(i_descrpid, "i_descrp%x_%x", tsrm_thread_id(), IFXG(cursorid));
+#else
sprintf(statemid, "statem%x", IFXG(cursorid));
sprintf(cursorid, "cursor%x", IFXG(cursorid));
sprintf(descrpid, "descrp%x", IFXG(cursorid));
sprintf(i_descrpid, "i_descrp%x", IFXG(cursorid));
+#endif
EXEC SQL set connection :ifx;
PHP_IFX_CHECK_CONNECTION(ifx);
@@ -1206,10 +1204,17 @@
statement = Z_STRVAL_PP(query);
IFXG(cursorid)++;
+#ifdef ZTS
+ sprintf(statemid, "statem%x_%x", tsrm_thread_id(), IFXG(cursorid));
+ sprintf(cursorid, "cursor%x_%x", tsrm_thread_id(), IFXG(cursorid));
+ sprintf(descrpid, "descrp%x_%x", tsrm_thread_id(), IFXG(cursorid));
+ sprintf(i_descrpid, "i_descrp%x_%x", tsrm_thread_id(), IFXG(cursorid));
+#else
sprintf(statemid, "statem%x", IFXG(cursorid));
sprintf(cursorid, "cursor%x", IFXG(cursorid));
sprintf(descrpid, "descrp%x", IFXG(cursorid));
sprintf(i_descrpid, "i_descrp%x", IFXG(cursorid));
+#endif
EXEC SQL set connection :ifx;
PHP_IFX_CHECK_CONNECTION(ifx);
Moreover there is a memory leak in all php_error_docref calls where
ifx_error(ifx) is used. There are 64 bytes allocated which are never
free.
--
Edit bug report at http://bugs.php.net/?id=28569&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=28569&r=trysnapshot4
Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=28569&r=trysnapshot5
Fixed in CVS: http://bugs.php.net/fix.php?id=28569&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=28569&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=28569&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=28569&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=28569&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=28569&r=support
Expected behavior: http://bugs.php.net/fix.php?id=28569&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=28569&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=28569&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=28569&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=28569&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=28569&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=28569&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=28569&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=28569&r=float
