Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:45851
Return-Path: <basant.kukreja@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 51909 invoked from network); 20 Oct 2009 23:03:46 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 20 Oct 2009 23:03:46 -0000
Authentication-Results: pb1.pair.com smtp.mail=basant.kukreja@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=basant.kukreja@gmail.com; sender-id=pass; domainkeys=bad
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.222.176 as permitted sender)
DomainKey-Status: bad
X-DomainKeys: Ecelerity dk_validate implementing draft-delany-domainkeys-base-01
X-PHP-List-Original-Sender: basant.kukreja@gmail.com
X-Host-Fingerprint: 209.85.222.176 mail-pz0-f176.google.com  
Received: from [209.85.222.176] ([209.85.222.176:42384] helo=mail-pz0-f176.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id A6/00-51406-0D14EDA4 for <internals@lists.php.net>; Tue, 20 Oct 2009 19:03:45 -0400
Received: by pzk6 with SMTP id 6so7942766pzk.29
        for <internals@lists.php.net>; Tue, 20 Oct 2009 16:03:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:received:date:message-id:subject
         :from:to:content-type;
        bh=I+IbYx5BHGV/GUDFPR2JBzL3Reqd4QWPm72h3wUkLSk=;
        b=hIIyN9mLn8BJNzlWY7znf8DIqkg6qv00RNWOUnyDijuGjyZuTCkeEcBf5HiUjetUGx
         PbR9GhwbqIg53eWgFjfnRBQBKOSGLnQG+Nw9jSVc1Vb1a9I0m42ej0nbmU0sW7GtLAif
         2jHp6a5FRQXv+X4r2ee/f/n2L9wo8f+9Wrp9I=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:date:message-id:subject:from:to:content-type;
        b=dGgYl616rkVjYFVd881i+R/snsR41A/lO3emieX73ZLcmdKgt9y8xzxso3QxULVH7J
         9A0eG973jOqOyALkpbXUrfHnRdrc2SmEWYyHa0/omyvutymI3edQ1pM3+gLgYeEcpV30
         OQ92H8wq8CARnnR3UuBxOrTZM734KkULrl6YQ=
MIME-Version: 1.0
Received: by 10.143.129.2 with SMTP id g2mr463095wfn.283.1256079821732; Tue, 
	20 Oct 2009 16:03:41 -0700 (PDT)
Date: Tue, 20 Oct 2009 16:03:41 -0700
Message-ID: <33a27ec10910201603g26e6d0dcxecb7a060dcbde13a@mail.gmail.com>
To: internals@lists.php.net
Content-Type: multipart/mixed; boundary=000e0cd5f674957d30047665dfee
Subject: Race condition in PDOStatement (patch)
From: basant.kukreja@gmail.com (Basant Kukreja)

--000e0cd5f674957d30047665dfee
Content-Type: text/plain; charset=ISO-8859-1

Hi,
    There is a race condition in pdo's
PDOStatement->ce.default_properties.ref_count. The integer
is incremented without any lock around it (or using any other atomic APIs).
This causes PDO to crash under stress. Details are given in bug report
http://bugs.php.net/bug.php?id=49937&thanks=1

I have attached the patch for review.

Note :
I could not find any easy locking mechanism available in php sources so needed
to use tsrm_mutex to implement atomic increments. It can be done very
efficiently in many modern OSes but for php 5.2.x, I didn't want to introduce
many changes.

--000e0cd5f674957d30047665dfee
Content-Type: text/plain; charset=US-ASCII; name="pdo_bug_52trunk.txt"
Content-Disposition: attachment; filename="pdo_bug_52trunk.txt"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_g119ct0c0

SW5kZXg6IGV4dC9wZG8vcGRvX3N0bXQuYwo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBleHQvcGRvL3Bkb19zdG10
LmMJKHJldmlzaW9uIDI4OTgwNikKKysrIGV4dC9wZG8vcGRvX3N0bXQuYwkod29ya2luZyBjb3B5
KQpAQCAtMjMyNSw3ICsyMzI1LDcgQEAKIAlzdG10LT5yZWZjb3VudCA9IDE7CiAJQUxMT0NfSEFT
SFRBQkxFKHN0bXQtPnByb3BlcnRpZXMpOwogCXplbmRfaGFzaF9pbml0KHN0bXQtPnByb3BlcnRp
ZXMsIDAsIE5VTEwsIFpWQUxfUFRSX0RUT1IsIDApOwotCXplbmRfaGFzaF9jb3B5KHN0bXQtPnBy
b3BlcnRpZXMsICZzdG10LT5jZS0+ZGVmYXVsdF9wcm9wZXJ0aWVzLCAoY29weV9jdG9yX2Z1bmNf
dCkgenZhbF9hZGRfcmVmLCAodm9pZCAqKSAmdG1wLCBzaXplb2YoenZhbCAqKSk7CisJemVuZF9o
YXNoX2NvcHkoc3RtdC0+cHJvcGVydGllcywgJnN0bXQtPmNlLT5kZWZhdWx0X3Byb3BlcnRpZXMs
IChjb3B5X2N0b3JfZnVuY190KSB6dmFsX2FkZF9yZWZfYXRvbWljLCAodm9pZCAqKSAmdG1wLCBz
aXplb2YoenZhbCAqKSk7CiAKIAlvbGRfc3RtdCA9IChwZG9fc3RtdF90ICopemVuZF9vYmplY3Rf
c3RvcmVfZ2V0X29iamVjdCh6b2JqZWN0IFRTUk1MU19DQyk7CiAJCkBAIC0yNDU0LDcgKzI0NTQs
NyBAQAogCXN0bXQtPnJlZmNvdW50ID0gMTsKIAlBTExPQ19IQVNIVEFCTEUoc3RtdC0+cHJvcGVy
dGllcyk7CiAJemVuZF9oYXNoX2luaXQoc3RtdC0+cHJvcGVydGllcywgMCwgTlVMTCwgWlZBTF9Q
VFJfRFRPUiwgMCk7Ci0JemVuZF9oYXNoX2NvcHkoc3RtdC0+cHJvcGVydGllcywgJmNlLT5kZWZh
dWx0X3Byb3BlcnRpZXMsIChjb3B5X2N0b3JfZnVuY190KSB6dmFsX2FkZF9yZWYsICh2b2lkICop
ICZ0bXAsIHNpemVvZih6dmFsICopKTsKKwl6ZW5kX2hhc2hfY29weShzdG10LT5wcm9wZXJ0aWVz
LCAmY2UtPmRlZmF1bHRfcHJvcGVydGllcywgKGNvcHlfY3Rvcl9mdW5jX3QpIHp2YWxfYWRkX3Jl
Zl9hdG9taWMsICh2b2lkICopICZ0bXAsIHNpemVvZih6dmFsICopKTsKIAogCXJldHZhbC5oYW5k
bGUgPSB6ZW5kX29iamVjdHNfc3RvcmVfcHV0KHN0bXQsICh6ZW5kX29iamVjdHNfc3RvcmVfZHRv
cl90KXplbmRfb2JqZWN0c19kZXN0cm95X29iamVjdCwgKHplbmRfb2JqZWN0c19mcmVlX29iamVj
dF9zdG9yYWdlX3QpcGRvX2Ric3RtdF9mcmVlX3N0b3JhZ2UsICh6ZW5kX29iamVjdHNfc3RvcmVf
Y2xvbmVfdClkYnN0bXRfY2xvbmVfb2JqIFRTUk1MU19DQyk7CiAJcmV0dmFsLmhhbmRsZXJzID0g
JnBkb19kYnN0bXRfb2JqZWN0X2hhbmRsZXJzOwpJbmRleDogVFNSTS9UU1JNLmMKPT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PQotLS0gVFNSTS9UU1JNLmMJKHJldmlzaW9uIDI4OTgwNikKKysrIFRTUk0vVFNSTS5jCSh3b3Jr
aW5nIGNvcHkpCkBAIC03MTQsNiArNzE0LDEyIEBACiAJcmV0dXJuIHJldHZhbDsKIH0KIAorVFNS
TV9BUEkgdm9pZCAqdHNybV9hdG9taWNfaW5jcih2b2xhdGlsZSB1bnNpZ25lZCBpbnQqIHZhbCkK
K3sKKwl0c3JtX211dGV4X2xvY2sodHNtbV9tdXRleCk7CisJKysqdmFsOworCXRzcm1fbXV0ZXhf
dW5sb2NrKHRzbW1fbXV0ZXgpOworfQogCiAKIC8qCkluZGV4OiBUU1JNL1RTUk0uaAo9PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09Ci0tLSBUU1JNL1RTUk0uaAkocmV2aXNpb24gMjg5ODA2KQorKysgVFNSTS9UU1JNLmgJKHdv
cmtpbmcgY29weSkKQEAgLTEzOSw2ICsxMzksNyBAQAogCiBUU1JNX0FQSSB2b2lkICp0c3JtX3Nl
dF9uZXdfdGhyZWFkX2JlZ2luX2hhbmRsZXIodHNybV90aHJlYWRfYmVnaW5fZnVuY190IG5ld190
aHJlYWRfYmVnaW5faGFuZGxlcik7CiBUU1JNX0FQSSB2b2lkICp0c3JtX3NldF9uZXdfdGhyZWFk
X2VuZF9oYW5kbGVyKHRzcm1fdGhyZWFkX2VuZF9mdW5jX3QgbmV3X3RocmVhZF9lbmRfaGFuZGxl
cik7CitUU1JNX0FQSSB2b2lkICp0c3JtX2F0b21pY19pbmNyKHZvbGF0aWxlIHVuc2lnbmVkIGlu
dCogdmFsKTsKIAogLyogdGhlc2UgMyBBUElzIHNob3VsZCBvbmx5IGJlIHVzZWQgYnkgcGVvcGxl
IHRoYXQgZnVsbHkgdW5kZXJzdGFuZCB0aGUgdGhyZWFkaW5nIG1vZGVsCiAgKiB1c2VkIGJ5IFBI
UC9aZW5kIGFuZCB0aGUgc2VsZWN0ZWQgU0FQSS4gKi8KSW5kZXg6IFplbmQvemVuZF92YXJpYWJs
ZXMuYwo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09Ci0tLSBaZW5kL3plbmRfdmFyaWFibGVzLmMJKHJldmlzaW9uIDI4OTgw
NikKKysrIFplbmQvemVuZF92YXJpYWJsZXMuYwkod29ya2luZyBjb3B5KQpAQCAtMTAwLDYgKzEw
MCwxNyBAQAogfQogLyogfX19ICovCiAKKworWkVORF9BUEkgdm9pZCB6dmFsX2FkZF9yZWZfYXRv
bWljKHp2YWwgKipwKSAvKiB7e3sgKi8KK3sKKyNpZmRlZiBaVFMKKwl0c3JtX2F0b21pY19pbmNy
KCYoKnApLT5yZWZjb3VudCk7CisjZWxzZQorCSgqcCktPnJlZmNvdW50Kys7CisjZW5kaWYKK30K
Ky8qIH19fSAqLworCiBaRU5EX0FQSSB2b2lkIF96dmFsX2NvcHlfY3Rvcl9mdW5jKHp2YWwgKnp2
YWx1ZSBaRU5EX0ZJTEVfTElORV9EQykgLyoge3t7ICovCiB7CiAJc3dpdGNoICh6dmFsdWUtPnR5
cGUpIHsKSW5kZXg6IFplbmQvemVuZF92YXJpYWJsZXMuaAo9PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBaZW5kL3pl
bmRfdmFyaWFibGVzLmgJKHJldmlzaW9uIDI4OTgwNikKKysrIFplbmQvemVuZF92YXJpYWJsZXMu
aAkod29ya2luZyBjb3B5KQpAQCAtNzYsNiArNzYsNyBAQAogI2VuZGlmCiAKIFpFTkRfQVBJIHZv
aWQgenZhbF9hZGRfcmVmKHp2YWwgKipwKTsKK1pFTkRfQVBJIHZvaWQgenZhbF9hZGRfcmVmX2F0
b21pYyh6dmFsICoqcCk7CiAKIEVORF9FWFRFUk5fQygpCiAK
--000e0cd5f674957d30047665dfee--