Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:45875
Return-Path: <basant.kukreja@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 95127 invoked from network); 23 Oct 2009 18:22:04 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 23 Oct 2009 18:22:04 -0000
Authentication-Results: pb1.pair.com header.from=basant.kukreja@gmail.com; sender-id=pass; domainkeys=bad
Authentication-Results: pb1.pair.com smtp.mail=basant.kukreja@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.222.172 as permitted sender)
DomainKey-Status: bad
X-DomainKeys: Ecelerity dk_validate implementing draft-delany-domainkeys-base-01
X-PHP-List-Original-Sender: basant.kukreja@gmail.com
X-Host-Fingerprint: 209.85.222.172 mail-pz0-f172.google.com  
Received: from [209.85.222.172] ([209.85.222.172:64234] helo=mail-pz0-f172.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 67/B0-26006-B44F1EA4 for <internals@lists.php.net>; Fri, 23 Oct 2009 14:22:04 -0400
Received: by pzk2 with SMTP id 2so4100396pzk.26
        for <internals@lists.php.net>; Fri, 23 Oct 2009 11:21:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:received:in-reply-to:references
         :date:message-id:subject:from:to:content-type;
        bh=bCjrxLcfeRjb9L0ed9VMuZmLOLjrG5/kcxczHghCwz0=;
        b=MP9iU9aQFHKpa0qF8NBgbIlylN08LtlIQlU6QIsMWABr2UKoFpyRNQ8bMljDUEEdw9
         IW05hjmkv8cSCUnmlbJGTEp2tmtlo2cPhpl9F60AlFhBRgvdEPquQiO0pztRS54LdVvr
         zgvrlrbxd3sLqKjo6P8DBFPP7noumxoVVXx/o=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        b=dbL1LPx9RYN0xJqNFtS8TOZBwnGsAZOJV3546O07UBOAp29r7fNtQm/xXnNoQTUULH
         +rZ2cUAiGzuaQQYjgPyxZkFQ7LtZE4CeOJwhNdAqU1YZWbyT1HoYAEdj9x4TfJ+SbJw/
         lbjAo35xeoaV2apQnb61Jmv3YZHk6NeaTezOk=
MIME-Version: 1.0
Received: by 10.142.66.34 with SMTP id o34mr841950wfa.262.1256322117447; Fri, 
	23 Oct 2009 11:21:57 -0700 (PDT)
In-Reply-To: <33a27ec10910201603g26e6d0dcxecb7a060dcbde13a@mail.gmail.com>
References: <33a27ec10910201603g26e6d0dcxecb7a060dcbde13a@mail.gmail.com>
Date: Fri, 23 Oct 2009 11:21:57 -0700
Message-ID: <33a27ec10910231121j222a2d21lc496bac79627444c@mail.gmail.com>
To: internals@lists.php.net
Content-Type: multipart/mixed; boundary=001636e908f788b18704769e49c0
Subject: Re: Race condition in PDOStatement (patch)
From: basant.kukreja@gmail.com (Basant Kukreja)

--001636e908f788b18704769e49c0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

I have revised the patch for the race condition. New patch is much
less invasive and
scope of the change is restricted to pdo only.

Details are there in the bug.
Patch is attached.

Regards,
Basant.

On Tue, Oct 20, 2009 at 4:03 PM, Basant Kukreja
<basant.kukreja@gmail.com> wrote:
> Hi,
> =A0 =A0There is a race condition in pdo's
> PDOStatement->ce.default_properties.ref_count. The integer
> is incremented without any lock around it (or using any other atomic APIs=
).
> This causes PDO to crash under stress. Details are given in bug report
> http://bugs.php.net/bug.php?id=3D49937&thanks=3D1
>
> I have attached the patch for review.
>
> Note :
> I could not find any easy locking mechanism available in php sources so n=
eeded
> to use tsrm_mutex to implement atomic increments. It can be done very
> efficiently in many modern OSes but for php 5.2.x, I didn't want to intro=
duce
> many changes.
>

--001636e908f788b18704769e49c0
Content-Type: text/plain; charset=US-ASCII; name="pdo_bug_52trunk.txt"
Content-Disposition: attachment; filename="pdo_bug_52trunk.txt"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_g159mru31

SW5kZXg6IGV4dC9wZG8vcGRvX3N0bXQuYwo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBleHQvcGRvL3Bkb19zdG10
LmMJKHJldmlzaW9uIDI4OTgwNikKKysrIGV4dC9wZG8vcGRvX3N0bXQuYwkod29ya2luZyBjb3B5
KQpAQCAtMjMxMiw2ICsyMzEyLDU0IEBACiAJcmV0dXJuIC0xOwogfQogCitzdGF0aWMgdm9pZCBp
bml0X3N0bXRfcHJvcGVydGllcyhwZG9fc3RtdF90KiBzdG10IFRTUk1MU19EQykKK3sKKwlIYXNo
VGFibGUqIGh0ID0gICZzdG10LT5jZS0+ZGVmYXVsdF9wcm9wZXJ0aWVzOworCUhhc2hUYWJsZSog
dGFyZ2V0ID0gc3RtdC0+cHJvcGVydGllczsKKworCUhhc2hQb3NpdGlvbiBwb3M7CisJemVuZF9o
YXNoX2ludGVybmFsX3BvaW50ZXJfcmVzZXRfZXgoaHQsICZwb3MpOworCXdoaWxlKHplbmRfaGFz
aF9oYXNfbW9yZV9lbGVtZW50c19leChodCwgJnBvcykKKwkJCSAgIAk9PSBTVUNDRVNTKSB7CisJ
CXVsb25nIGluZGV4OworCQljaGFyKiBrZXkgPSBOVUxMOworCQl1aW50IGtleWxlbiA9IDA7CisJ
CWludCByZXQgPSB6ZW5kX2hhc2hfZ2V0X2N1cnJlbnRfa2V5X2V4KGh0LAorCQkJCQkJCQkJCQkg
ICAma2V5LAorCQkJCQkJCQkJCQkgICAma2V5bGVuLAorCQkJCQkJCQkJCQkgICAmaW5kZXgsIDAs
CisJCQkJCQkJCQkJCSAgICZwb3MpOworCQlpZiAoKGtleWxlbiA9PSBzaXplb2YoInF1ZXJ5U3Ry
aW5nIikpCisJCQkJJiYgKHN0cm5jbXAoa2V5LCAicXVlcnlTdHJpbmciLCBrZXlsZW4pID09IDAp
KSB7CisJCQl6dmFsKiBxdmFsOworCQkJLyogU2luY2UgdGhlIHZhbHVlIGZvciB0aGUga2V5IHF1
ZXJ5U3RyaW5nIGluCisJCQkgKiBzdG10LT5jZS0+ZGVmYXVsdF9wcm9wZXJ0aWVzIGlzIHNoYXJl
ZCBieSBtdWx0aXBsZSB0aHJlYWRzIHNvCisJCQkgKiB3ZSBjYW4gbm90IGFkZCB0aGUgc2FtZSB6
dmFsIGluIHN0bXQtPnByb3BlcnRpZXMuIHdlIG5lZWQgdG8KKwkJCSAqIGNyZWF0ZSBhIG51bGwg
cHJvcGVydHkgb2JqZWN0LiBTZWUgQnVnIDQ5OTM3ICovCisJCQlBTExPQ19JTklUX1pWQUwocXZh
bCk7CisJCQl6ZW5kX2hhc2hfYWRkKHN0bXQtPnByb3BlcnRpZXMsICJxdWVyeVN0cmluZyIsIAor
CQkJCQkJICBzaXplb2YoInF1ZXJ5U3RyaW5nIiksICh2b2lkKiopICZxdmFsLCBzaXplb2YoenZh
bCopLCBOVUxMKTsKKwkJfQorCQllbHNlIHsKKwkJCXZvaWQqIGRhdGEgPSBOVUxMOworCQkJemVu
ZF9oYXNoX2dldF9jdXJyZW50X2RhdGFfZXgoaHQsCisJCQkJCQkJCQkJICAodm9pZCAqKikgJmRh
dGEsICZwb3MpOworCQkJdm9pZCAqbmV3X2VudHJ5ID0gTlVMTDsKKwkJCWlmIChkYXRhKSB7CisJ
CQkJLyogV2UgZXhwZWN0IGtleWxlbiBzaG91bGQgYmUgPiAwLiBkZWZhdWx0X3Byb3BlcnRpZXMg
aGFzaAorCQkJCSAqIHNob3VsZCBvbmx5IGNvbnRhaW4gbmFtZWQga2V5cyAqLworCQkJCWlmIChr
ZXlsZW4pIHsKKwkJCQkJemVuZF9oYXNoX3F1aWNrX3VwZGF0ZSh0YXJnZXQsIGtleSwga2V5bGVu
LCAwLCBkYXRhLCBzaXplb2Yodm9pZCopLCAmbmV3X2VudHJ5KTsKKwkJCQl9IAorCQkJCWlmIChu
ZXdfZW50cnkpIHsKKwkJCQkJenZhbF9hZGRfcmVmKG5ld19lbnRyeSk7CisJCQkJfQorCQkJfQor
CQl9CisJCXplbmRfaGFzaF9tb3ZlX2ZvcndhcmRfZXgoaHQsICZwb3MpOworCX0KK30KKwogc3Rh
dGljIHplbmRfb2JqZWN0X3ZhbHVlIGRic3RtdF9jbG9uZV9vYmooenZhbCAqem9iamVjdCBUU1JN
TFNfREMpCiB7CiAJemVuZF9vYmplY3RfdmFsdWUgcmV0dmFsOwpAQCAtMjMyNSw3ICsyMzczLDcg
QEAKIAlzdG10LT5yZWZjb3VudCA9IDE7CiAJQUxMT0NfSEFTSFRBQkxFKHN0bXQtPnByb3BlcnRp
ZXMpOwogCXplbmRfaGFzaF9pbml0KHN0bXQtPnByb3BlcnRpZXMsIDAsIE5VTEwsIFpWQUxfUFRS
X0RUT1IsIDApOwotCXplbmRfaGFzaF9jb3B5KHN0bXQtPnByb3BlcnRpZXMsICZzdG10LT5jZS0+
ZGVmYXVsdF9wcm9wZXJ0aWVzLCAoY29weV9jdG9yX2Z1bmNfdCkgenZhbF9hZGRfcmVmLCAodm9p
ZCAqKSAmdG1wLCBzaXplb2YoenZhbCAqKSk7CisJaW5pdF9zdG10X3Byb3BlcnRpZXMoc3RtdCBU
U1JNTFNfQ0MpOwogCiAJb2xkX3N0bXQgPSAocGRvX3N0bXRfdCAqKXplbmRfb2JqZWN0X3N0b3Jl
X2dldF9vYmplY3Qoem9iamVjdCBUU1JNTFNfQ0MpOwogCQpAQCAtMjQ1NCw3ICsyNTAyLDcgQEAK
IAlzdG10LT5yZWZjb3VudCA9IDE7CiAJQUxMT0NfSEFTSFRBQkxFKHN0bXQtPnByb3BlcnRpZXMp
OwogCXplbmRfaGFzaF9pbml0KHN0bXQtPnByb3BlcnRpZXMsIDAsIE5VTEwsIFpWQUxfUFRSX0RU
T1IsIDApOwotCXplbmRfaGFzaF9jb3B5KHN0bXQtPnByb3BlcnRpZXMsICZjZS0+ZGVmYXVsdF9w
cm9wZXJ0aWVzLCAoY29weV9jdG9yX2Z1bmNfdCkgenZhbF9hZGRfcmVmLCAodm9pZCAqKSAmdG1w
LCBzaXplb2YoenZhbCAqKSk7CisJaW5pdF9zdG10X3Byb3BlcnRpZXMoc3RtdCBUU1JNTFNfQ0Mp
OwogCiAJcmV0dmFsLmhhbmRsZSA9IHplbmRfb2JqZWN0c19zdG9yZV9wdXQoc3RtdCwgKHplbmRf
b2JqZWN0c19zdG9yZV9kdG9yX3QpemVuZF9vYmplY3RzX2Rlc3Ryb3lfb2JqZWN0LCAoemVuZF9v
YmplY3RzX2ZyZWVfb2JqZWN0X3N0b3JhZ2VfdClwZG9fZGJzdG10X2ZyZWVfc3RvcmFnZSwgKHpl
bmRfb2JqZWN0c19zdG9yZV9jbG9uZV90KWRic3RtdF9jbG9uZV9vYmogVFNSTUxTX0NDKTsKIAly
ZXR2YWwuaGFuZGxlcnMgPSAmcGRvX2Ric3RtdF9vYmplY3RfaGFuZGxlcnM7Cg==
--001636e908f788b18704769e49c0--