granicus.if.org Git - php/commit

author	Maksim Nikulin <mnikulin@plesk.com>
	Wed, 23 Jan 2019 05:19:29 +0000 (12:19 +0700)
committer	Nikita Popov <nikita.ppv@gmail.com>
	Mon, 22 Jul 2019 08:32:58 +0000 (10:32 +0200)
commit	bdf24f8d6d9d495ece354d6fd2dd6ed169198a2e
tree	221e99bc6f249ad5e831a960c1ac4eeb05bb7024	tree \| snapshot
parent	82f35ab0890e192e76665194a245365d5d249638	commit \| diff

Prevent use after free in fpm_event_epoll_wait

epoll event backend does not guarantee that child input/output events
are reported before SIGCHILD due to finished worker. While a bunch of
events received by epoll is being processed, child-related structures
may be removed before dispatching of an I/O event for the same child.
The result may be attempt to access to memory region allocated for
another purpose, segfault of the master process, and unavailable web
sites.

Postpone processing of SIGCHILD events till other events in the same
bunch are processed.

Fix Bug #62418 php-fpm master process crashes
Fix Bug #65398 Race condition between SIGCHLD and child stdout/stderr event leads to segfault
Fix Bug #75112 php-fpm crashing, hard to reproduce
Fix Bug #77114 php-fpm master segfaults in fpm_event_epoll_wait/fpm_event_fire
Fix Bug #77185 Use-after-free in FPM master event handling

NEWS		diff \| blob \| history
sapi/fpm/fpm/fpm_events.c		diff \| blob \| history
sapi/fpm/tests/bug77185-reload-robustness.phpt	[new file with mode: 0644]	blob