ID: 40286
Updated by: dmitry@php.net
Reported By: gabriel at oxeva dot fr
-Status: Assigned
+Status: Closed
Bug Type: CGI related
Operating System: Linux 2.6
PHP Version: 4.4.4
Assigned To: dmitry
New Comment:

I hope the bug is fixed in CVS HEAD, PHP_5_2 (not in 5.2.1) and PHP_4_4
(not in 4.4.5).

The patch for PHP_5_2 folows:

Index: sapi/cgi/cgi_main.c
================================================== =================
RCS file: /repository/php-src/sapi/cgi/cgi_main.c,v
retrieving revision 1.267.2.15.2.22
diff -u -p -d -r1.267.2.15.2.22 cgi_main.c
--- sapi/cgi/cgi_main.c 15 Feb 2007 12:33:16 -0000 1.267.2.15.2.22
+++ sapi/cgi/cgi_main.c 16 Feb 2007 11:16:39 -0000
@@ -355,18 +355,14 @@ static int sapi_cgi_send_headers(sapi_he

static int sapi_cgi_read_post(char *buffer, uint count_bytes
TSRMLS_DC)
{
- uint read_bytes=0, tmp_read_bytes;
-#if PHP_FASTCGI
- char *pos = buffer;
-#endif
+ int read_bytes=0, tmp_read_bytes;

count_bytes = MIN(count_bytes, (uint) SG(request_info).content_length
- SG(read_post_bytes));
while (read_bytes < count_bytes) {
#if PHP_FASTCGI
if (fcgi_is_fastcgi()) {
fcgi_request *request = (fcgi_request*) SG(server_context);
- tmp_read_bytes = fcgi_read(request, pos, count_bytes -
read_bytes);
- pos += tmp_read_bytes;
+ tmp_read_bytes = fcgi_read(request, buffer + read_bytes,
count_bytes - read_bytes);
} else {
tmp_read_bytes = read(0, buffer + read_bytes, count_bytes -
read_bytes);
}

Previous Comments:
------------------------------------------------------------------------

[2007-01-31 11:56:49] gabriel at oxeva dot fr

And today, I can now confirm that the bugs exists with PHP 5.2.0 too.
Here is the backtrace :

(gdb) bt
#0 0xb7fb2410 in ?? ()
#1 0xbfc06988 in ?? ()
#2 0x00000008 in ?? ()
#3 0xbfc069b0 in ?? ()
#4 0x006ee4f3 in __read_nocancel () from /lib/tls/libc.so.6
#5 0x0841b6d4 in fcgi_init_request ()
#6 0x0841b770 in fcgi_read ()
#7 0x0841c546 in fcgi_putenv ()
#8 0x08382d33 in sapi_deactivate ()
#9 0x0837c4f6 in php_request_shutdown ()
#10 0x0841e463 in main ()

------------------------------------------------------------------------

[2007-01-30 14:33:38] gabriel at oxeva dot fr

Forgot to mention that the backtrace provided is from a PHP 5.1.4
process, not php 5.2. Sorry for the misreading.

I can compile and run a PHP 5.2 process and wait for having one killed
without his children, but it will take some time to give you the
results.

------------------------------------------------------------------------

[2007-01-30 14:27:52] gabriel at oxeva dot fr

Missed to say that PHP 5 has exactly the same problem

------------------------------------------------------------------------

[2007-01-30 14:26:42] gabriel at oxeva dot fr

strace -p <PID> provides the following :
read(3, <unfinished ...>

and gdb program <PID> and "bt" provides :
(gdb) bt
#0 0xb7fe3410 in ?? ()
#1 0xbfd86618 in ?? ()
#2 0x00000008 in ?? ()
#3 0xbfd86600 in ?? ()
#4 0x008e14f3 in __read_nocancel () from /lib/tls/libc.so.6
#5 0x083ba23e in fcgi_read ()
#6 0x083bbb38 in FCGX_FPrintF ()
#7 0x0831ab22 in sapi_deactivate ()
#8 0x08314a3d in php_request_shutdown ()
#9 0x083bcdeb in main ()

Please note that I can't test with debugging symbols (the libraries and
PHP are stripped), as this binary is in production environment and the
bug occurs only under load.

------------------------------------------------------------------------

[2007-01-30 13:20:40] dmitry@php.net

Could you plase attach debugger to non-killed process and provide
backtrace.

Do php-5.2 has the same problem?

------------------------------------------------------------------------

The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/40286

--
Edit this bug report at http://bugs.php.net/?id=40286&edit=1