Date: Tue, 4 Jan 2011 02:57:09 -0800 From: Jeremy Chadwick <freebsd@jdc.parodius.com> To: freebsd-apache@freebsd.org Cc: ale@FreeBSD.org Subject: Confirmed infinite loop/wedging bug in PHP on i386 Message-ID: <20110104105709.GA4002@icarus.home.lan>
next in thread | raw e-mail | index | archive | help
There's some discussion in the "web world" about a known problem with PHP on 32-bit x86 architectures: http://www.exploringbinary.com/php-hangs-on-numeric-value-2-2250738585072011e-308/ http://news.ycombinator.com/item?id=2066084 I've confirmed FreeBSD is affected, with PHP built from ports. The issue does not affect amd64. I don't have other architectures to test with, but I imagine only x86 is affected. Testing/reproducing it is simple via CLI: php -r '$d = 2.2250738585072011e-308;' The interpreter will immediately begin chewing up 100% CPU. FreeBSD version does not appear to matter. This issue would affect CLI, CGI, and Apache module versions, and depending on one's code, would be exploitable via $_GET and $_POST variables or similar. That's one thing that makes this incredibly dangerous (classifiable as a DoS). Server administrators should be very concerned; ktrace/truss/etc. will not show anything going on when this happens, only that the process is taking up 100% CPU. For an explanation that makes a bit of sense, see the 2nd URL above, and search for "IA-32". I imagine optimisation levels (-O vs. -O0 vs. -O2) can play a role here as well. The workaround seems to be adding -ffloat-store to CFLAGS during compile-time on 32-bit architectures. I haven't personally tested this, but the explanation seems reasonable. -- | Jeremy Chadwick jdc@parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP 4BD6C0CB |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110104105709.GA4002>