From mi@aldan.algebra.com  Sun Aug 19 20:58:12 2007
Return-Path: <mi@aldan.algebra.com>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5B42B16A469
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 19 Aug 2007 20:58:12 +0000 (UTC)
	(envelope-from mi@aldan.algebra.com)
Received: from aldan.algebra.com (aldan.algebra.com [216.254.65.224])
	by mx1.freebsd.org (Postfix) with ESMTP id 1780B13C474
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 19 Aug 2007 20:58:11 +0000 (UTC)
	(envelope-from mi@aldan.algebra.com)
Received: from aldan.algebra.com (localhost [127.0.0.1])
	by aldan.algebra.com (8.14.1/8.14.1) with ESMTP id l7JKwBbg016990
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Sun, 19 Aug 2007 16:58:11 -0400 (EDT)
	(envelope-from mi@aldan.algebra.com)
Received: (from mi@localhost)
	by aldan.algebra.com (8.14.1/8.14.1/Submit) id l7JKwAw6016989;
	Sun, 19 Aug 2007 16:58:10 -0400 (EDT)
	(envelope-from mi)
Message-Id: <200708192058.l7JKwAw6016989@aldan.algebra.com>
Date: Sun, 19 Aug 2007 16:58:10 -0400 (EDT)
From: "Mikhail T." <mi@aldan.algebra.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc: jdp@polstra.com
Subject: make dlclose atexit-aware (patch)
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         115631
>Category:       kern
>Synopsis:       [libc] [patch] [request] make dlclose(3) atexit-aware
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sun Aug 19 21:00:03 GMT 2007
>Closed-Date:    
>Last-Modified:  Wed Jul 13 13:50:06 UTC 2011
>Originator:     Mikhail T.
>Release:        FreeBSD 6.2-STABLE amd64
>Organization:
Virtual Estates, Inc.
>Environment:
System: FreeBSD 6.2-STABLE

>Description:
	Currently, an application can shoot itself in the tail by
	registering a symbol with atexit and then dlclose-ing the
	library, which provides the symbol.

	Programs aren't supposed to that, but sometimes they do --
	most notably ImageMagick, which dlopens libjasper, which
	registers its own clean-up routine with atexit.

	The proposed patch will make such bugs easier to diagnose --
	the ImageMagick problem (crash upon exiting) was mystifying
	people for years...

>How-To-Repeat:

>Fix:
	The up-to-date version of the patch can be found here:

		http://aldan.algebra.com/~mi/dlclose-atexit.patch

	It exposes the __atexit pointer defined in atexit.c and its
	type and modifies dlclose to scan through all listed functions
	looking for those, that belong to the object being dlclosed.

	The method to check whether a symbol belongs to an object
	is to check, whether the address is between mapbase and
	mapbase+mapsize of the entry.

	What could be improved is the addition of a an addr_to_name
	lookup -- to print the _name_ of the function found to be
	registered with atexit, rather than merely the function's
	address.
>Release-Note:
>Audit-Trail:

From: Simun Mikecin <numisemis@yahoo.com>
To: Gordon Stratton <tsr2600@gmail.com>
Cc: freebsd-database@freebsd.org, mi@aldan.algebra.com,
  bug-followup@freebsd.org
Subject: bin/115631: Re: PHP5 + oci8 consistently segfaults on script exit
Date: Thu, 13 Sep 2007 03:52:08 -0700 (PDT)

 --- Gordon Stratton <tsr2600@gmail.com> wrote:
 > I did some testing, and the patch does seem to help. However, there seem
 > to be a couple cases where a segmentation fault still occurs.  The first
 > is when I attempt to open a file with PHP that does not exist:
 > 
 > $ php doesntexist
 > Could not open input file: doesntexist
 > Segmentation fault
 > 
 > The second case involves a different PHP extension, pdo_dblib.so (the
 > OCI8 extensions seem to work OK now):
 > 
 > (gdb) bt
 > #0  0x2912313c in ?? ()
 > #1  0x285855c7 in pthread_mutex_lock () from /lib/libc.so.6
 > #2  0x28f09bf3 in dbexit () from /usr/local/lib/libsybdb.so.5
 > #3  0x28efb86b in zm_shutdown_pdo_dblib () from
 > /usr/local/lib/php/20060613-debug/pdo_dblib.so
 > #4  0x0816ceb0 in module_destructor (module=0x832a300) at
 > /usr/ports/lang/php5/work/php-5.2.3/Zend/zend_API.c:1894
 > #5  0x0817171a in zend_hash_apply_deleter (ht=0x826c620, p=0x8330280)
 > at /usr/ports/lang/php5/work/php-5.2.3/Zend/zend_hash.c:611
 > #6  0x08171873 in zend_hash_graceful_reverse_destroy (ht=0x826c620) at
 > /usr/ports/lang/php5/work/php-5.2.3/Zend/zend_hash.c:646
 > #7  0x08166ca7 in zend_shutdown () at
 > /usr/ports/lang/php5/work/php-5.2.3/Zend/zend.c:733
 > #8  0x081205f5 in php_module_shutdown () at
 > /usr/ports/lang/php5/work/php-5.2.3/main/main.c:1684
 > #9  0x081ce73b in main (argc=20, argv=0xbfbfeca0) at
 > /usr/ports/lang/php5/work/php-5.2.3/sapi/cli/php_cli.c:1333
 
 Have those two cases (doesntexist and pdo_dblib) segfaulted without this patch?
 
 
 
        
 ____________________________________________________________________________________
 Yahoo! oneSearch: Finally, mobile search 
 that gives answers, not web links. 
 http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC

From: "Gordon Stratton" <tsr2600@gmail.com>
To: numisemis@yahoo.com
Cc: freebsd-database@freebsd.org, mi@aldan.algebra.com, bug-followup@freebsd.org
Subject: Re: bin/115631: Re: PHP5 + oci8 consistently segfaults on script exit
Date: Thu, 13 Sep 2007 10:34:54 -0700

 > On 9/13/07, Simun Mikecin <numisemis@yahoo.com> wrote:
 > Have those two cases (doesntexist and pdo_dblib) segfaulted without this patch?
 
 (CC'ing lists this time, my apologies)
 
 doesntexist segfaults without the patch for sure, I can't say for sure
 about pdo_dblib.. I never _saw_ it but it's possible that other modules
 were segfaulting first so it never got a chance to segfault. There is at
 least one case now where PHP does not segfault with the patch where it
 did before.
 
 Gordon

From: "Mikhail T." <mi+thun@aldan.algebra.com>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/115631: [libc] [patch] [request] make dlclose(3) atexit-aware
Date: Wed, 13 Jul 2011 09:12:58 -0400

 This remains a problem on 8.2 today. multimedia/vlc port always dumps 
 core on exit and the core's stack always contains __cxa_atexit()
 
 The patch I submitted with this PR 4 years ago still applies.
 
     -mi
 
>Unformatted:
