From d5c632f1739def1e8b6dea7acf1b484071748abd Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> Date: Fri, 28 Jun 2024 18:26:47 +0200 Subject: [PATCH] Fix GH-14537: shmop Windows 11 crashes the process The error handling code isn't entirely right in two places. One of the code blocks is dead because of an always-false condition, and another code block is missing the assignment of a NULL pointer. Getting the exact same behaviour is not entirely possible because you can't extend the size of a shared memory region after it was made with the Windows APIs we use, unless we destroy the region and recreate it, but that has other consequences. However, it certainly shouldn't crash. --- TSRM/tsrm_win32.c | 5 +++-- ext/shmop/tests/gh14537.phpt | 27 +++++++++++++++++++++++++++ 2 files changed, 30 insertions(+), 2 deletions(-) create mode 100644 ext/shmop/tests/gh14537.phpt diff --git a/TSRM/tsrm_win32.c b/TSRM/tsrm_win32.c index dc8f9fefa3ab1..0af03b6ed8985 100644 --- a/TSRM/tsrm_win32.c +++ b/TSRM/tsrm_win32.c @@ -709,6 +709,7 @@ TSRM_API int shmget(key_t key, size_t size, int flags) CloseHandle(shm->segment); } UnmapViewOfFile(shm->descriptor); + shm->descriptor = NULL; return -1; } @@ -744,8 +745,8 @@ TSRM_API int shmdt(const void *shmaddr) shm->descriptor->shm_lpid = getpid(); shm->descriptor->shm_nattch--; - ret = 1; - if (!ret && shm->descriptor->shm_nattch <= 0) { + ret = 0; + if (shm->descriptor->shm_nattch <= 0) { ret = UnmapViewOfFile(shm->descriptor) ? 0 : -1; shm->descriptor = NULL; } diff --git a/ext/shmop/tests/gh14537.phpt b/ext/shmop/tests/gh14537.phpt new file mode 100644 index 0000000000000..05af26a70ffa9 --- /dev/null +++ b/ext/shmop/tests/gh14537.phpt @@ -0,0 +1,27 @@ +--TEST-- +GH-14537: shmop Windows 11 crashes the process +--EXTENSIONS-- +shmop +--SKIPIF-- + +--FILE-- + +--EXPECTF-- +object(Shmop)#1 (0) { +} + +Warning: shmop_open(): Unable to attach or create shared memory segment "No error" in %s on line %d +bool(false)