From e2a5909ba3e2432ccf20fc8530a2f77e43149fd5 Mon Sep 17 00:00:00 2001 From: David Carlier Date: Thu, 19 Feb 2026 12:47:54 +0000 Subject: [PATCH 1/2] ext/pcntl: fix pcntl_setns() error handling. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Save errno into a local int before calling close(fd), as close() may clobber errno on failure. Use int rather than errno_t because errno_t is defined in C11 Annex K (bounds-checking interfaces) which is optional and not widely implemented — many platforms (Linux/glibc, musl, macOS, FreeBSD) do not provide it. close GH-21256 --- NEWS | 4 ++++ ext/pcntl/pcntl.c | 11 ++++++----- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/NEWS b/NEWS index 3c7e82dece6e2..8a0b388025580 100644 --- a/NEWS +++ b/NEWS @@ -41,6 +41,10 @@ PHP NEWS - OpenSSL: . Fix a bunch of leaks and error propagation. (ndossche) +- PCNTL: + . Fixed pcntl_setns() internal errors handling regarding errnos. + (David Carlier) + - PDO_PGSQL: . Fixed bug GH-21055 (connection attribute status typo for GSS negotiation). (lsaos) diff --git a/ext/pcntl/pcntl.c b/ext/pcntl/pcntl.c index 2034ca80b05b8..853215e39f91d 100644 --- a/ext/pcntl/pcntl.c +++ b/ext/pcntl/pcntl.c @@ -1584,7 +1584,7 @@ PHP_FUNCTION(pcntl_setns) pid = pid_is_null ? getpid() : pid; fd = syscall(SYS_pidfd_open, pid, 0); - if (errno) { + if (fd == -1) { PCNTL_G(last_error) = errno; switch (errno) { case EINVAL: @@ -1610,11 +1610,12 @@ PHP_FUNCTION(pcntl_setns) RETURN_FALSE; } ret = setns(fd, (int)nstype); + int setns_errno = errno; close(fd); if (ret == -1) { - PCNTL_G(last_error) = errno; - switch (errno) { + PCNTL_G(last_error) = setns_errno; + switch (setns_errno) { case ESRCH: zend_argument_value_error(1, "process no longer available (" ZEND_LONG_FMT ")", pid); RETURN_THROWS(); @@ -1624,11 +1625,11 @@ PHP_FUNCTION(pcntl_setns) RETURN_THROWS(); case EPERM: - php_error_docref(NULL, E_WARNING, "Error %d: No required capability for this process", errno); + php_error_docref(NULL, E_WARNING, "Error %d: No required capability for this process", setns_errno); break; default: - php_error_docref(NULL, E_WARNING, "Error %d", errno); + php_error_docref(NULL, E_WARNING, "Error %d", setns_errno); } RETURN_FALSE; } else { From 37ce67f27699bff7b5a57dc58a95daadd14f5587 Mon Sep 17 00:00:00 2001 From: David Carlier Date: Sat, 21 Feb 2026 03:42:36 +0000 Subject: [PATCH 2/2] ext/pcntl: Fix cpuset leak in pcntl_setcpuaffinity on out-of-range CPU ID Add missing PCNTL_CPU_DESTROY(mask) call before RETURN_THROWS() when the cpu id is out of range, matching the cleanup on other error paths. close GH-21268 --- NEWS | 2 ++ ext/pcntl/pcntl.c | 1 + 2 files changed, 3 insertions(+) diff --git a/NEWS b/NEWS index 8a0b388025580..d31c2d1604264 100644 --- a/NEWS +++ b/NEWS @@ -44,6 +44,8 @@ PHP NEWS - PCNTL: . Fixed pcntl_setns() internal errors handling regarding errnos. (David Carlier) + . Fixed cpuset leak in pcntl_setcpuaffinity on out-of-range CPU ID + on NetBSD/Solaris platforms. (David Carlier) - PDO_PGSQL: . Fixed bug GH-21055 (connection attribute status typo for GSS negotiation). diff --git a/ext/pcntl/pcntl.c b/ext/pcntl/pcntl.c index 853215e39f91d..e3b4a9c4c69f9 100644 --- a/ext/pcntl/pcntl.c +++ b/ext/pcntl/pcntl.c @@ -1734,6 +1734,7 @@ PHP_FUNCTION(pcntl_setcpuaffinity) if (cpu < 0 || cpu >= maxcpus) { zend_argument_value_error(2, "cpu id must be between 0 and " ZEND_ULONG_FMT " (" ZEND_LONG_FMT ")", maxcpus, cpu); + PCNTL_CPU_DESTROY(mask); RETURN_THROWS(); }