From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5)
Description of problem:
After upgrading from php-4.3.2-14.ent to php-4.3.2-19.ent our intranet
pages slowed down to a crawl. The load also increased.
Reverting to the previous version fixed the problems.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Upgrade php to php-4.3.2-19.ent
Actual Results: PHP pages slow down to a crawl. The load also increases.
Expected Results: Normal performance, with closed security holes
ab -n 5 -c 1 http://our.server.com/
Requests per second: 0.20 [#/sec] (mean)
Time per request: 5058.570 [ms] (mean)
Time per request: 5058.570 [ms] (mean, across all concurrent
After reverting to php-4.3.2-14.ent performance went back to what I
would consider more acceptable:
Requests per second: 0.77 [#/sec] (mean)
Time per request: 1295.457 [ms] (mean)
Time per request: 1295.457 [ms] (mean, across all concurrent
I tested the newest version of php both with APC and ZendOptimizer
without any improvements.
The server is running a content management system called mysource
Thanks for the report. There were some performance regressions in the
"unserializer" code introduced as a side-effect of the security fixes
in the recent PHP update. Patches have been produced upstream which
correct the issue.
Experimental test packages are now available from the URL below which
contain these patches. These packages are unsupported and have not
gone through the Red Hat QA process.
Any feedback from testing these packages out is very welcome.
I just tested the packages. Seems like performance is good now! Great!
ab -n 5 -c 1 outputs:
Requests per second: 0.71 [#/sec] (mean)
Time per request: 1403.734 [ms] (mean)
Time per request: 1403.734 [ms] (mean, across all concurrent
I'm reverting to 4.3.2-14.ent since these experimental packes aren't
The performance regression is rather bad. Using phpGedView-3.00-1 that
heavily relies on unserialize(), rendering of index.php deteriorates
from a couple of secs to > 2 minutes (this is on a SuSE 9.0 box, both
plain as well as with a patch that updates var_unserialize.c to
4.3.10, but that shouldn't matter for the issue involved).
http://bugs.php.net/bug.php?id=31332 suggest this issue is fixed in
CVS for rev 1.47 and 1.48 of that particular file. However it seems
some other files are affected as well.
A more appropriate CVS revision would be 220.127.116.11.
Update of var_unserialize.c to CVS rev. 18.104.22.168 and php_var.h to CVS
rev. 22.214.171.124 indeed fixes the issue for me.
Note that that http://cvs.php.net is a bit sloppy about white space
(no space on empty lines for diffs and removed white space at end of
line) and these revisions contain some ^#line comments that should be
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.