Professional Web Applications Themes

#40098 [NEW]: php_fopen_primary_script() not thread safe - PHP Bugs

From: wharmby at uk dot ibm dot com Operating system: Linux RHEL4 PHP version: 5CVS-2007-01-11 (snap) PHP Bug Type: Scripting Engine problem Bug description: php_fopen_primary_script() not thread safe Description: ------------ The current implementation of php_fopen_primary_script() uses the non-reentrant getpwnam() rather than the re-entrant getpwnam_r(). Therefore calling it on a Linux ZTS enabled build could lead to unpredictable/undesirable results. The code should use the re-entrant version if it is available. The following patch which were built against the latest snapshot (Jan 11 2007, 0730 GMT) modifies the code in main/fopen_wrappers.c to use the re-entrant getpwnam_r if its available: [url]http://pastebin.ca/312969[/url] Fix tested ...

  1. #1

    Default #40098 [NEW]: php_fopen_primary_script() not thread safe

    From: wharmby at uk dot ibm dot com
    Operating system: Linux RHEL4
    PHP version: 5CVS-2007-01-11 (snap)
    PHP Bug Type: Scripting Engine problem
    Bug description: php_fopen_primary_script() not thread safe

    Description:
    ------------
    The current implementation of php_fopen_primary_script()
    uses the non-reentrant getpwnam() rather than the re-entrant
    getpwnam_r(). Therefore calling it on a Linux ZTS enabled
    build could lead to unpredictable/undesirable results. The
    code should use the re-entrant version if it is available.

    The following patch which were built against the latest snapshot (Jan 11
    2007, 0730 GMT) modifies the code in
    main/fopen_wrappers.c to use the re-entrant getpwnam_r if
    its available:

    [url]http://pastebin.ca/312969[/url]

    Fix tested on Linux RHEL4 with Apache 2.0.52 and user_dir set in php.ini
    The modified code was then driven by specifying the ~user_id in the URL
    e.g

    [url]http://localhost/~andy/phpinfo.php[/url].


    Reproduce code:
    ---------------
    Problem found by code inspection. As with most thread safety
    issues difficult to produce a simple testcase which will show
    a reproducible crash but current Linux executable is clearly
    not reentrant and therefore not thread safe.

    Expected result:
    ----------------
    N/A

    Actual result:
    --------------
    N/A

    --
    Edit bug report at [url]http://bugs.php.net/?id=40098&edit=1[/url]
    --
    Try a CVS snapshot (PHP 4.4): [url]http://bugs.php.net/fix.php?id=40098&r=trysnapshot44[/url]
    Try a CVS snapshot (PHP 5.2): [url]http://bugs.php.net/fix.php?id=40098&r=trysnapshot52[/url]
    Try a CVS snapshot (PHP 6.0): [url]http://bugs.php.net/fix.php?id=40098&r=trysnapshot60[/url]
    Fixed in CVS: [url]http://bugs.php.net/fix.php?id=40098&r=fixedcvs[/url]
    Fixed in release: [url]http://bugs.php.net/fix.php?id=40098&r=alreadyfixed[/url]
    Need backtrace: [url]http://bugs.php.net/fix.php?id=40098&r=needtrace[/url]
    Need Reproduce Script: [url]http://bugs.php.net/fix.php?id=40098&r=needscript[/url]
    Try newer version: [url]http://bugs.php.net/fix.php?id=40098&r=oldversion[/url]
    Not developer issue: [url]http://bugs.php.net/fix.php?id=40098&r=support[/url]
    Expected behavior: [url]http://bugs.php.net/fix.php?id=40098&r=notwrong[/url]
    Not enough info: [url]http://bugs.php.net/fix.php?id=40098&r=notenoughinfo[/url]
    Submitted twice: [url]http://bugs.php.net/fix.php?id=40098&r=submittedtwice[/url]
    register_globals: [url]http://bugs.php.net/fix.php?id=40098&r=globals[/url]
    PHP 3 support discontinued: [url]http://bugs.php.net/fix.php?id=40098&r=php3[/url]
    Daylight Savings: [url]http://bugs.php.net/fix.php?id=40098&r=dst[/url]
    IIS Stability: [url]http://bugs.php.net/fix.php?id=40098&r=isapi[/url]
    Install GNU Sed: [url]http://bugs.php.net/fix.php?id=40098&r=gnused[/url]
    Floating point limitations: [url]http://bugs.php.net/fix.php?id=40098&r=float[/url]
    No Zend Extensions: [url]http://bugs.php.net/fix.php?id=40098&r=nozend[/url]
    MySQL Configuration Error: [url]http://bugs.php.net/fix.php?id=40098&r=mysqlcfg[/url]
    wharmby at uk dot ibm dot com Guest

  2. #2

    Default #40098 [Asn->Csd]: php_fopen_primary_script() not thread safe

    ID: 40098
    Updated by: [email]iliaaphp.net[/email]
    Reported By: wharmby at uk dot ibm dot com
    -Status: Assigned
    +Status: Closed
    Bug Type: Streams related
    Operating System: Linux RHEL4
    PHP Version: 5CVS-2007-01-11 (snap)
    Assigned To: iliaa
    New Comment:

    This bug has been fixed in CVS.

    Snapshots of the sources are packaged every three hours; this change
    will be in the next snapshot. You can grab the snapshot at
    [url]http://snaps.php.net/[/url].

    Thank you for the report, and for helping us make PHP better.




    Previous Comments:
    ------------------------------------------------------------------------

    [2007-01-11 11:59:44] wharmby at uk dot ibm dot com

    Description:
    ------------
    The current implementation of php_fopen_primary_script()
    uses the non-reentrant getpwnam() rather than the re-entrant
    getpwnam_r(). Therefore calling it on a Linux ZTS enabled
    build could lead to unpredictable/undesirable results. The
    code should use the re-entrant version if it is available.

    The following patch which were built against the latest snapshot (Jan
    11 2007, 0730 GMT) modifies the code in
    main/fopen_wrappers.c to use the re-entrant getpwnam_r if
    its available:

    [url]http://pastebin.ca/312969[/url]

    Fix tested on Linux RHEL4 with Apache 2.0.52 and user_dir set in
    php.ini The modified code was then driven by specifying the ~user_id in
    the URL e.g

    [url]http://localhost/~andy/phpinfo.php[/url].


    Reproduce code:
    ---------------
    Problem found by code inspection. As with most thread safety
    issues difficult to produce a simple testcase which will show
    a reproducible crash but current Linux executable is clearly
    not reentrant and therefore not thread safe.

    Expected result:
    ----------------
    N/A

    Actual result:
    --------------
    N/A


    ------------------------------------------------------------------------


    --
    Edit this bug report at [url]http://bugs.php.net/?id=40098&edit=1[/url]
    iliaa@php.net Guest

  3. #3

    Default #40098 [Csd]: php_fopen_primary_script() not thread safe

    ID: 40098
    User updated by: wharmby at uk dot ibm dot com
    Reported By: wharmby at uk dot ibm dot com
    Status: Closed
    Bug Type: Streams related
    Operating System: Linux RHEL4
    PHP Version: 5CVS-2007-01-11 (snap)
    Assigned To: iliaa
    New Comment:

    Hi Ilia
    Thanks for applying the fix for this defect.
    However, in adjusting the fix to deal with the SYSCONF
    errors I believe you have introduced a storage leak.
    The code as it stands does not free "pwbuf" if the call to getpwnam_r
    is successful after it has finished extracting the data from it.

    Here is a patch for the missing code built against latest
    snapshot for 5.2:

    [url]http://www.pastebin.ca/313940[/url]


    Regards
    Andy


    Previous Comments:
    ------------------------------------------------------------------------

    [2007-01-12 01:46:21] [email]iliaaphp.net[/email]

    This bug has been fixed in CVS.

    Snapshots of the sources are packaged every three hours; this change
    will be in the next snapshot. You can grab the snapshot at
    [url]http://snaps.php.net/[/url].

    Thank you for the report, and for helping us make PHP better.



    ------------------------------------------------------------------------

    [2007-01-11 11:59:44] wharmby at uk dot ibm dot com

    Description:
    ------------
    The current implementation of php_fopen_primary_script()
    uses the non-reentrant getpwnam() rather than the re-entrant
    getpwnam_r(). Therefore calling it on a Linux ZTS enabled
    build could lead to unpredictable/undesirable results. The
    code should use the re-entrant version if it is available.

    The following patch which were built against the latest snapshot (Jan
    11 2007, 0730 GMT) modifies the code in
    main/fopen_wrappers.c to use the re-entrant getpwnam_r if
    its available:

    [url]http://pastebin.ca/312969[/url]

    Fix tested on Linux RHEL4 with Apache 2.0.52 and user_dir set in
    php.ini The modified code was then driven by specifying the ~user_id in
    the URL e.g

    [url]http://localhost/~andy/phpinfo.php[/url].


    Reproduce code:
    ---------------
    Problem found by code inspection. As with most thread safety
    issues difficult to produce a simple testcase which will show
    a reproducible crash but current Linux executable is clearly
    not reentrant and therefore not thread safe.

    Expected result:
    ----------------
    N/A

    Actual result:
    --------------
    N/A


    ------------------------------------------------------------------------


    --
    Edit this bug report at [url]http://bugs.php.net/?id=40098&edit=1[/url]
    wharmby at uk dot ibm dot com Guest

  4. #4

    Default #40098 [Csd]: php_fopen_primary_script() not thread safe

    ID: 40098
    Updated by: [email]tony2001php.net[/email]
    Reported By: wharmby at uk dot ibm dot com
    Status: Closed
    Bug Type: Streams related
    Operating System: Linux RHEL4
    PHP Version: 5CVS-2007-01-11 (snap)
    Assigned To: iliaa
    New Comment:

    Fixed in CVS, thanks.


    Previous Comments:
    ------------------------------------------------------------------------

    [2007-01-12 08:57:36] wharmby at uk dot ibm dot com

    Hi Ilia
    Thanks for applying the fix for this defect.
    However, in adjusting the fix to deal with the SYSCONF
    errors I believe you have introduced a storage leak.
    The code as it stands does not free "pwbuf" if the call to getpwnam_r
    is successful after it has finished extracting the data from it.

    Here is a patch for the missing code built against latest
    snapshot for 5.2:

    [url]http://www.pastebin.ca/313940[/url]


    Regards
    Andy

    ------------------------------------------------------------------------

    [2007-01-12 01:46:21] [email]iliaaphp.net[/email]

    This bug has been fixed in CVS.

    Snapshots of the sources are packaged every three hours; this change
    will be in the next snapshot. You can grab the snapshot at
    [url]http://snaps.php.net/[/url].

    Thank you for the report, and for helping us make PHP better.



    ------------------------------------------------------------------------

    [2007-01-11 11:59:44] wharmby at uk dot ibm dot com

    Description:
    ------------
    The current implementation of php_fopen_primary_script()
    uses the non-reentrant getpwnam() rather than the re-entrant
    getpwnam_r(). Therefore calling it on a Linux ZTS enabled
    build could lead to unpredictable/undesirable results. The
    code should use the re-entrant version if it is available.

    The following patch which were built against the latest snapshot (Jan
    11 2007, 0730 GMT) modifies the code in
    main/fopen_wrappers.c to use the re-entrant getpwnam_r if
    its available:

    [url]http://pastebin.ca/312969[/url]

    Fix tested on Linux RHEL4 with Apache 2.0.52 and user_dir set in
    php.ini The modified code was then driven by specifying the ~user_id in
    the URL e.g

    [url]http://localhost/~andy/phpinfo.php[/url].


    Reproduce code:
    ---------------
    Problem found by code inspection. As with most thread safety
    issues difficult to produce a simple testcase which will show
    a reproducible crash but current Linux executable is clearly
    not reentrant and therefore not thread safe.

    Expected result:
    ----------------
    N/A

    Actual result:
    --------------
    N/A


    ------------------------------------------------------------------------


    --
    Edit this bug report at [url]http://bugs.php.net/?id=40098&edit=1[/url]
    tony2001@php.net Guest

  5. #5

    Default #40098 [Csd]: php_fopen_primary_script() not thread safe

    ID: 40098
    User updated by: wharmby at uk dot ibm dot com
    Reported By: wharmby at uk dot ibm dot com
    Status: Closed
    Bug Type: Streams related
    Operating System: Linux RHEL4
    PHP Version: 5CVS-2007-01-11 (snap)
    Assigned To: iliaa
    New Comment:

    Sorry but having now picked up latest snapshot (Jan 12 2007, 1330 GMT)
    and tried to rebuild on Linux it I get 2 compile errors in
    fopen_wrappers.c and safe_mode.c after changes dropped under this
    defect.

    Required patch for fopen_warppers.c is
    [url]http://www.pastebin.ca/314159[/url]

    and for safe_mode.c
    [url]http://www.pastebin.ca/314162[/url]

    Regards

    Andy


    Previous Comments:
    ------------------------------------------------------------------------

    [2007-01-12 09:10:45] [email]tony2001php.net[/email]

    Fixed in CVS, thanks.

    ------------------------------------------------------------------------

    [2007-01-12 08:57:36] wharmby at uk dot ibm dot com

    Hi Ilia
    Thanks for applying the fix for this defect.
    However, in adjusting the fix to deal with the SYSCONF
    errors I believe you have introduced a storage leak.
    The code as it stands does not free "pwbuf" if the call to getpwnam_r
    is successful after it has finished extracting the data from it.

    Here is a patch for the missing code built against latest
    snapshot for 5.2:

    [url]http://www.pastebin.ca/313940[/url]


    Regards
    Andy

    ------------------------------------------------------------------------

    [2007-01-12 01:46:21] [email]iliaaphp.net[/email]

    This bug has been fixed in CVS.

    Snapshots of the sources are packaged every three hours; this change
    will be in the next snapshot. You can grab the snapshot at
    [url]http://snaps.php.net/[/url].

    Thank you for the report, and for helping us make PHP better.



    ------------------------------------------------------------------------

    [2007-01-11 11:59:44] wharmby at uk dot ibm dot com

    Description:
    ------------
    The current implementation of php_fopen_primary_script()
    uses the non-reentrant getpwnam() rather than the re-entrant
    getpwnam_r(). Therefore calling it on a Linux ZTS enabled
    build could lead to unpredictable/undesirable results. The
    code should use the re-entrant version if it is available.

    The following patch which were built against the latest snapshot (Jan
    11 2007, 0730 GMT) modifies the code in
    main/fopen_wrappers.c to use the re-entrant getpwnam_r if
    its available:

    [url]http://pastebin.ca/312969[/url]

    Fix tested on Linux RHEL4 with Apache 2.0.52 and user_dir set in
    php.ini The modified code was then driven by specifying the ~user_id in
    the URL e.g

    [url]http://localhost/~andy/phpinfo.php[/url].


    Reproduce code:
    ---------------
    Problem found by code inspection. As with most thread safety
    issues difficult to produce a simple testcase which will show
    a reproducible crash but current Linux executable is clearly
    not reentrant and therefore not thread safe.

    Expected result:
    ----------------
    N/A

    Actual result:
    --------------
    N/A


    ------------------------------------------------------------------------


    --
    Edit this bug report at [url]http://bugs.php.net/?id=40098&edit=1[/url]
    wharmby at uk dot ibm dot com Guest

  6. #6

    Default #40098 [Csd]: php_fopen_primary_script() not thread safe

    ID: 40098
    Updated by: [email]bjoriphp.net[/email]
    Reported By: wharmby at uk dot ibm dot com
    Status: Closed
    Bug Type: Streams related
    Operating System: Linux RHEL4
    PHP Version: 5CVS-2007-01-11 (snap)
    Assigned To: iliaa
    New Comment:

    Fixed in CVS, thanks :)


    Previous Comments:
    ------------------------------------------------------------------------

    [2007-01-12 14:26:44] wharmby at uk dot ibm dot com

    Sorry but having now picked up latest snapshot (Jan 12 2007, 1330 GMT)
    and tried to rebuild on Linux it I get 2 compile errors in
    fopen_wrappers.c and safe_mode.c after changes dropped under this
    defect.

    Required patch for fopen_warppers.c is
    [url]http://www.pastebin.ca/314159[/url]

    and for safe_mode.c
    [url]http://www.pastebin.ca/314162[/url]

    Regards

    Andy

    ------------------------------------------------------------------------

    [2007-01-12 09:10:45] [email]tony2001php.net[/email]

    Fixed in CVS, thanks.

    ------------------------------------------------------------------------

    [2007-01-12 08:57:36] wharmby at uk dot ibm dot com

    Hi Ilia
    Thanks for applying the fix for this defect.
    However, in adjusting the fix to deal with the SYSCONF
    errors I believe you have introduced a storage leak.
    The code as it stands does not free "pwbuf" if the call to getpwnam_r
    is successful after it has finished extracting the data from it.

    Here is a patch for the missing code built against latest
    snapshot for 5.2:

    [url]http://www.pastebin.ca/313940[/url]


    Regards
    Andy

    ------------------------------------------------------------------------

    [2007-01-12 01:46:21] [email]iliaaphp.net[/email]

    This bug has been fixed in CVS.

    Snapshots of the sources are packaged every three hours; this change
    will be in the next snapshot. You can grab the snapshot at
    [url]http://snaps.php.net/[/url].

    Thank you for the report, and for helping us make PHP better.



    ------------------------------------------------------------------------

    [2007-01-11 11:59:44] wharmby at uk dot ibm dot com

    Description:
    ------------
    The current implementation of php_fopen_primary_script()
    uses the non-reentrant getpwnam() rather than the re-entrant
    getpwnam_r(). Therefore calling it on a Linux ZTS enabled
    build could lead to unpredictable/undesirable results. The
    code should use the re-entrant version if it is available.

    The following patch which were built against the latest snapshot (Jan
    11 2007, 0730 GMT) modifies the code in
    main/fopen_wrappers.c to use the re-entrant getpwnam_r if
    its available:

    [url]http://pastebin.ca/312969[/url]

    Fix tested on Linux RHEL4 with Apache 2.0.52 and user_dir set in
    php.ini The modified code was then driven by specifying the ~user_id in
    the URL e.g

    [url]http://localhost/~andy/phpinfo.php[/url].


    Reproduce code:
    ---------------
    Problem found by code inspection. As with most thread safety
    issues difficult to produce a simple testcase which will show
    a reproducible crash but current Linux executable is clearly
    not reentrant and therefore not thread safe.

    Expected result:
    ----------------
    N/A

    Actual result:
    --------------
    N/A


    ------------------------------------------------------------------------


    --
    Edit this bug report at [url]http://bugs.php.net/?id=40098&edit=1[/url]
    bjori@php.net Guest

  7. #7

    Default #40098 [Csd]: php_fopen_primary_script() not thread safe

    ID: 40098
    Updated by: [email]tony2001php.net[/email]
    Reported By: wharmby at uk dot ibm dot com
    Status: Closed
    Bug Type: Streams related
    Operating System: Linux RHEL4
    PHP Version: 5CVS-2007-01-11 (snap)
    Assigned To: iliaa
    New Comment:

    The typo was fixed earlier, the missing var declaration is now fixed
    too.


    Previous Comments:
    ------------------------------------------------------------------------

    [2007-01-12 14:35:31] [email]bjoriphp.net[/email]

    Fixed in CVS, thanks :)

    ------------------------------------------------------------------------

    [2007-01-12 14:26:44] wharmby at uk dot ibm dot com

    Sorry but having now picked up latest snapshot (Jan 12 2007, 1330 GMT)
    and tried to rebuild on Linux it I get 2 compile errors in
    fopen_wrappers.c and safe_mode.c after changes dropped under this
    defect.

    Required patch for fopen_warppers.c is
    [url]http://www.pastebin.ca/314159[/url]

    and for safe_mode.c
    [url]http://www.pastebin.ca/314162[/url]

    Regards

    Andy

    ------------------------------------------------------------------------

    [2007-01-12 09:10:45] [email]tony2001php.net[/email]

    Fixed in CVS, thanks.

    ------------------------------------------------------------------------

    [2007-01-12 08:57:36] wharmby at uk dot ibm dot com

    Hi Ilia
    Thanks for applying the fix for this defect.
    However, in adjusting the fix to deal with the SYSCONF
    errors I believe you have introduced a storage leak.
    The code as it stands does not free "pwbuf" if the call to getpwnam_r
    is successful after it has finished extracting the data from it.

    Here is a patch for the missing code built against latest
    snapshot for 5.2:

    [url]http://www.pastebin.ca/313940[/url]


    Regards
    Andy

    ------------------------------------------------------------------------

    [2007-01-12 01:46:21] [email]iliaaphp.net[/email]

    This bug has been fixed in CVS.

    Snapshots of the sources are packaged every three hours; this change
    will be in the next snapshot. You can grab the snapshot at
    [url]http://snaps.php.net/[/url].

    Thank you for the report, and for helping us make PHP better.



    ------------------------------------------------------------------------

    The remainder of the comments for this report are too long. To view
    the rest of the comments, please view the bug report online at
    [url]http://bugs.php.net/40098[/url]

    --
    Edit this bug report at [url]http://bugs.php.net/?id=40098&edit=1[/url]
    tony2001@php.net Guest

  8. #8

    Default #40098 [Csd]: php_fopen_primary_script() not thread safe

    ID: 40098
    User updated by: wharmby at uk dot ibm dot com
    Reported By: wharmby at uk dot ibm dot com
    Status: Closed
    Bug Type: Streams related
    Operating System: Linux RHEL4
    PHP Version: 5CVS-2007-01-11 (snap)
    Assigned To: iliaa
    New Comment:

    Correction: safe_mode.c already fixed in 1330 GMT snap; just the error
    in fopen_warppers remains.


    Previous Comments:
    ------------------------------------------------------------------------

    [2007-01-12 14:35:36] [email]tony2001php.net[/email]

    The typo was fixed earlier, the missing var declaration is now fixed
    too.

    ------------------------------------------------------------------------

    [2007-01-12 14:35:31] [email]bjoriphp.net[/email]

    Fixed in CVS, thanks :)

    ------------------------------------------------------------------------

    [2007-01-12 14:26:44] wharmby at uk dot ibm dot com

    Sorry but having now picked up latest snapshot (Jan 12 2007, 1330 GMT)
    and tried to rebuild on Linux it I get 2 compile errors in
    fopen_wrappers.c and safe_mode.c after changes dropped under this
    defect.

    Required patch for fopen_warppers.c is
    [url]http://www.pastebin.ca/314159[/url]

    and for safe_mode.c
    [url]http://www.pastebin.ca/314162[/url]

    Regards

    Andy

    ------------------------------------------------------------------------

    [2007-01-12 09:10:45] [email]tony2001php.net[/email]

    Fixed in CVS, thanks.

    ------------------------------------------------------------------------

    [2007-01-12 08:57:36] wharmby at uk dot ibm dot com

    Hi Ilia
    Thanks for applying the fix for this defect.
    However, in adjusting the fix to deal with the SYSCONF
    errors I believe you have introduced a storage leak.
    The code as it stands does not free "pwbuf" if the call to getpwnam_r
    is successful after it has finished extracting the data from it.

    Here is a patch for the missing code built against latest
    snapshot for 5.2:

    [url]http://www.pastebin.ca/313940[/url]


    Regards
    Andy

    ------------------------------------------------------------------------

    The remainder of the comments for this report are too long. To view
    the rest of the comments, please view the bug report online at
    [url]http://bugs.php.net/40098[/url]

    --
    Edit this bug report at [url]http://bugs.php.net/?id=40098&edit=1[/url]
    wharmby at uk dot ibm dot com Guest

Similar Threads

  1. Replies: 0
    Last Post: May 23rd, 05:09 PM
  2. Replies: 0
    Last Post: January 11th, 12:03 PM
  3. #40079 [NEW]: php_get_current_user() not thread safe
    By wharmby at uk dot ibm dot com in forum PHP Bugs
    Replies: 2
    Last Post: January 9th, 11:27 PM
  4. #39710 [NEW]: getprotobyname is not thread-safe
    By dave@php.net in forum PHP Bugs
    Replies: 0
    Last Post: December 1st, 10:57 PM
  5. Thread-safe Code
    By Erik J Sawyer in forum ASP.NET Web Services
    Replies: 2
    Last Post: October 3rd, 05:06 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139