Fix possible collisions in ObjectId::create() when used inside a forked subprocess

Author: thekid

ChangeLog.md

@@ -3,6 +3,13 @@ MongoDB for XP Framework ChangeLog
 
 ## ?.?.? / ????-??-??
 
+## 2.4.1 / 2024-11-27
+
+* Fixed possible collisions in `ObjectId::create()` when used within a
+  forked subprocess by including the process ID in the random value's
+  calculation.
+  (@thekid)
+
 ## 2.4.0 / 2024-10-14
 
 * Merged PR #48: Extend error handling to include if a write was retried

src/main/php/com/mongodb/ObjectId.class.php

@@ -2,12 +2,13 @@
 
 use lang\{Value, IllegalArgumentException};
 
+/** @test com.mongodb.unittest.ObjectIdTest */
 class ObjectId implements Value {
-  private static $rand, $counter;
+  private static $counter;
+  private static $rand= [];
   private $string;
 
   static function __static() {
-    self::$rand= random_bytes(5);
     self::$counter= random_int(0, 4294967294);  // uint32
   }
 
@@ -29,7 +30,7 @@ public function __construct($string) {
    * Creates a new random object ID consisting of:
    *
    * - a 4-byte timestamp value (uses current time if omitted)
-   * - a 5-byte random value
+   * - a 5-byte random value (per process)
    * - a 3-byte incrementing counter, initialized to a random value
    *
    * @param  ?int $timestamp
@@ -38,10 +39,11 @@ public function __construct($string) {
    */
   public static function create($timestamp= null): self {
     $uint32= self::$counter > 4294967294 ? self::$counter= 0 : ++self::$counter;
+    $pid= getmypid();
     return new self(bin2hex(pack(
       'Na5aaa',
       null === $timestamp ? time() : $timestamp,
-      self::$rand,
+      self::$rand[$pid] ?? self::$rand[$pid]= random_bytes(5),
       chr($uint32 >> 16),
       chr($uint32 >> 8),
       chr($uint32)

src/test/php/com/mongodb/unittest/ObjectIdTest.class.php

@@ -49,12 +49,13 @@ public function create() {
   }
 
   #[Test]
-  public function create_generates_unique_ids() {
-    Assert::notEquals(ObjectId::create(), ObjectId::create());
+  public function create_with_same_timestamp_generates_unique_ids() {
+    $ts= time();
+    Assert::notEquals(ObjectId::create($ts), ObjectId::create($ts));
   }
 
   #[Test]
-  public function create_from_timestamp() {
+  public function create_from_timestamp_is_monotonic() {
     $t= time();
     $oid= ObjectId::create($t);
     Assert::equals(dechex($t), substr($oid, 0, 8));