search

GrapheneOS / hardened_malloc

Hardened allocator designed for modern systems. It has integration into Android's Bionic libc and can be used externally with musl and glibc as a dynamic library for use on other Linux-based platforms. It will gain more portability / integration over time.
https://grapheneos.org/
MIT License
1.3k stars 97 forks source link

PHP calling __GI___libc_free() #209

Closed cgzones closed 1 year ago

cgzones commented 1 year ago

Running php 8.2.1 with libhardened_malloc.so preloaded via /etc/ld.so.preload results in a segfault due to a free() call to glibc (accompanied by an error message of free(): invalid pointer):

#0  0x00007fcda27c1690 in _int_free (av=0x7fcda28fdc60 <main_arena>, p=0x738f42a8ab30, have_lock=<optimized out>, have_lock@entry=0) at ./malloc/malloc.c:4583
        size = 14888648906569334272
        fb = <optimized out>
        nextchunk = 0xce9f8edb503b6930
        nextsize = <optimized out>
        nextinuse = <optimized out>
        prevsize = <optimized out>
        bck = <optimized out>
        fwd = <optimized out>
        __PRETTY_FUNCTION__ = "_int_free"
#1  0x00007fcda27c3d2f in __GI___libc_free (mem=<optimized out>) at ./malloc/malloc.c:3385
        ar_ptr = <optimized out>
        p = <optimized out>
        err = 0
#2  0x00007fcda21ea820 in zend_string_release (s=0x738f42a8ab40) at ./Zend/zend_string.h:322
No locals.
#3  register_class_PDOException (class_entry_RuntimeException=<optimized out>) at ./ext/pdo/pdo_arginfo.h:32
        ce = {type = 0 '\000', name = 0x738f42a8a8a0, {parent = 0x0, parent_name = 0x0}, refcount = 0, ce_flags = 0, default_properties_count = 0, default_static_members_count = 0, default_properties_table = 0x0, default_static_members_table = 0x0,
          static_members_table__ptr = 0x0, function_table = {gc = {refcount = 0, u = {type_info = 0}}, u = {v = {flags = 0 '\000', _unused = 0 '\000', nIteratorsCount = 0 '\000', _unused2 = 0 '\000'}, flags = 0}, nTableMask = 0, {arHash = 0x0, arData = 0x0,
              arPacked = 0x0}, nNumUsed = 0, nNumOfElements = 0, nTableSize = 0, nInternalPointer = 0, nNextFreeElement = 0, pDestructor = 0x0}, properties_info = {gc = {refcount = 0, u = {type_info = 0}}, u = {v = {flags = 0 '\000', _unused = 0 '\000',
                nIteratorsCount = 0 '\000', _unused2 = 0 '\000'}, flags = 0}, nTableMask = 0, {arHash = 0x0, arData = 0x0, arPacked = 0x0}, nNumUsed = 0, nNumOfElements = 0, nTableSize = 0, nInternalPointer = 0, nNextFreeElement = 0, pDestructor = 0x0},
          constants_table = {gc = {refcount = 0, u = {type_info = 0}}, u = {v = {flags = 0 '\000', _unused = 0 '\000', nIteratorsCount = 0 '\000', _unused2 = 0 '\000'}, flags = 0}, nTableMask = 0, {arHash = 0x0, arData = 0x0, arPacked = 0x0}, nNumUsed = 0,
            nNumOfElements = 0, nTableSize = 0, nInternalPointer = 0, nNextFreeElement = 0, pDestructor = 0x0}, mutable_data__ptr = 0x0, inheritance_cache = 0x0, properties_info_table = 0x0, constructor = 0x0, destructor = 0x0, clone = 0x0, __get = 0x0, __set = 0x0,
          __unset = 0x0, __isset = 0x0, __call = 0x0, __callstatic = 0x0, __tostring = 0x0, __debugInfo = 0x0, __serialize = 0x0, __unserialize = 0x0, iterator_funcs_ptr = 0x0, arrayaccess_funcs_ptr = 0x0, {create_object = 0x0, interface_gets_implemented = 0x0},
          get_iterator = 0x0, get_static_method = 0x0, serialize = 0x0, unserialize = 0x0, num_interfaces = 0, num_traits = 0, {interfaces = 0x0, interface_names = 0x0}, trait_names = 0x0, trait_aliases = 0x0, trait_precedences = 0x0, attributes = 0x0,
          enum_backing_type = 0, backed_enum_table = 0x0, info = {user = {filename = 0x7fcda21f8100 <class_PDOException_methods>, line_start = 0, line_end = 0, doc_comment = 0x0}, internal = {builtin_functions = 0x7fcda21f8100 <class_PDOException_methods>,
              module = 0x0}}}
        class_entry = 0x745ebf228800
        property_code_default_value = {value = {lval = 0, dval = 0, counted = 0x0, str = 0x0, arr = 0x0, obj = 0x0, res = 0x0, ref = 0x0, ast = 0x0, zv = 0x0, ptr = 0x0, ce = 0x0, func = 0x0, ww = {w1 = 0, w2 = 0}}, u1 = {type_info = 4, v = {type = 4 '\004',
              type_flags = 0 '\000', u = {extra = 0}}}, u2 = {next = 2211329052, cache_slot = 2211329052, opline_num = 2211329052, lineno = 2211329052, num_args = 2211329052, fe_pos = 2211329052, fe_iter_idx = 2211329052, property_guard = 2211329052,
            constant_flags = 2211329052, extra = 2211329052}}
        property_code_name = 0x738f42a8ab40
        property_errorInfo_default_value = {value = {lval = 3312168742537568451, dval = 2.9139999414746993e-87, counted = 0x2df72fec371aa0c3, str = 0x2df72fec371aa0c3, arr = 0x2df72fec371aa0c3, obj = 0x2df72fec371aa0c3, res = 0x2df72fec371aa0c3,
            ref = 0x2df72fec371aa0c3, ast = 0x2df72fec371aa0c3, zv = 0x2df72fec371aa0c3, ptr = 0x2df72fec371aa0c3, ce = 0x2df72fec371aa0c3, func = 0x2df72fec371aa0c3, ww = {w1 = 924491971, w2 = 771174380}}, u1 = {type_info = 228, v = {type = 228 '\344',
              type_flags = 0 '\000', u = {extra = 0}}}, u2 = {next = 0, cache_slot = 0, opline_num = 0, lineno = 0, num_args = 0, fe_pos = 0, fe_iter_idx = 0, property_guard = 0, constant_flags = 0, extra = 0}}
        property_errorInfo_name = <optimized out>
#4  0x00007fcda21ea899 in zm_startup_pdo (type=<optimized out>, module_number=17) at ./ext/pdo/pdo.c:253
No locals.
#5  0x000056280e68bd98 in zend_startup_module_ex (module=0x7fcda2201020 <pdo_module_entry>) at ./Zend/zend_API.c:2235
        name_len = <optimized out>
        lcname = <optimized out>
#6  0x000056280e68be3c in zend_startup_module_zval (zv=<optimized out>) at ./Zend/zend_API.c:2250
        module = <optimized out>
#7  0x000056280e699c63 in zend_hash_apply (ht=ht@entry=0x56280e9098a0 <module_registry>, apply_func=apply_func@entry=0x56280e68be30 <zend_startup_module_zval>) at ./Zend/zend_hash.c:2005
        p = 0x74fb03aa8800
        idx = 16
        result = <optimized out>
#8  0x000056280e68c10b in zend_startup_modules () at ./Zend/zend_API.c:2361
No locals.
#9  0x000056280e621cb6 in php_module_startup (sf=<optimized out>, additional_module=0x0) at ./main/main.c:2258
        zuf = {error_function = 0x56280e49393c <php_error_cb>, printf_function = 0x56280e61fb40 <php_printf>, write_function = 0x56280e633c20 <php_output_write>, fopen_function = 0x56280e6207b0 <php_fopen_wrapper_for_zend>,
          message_handler = 0x56280e4946f4 <php_message_handler_for_zend>, get_configuration_directive = 0x56280e6207a0 <php_get_configuration_directive_for_zend>, ticks_function = 0x56280e6304f0 <php_run_ticks>, on_timeout = 0x56280e61faa0 <php_on_timeout>,
          stream_open_function = 0x56280e620d60 <php_stream_open_for_zend>, printf_to_smart_string_function = 0x56280e625fb0 <php_printf_to_smart_string>, printf_to_smart_str_function = 0x56280e625fc0 <php_printf_to_smart_str>,
          getenv_function = 0x56280e62ae60 <sapi_getenv>, resolve_path_function = 0x56280e620780 <php_resolve_path_for_zend>}
        zuv = {html_errors = true}
        retval = SUCCESS
        module_number = 0
        php_os = 0x56280e7aaf51 "Linux"
        module = <optimized out>
#10 0x000056280e4b6b94 in main (argc=2, argv=0x737ffc784980) at ./sapi/cli/php_cli.c:1300
        c = <optimized out>
        exit_status = 0
        module_started = 0
        sapi_started = 1
        php_optarg = 0x0
        php_optind = 2
        use_extended_info = 0
        ini_path_override = 0x0
        ini_builder = {value = 0x73dfc72ced80 "html_errors=0\nregister_argc_argv=1\nimplicit_flush=1\noutput_buffering=0\nmax_execution_time=0\nmax_input_time=-1\n", length = 110}
        ini_ignore = 0
        sapi_module = <optimized out>

Any ideas for the reason or how to avoid glibc's allocator being used?

thestinger commented 1 year ago

That's weird, but I don't think it's possible this is a hardened_malloc bug. It must be either a glibc or PHP bug.

thestinger commented 1 year ago

zend_string_release calls pefree macro which is calling through to libc free. I see no reason it would be calling any weird libc symbol. I think your php build is done in a way that it doesn't support overriding the symbols. I don't think hardened_malloc can do anything about this.

cgzones commented 1 year ago

Any suggestions what compiler and linker flags, or what code patterns to look for?

I could reproduce it on Fedora 37, so it's not a problem of the Debian packaging.

Looking at the Debian build log, nothing stands out:

10275:/bin/bash /<<PKGBUILDDIR>>/ext-build/libtool --preserve-dup-deps --tag CC --mode=compile x86_64-linux-gnu-gcc -Iext/pdo/ -I/<<PKGBUILDDIR>>/ext/pdo/ -I/<<PKGBUILDDIR>>/ext-build/include -I/<<PKGBUILDDIR>>/ext-build/main -I/<<PKGBUILDDIR>> -I/<<PKGBUILDDIR>>/ext-build/ext/date/lib -I/<<PKGBUILDDIR>>/ext/date/lib -I/usr/include/libxml2 -I/usr/include/x86_64-linux-gnu -I/usr/include/enchant-2 -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -I/usr/include/libpng16 -I/usr/include/freetype2 -I/usr/include/c-client -I/<<PKGBUILDDIR>>/ext/mbstring/libmbfl -I/<<PKGBUILDDIR>>/ext-build/ext/mbstring/libmbfl -I/<<PKGBUILDDIR>>/ext/mbstring/libmbfl/mbfl -I/<<PKGBUILDDIR>>/ext-build/ext/mbstring/libmbfl/mbfl -I/usr/include/postgresql -I/usr/include/pspell -I/usr/include/editline -I/usr/include/tidy -I/<<PKGBUILDDIR>>/ext-build/TSRM -I/<<PKGBUILDDIR>>/ext-build/Zend -I/<<PKGBUILDDIR>>/main -I/<<PKGBUILDDIR>>/Zend -I/<<PKGBUILDDIR>>/TSRM -I/<<PKGBUILDDIR>>/ext-build/  -Wdate-time -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE  -fno-common -Wstrict-prototypes -Wformat-truncation -Wlogical-op -Wduplicated-cond -Wno-clobbered -Wall -Wextra -Wno-strict-aliasing -Wno-unused-parameter -Wno-sign-compare -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -O2 -Wall -pedantic -fsigned-char -fno-strict-aliasing -DOPENSSL_SUPPRESS_DEPRECATED -g -fvisibility=hidden -Wimplicit-fallthrough=1 -DZEND_SIGNALS   -prefer-pic  -DZEND_COMPILE_DL_EXT=1 -c /<<PKGBUILDDIR>>/ext/pdo/pdo.c -o ext/pdo/pdo.lo  -MMD -MF ext/pdo/pdo.dep -MT ext/pdo/pdo.lo
10281: x86_64-linux-gnu-gcc -Iext/pdo/ -I/<<PKGBUILDDIR>>/ext/pdo/ -I/<<PKGBUILDDIR>>/ext-build/include -I/<<PKGBUILDDIR>>/ext-build/main -I/<<PKGBUILDDIR>> -I/<<PKGBUILDDIR>>/ext-build/ext/date/lib -I/<<PKGBUILDDIR>>/ext/date/lib -I/usr/include/libxml2 -I/usr/include/x86_64-linux-gnu -I/usr/include/enchant-2 -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -I/usr/include/libpng16 -I/usr/include/freetype2 -I/usr/include/c-client -I/<<PKGBUILDDIR>>/ext/mbstring/libmbfl -I/<<PKGBUILDDIR>>/ext-build/ext/mbstring/libmbfl -I/<<PKGBUILDDIR>>/ext/mbstring/libmbfl/mbfl -I/<<PKGBUILDDIR>>/ext-build/ext/mbstring/libmbfl/mbfl -I/usr/include/postgresql -I/usr/include/pspell -I/usr/include/editline -I/usr/include/tidy -I/<<PKGBUILDDIR>>/ext-build/TSRM -I/<<PKGBUILDDIR>>/ext-build/Zend -I/<<PKGBUILDDIR>>/main -I/<<PKGBUILDDIR>>/Zend -I/<<PKGBUILDDIR>>/TSRM -I/<<PKGBUILDDIR>>/ext-build/ -Wdate-time -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -fno-common -Wstrict-prototypes -Wformat-truncation -Wlogical-op -Wduplicated-cond -Wno-clobbered -Wall -Wextra -Wno-strict-aliasing -Wno-unused-parameter -Wno-sign-compare -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -O2 -Wall -pedantic -fsigned-char -fno-strict-aliasing -DOPENSSL_SUPPRESS_DEPRECATED -g -fvisibility=hidden -Wimplicit-fallthrough=1 -DZEND_SIGNALS -DZEND_COMPILE_DL_EXT=1 -c /<<PKGBUILDDIR>>/ext/pdo/pdo.c -MMD -MF ext/pdo/pdo.dep -MT ext/pdo/pdo.lo  -fPIC -DPIC -o ext/pdo/.libs/pdo.o
10287:In file included from /<<PKGBUILDDIR>>/ext/pdo/pdo.c:28:
10292: x86_64-linux-gnu-gcc -Iext/pdo/ -I/<<PKGBUILDDIR>>/ext/pdo/ -I/<<PKGBUILDDIR>>/ext-build/include -I/<<PKGBUILDDIR>>/ext-build/main -I/<<PKGBUILDDIR>> -I/<<PKGBUILDDIR>>/ext-build/ext/date/lib -I/<<PKGBUILDDIR>>/ext/date/lib -I/usr/include/libxml2 -I/usr/include/x86_64-linux-gnu -I/usr/include/enchant-2 -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -I/usr/include/libpng16 -I/usr/include/freetype2 -I/usr/include/c-client -I/<<PKGBUILDDIR>>/ext/mbstring/libmbfl -I/<<PKGBUILDDIR>>/ext-build/ext/mbstring/libmbfl -I/<<PKGBUILDDIR>>/ext/mbstring/libmbfl/mbfl -I/<<PKGBUILDDIR>>/ext-build/ext/mbstring/libmbfl/mbfl -I/usr/include/postgresql -I/usr/include/pspell -I/usr/include/editline -I/usr/include/tidy -I/<<PKGBUILDDIR>>/ext-build/TSRM -I/<<PKGBUILDDIR>>/ext-build/Zend -I/<<PKGBUILDDIR>>/main -I/<<PKGBUILDDIR>>/Zend -I/<<PKGBUILDDIR>>/TSRM -I/<<PKGBUILDDIR>>/ext-build/ -Wdate-time -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -fno-common -Wstrict-prototypes -Wformat-truncation -Wlogical-op -Wduplicated-cond -Wno-clobbered -Wall -Wextra -Wno-strict-aliasing -Wno-unused-parameter -Wno-sign-compare -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -O2 -Wall -pedantic -fsigned-char -fno-strict-aliasing -DOPENSSL_SUPPRESS_DEPRECATED -g -fvisibility=hidden -Wimplicit-fallthrough=1 -DZEND_SIGNALS -DZEND_COMPILE_DL_EXT=1 -c /<<PKGBUILDDIR>>/ext/pdo/pdo.c -MMD -MF ext/pdo/pdo.dep -MT ext/pdo/pdo.lo  -fPIC -DPIC -o ext/pdo/pdo.o >/dev/null 2>&1
12630:/bin/bash /<<PKGBUILDDIR>>/ext-build/libtool --preserve-dup-deps --tag CC --mode=link x86_64-linux-gnu-gcc -shared -I/<<PKGBUILDDIR>>/ext-build/include -I/<<PKGBUILDDIR>>/ext-build/main -I/<<PKGBUILDDIR>> -I/<<PKGBUILDDIR>>/ext-build/ext/date/lib -I/<<PKGBUILDDIR>>/ext/date/lib -I/usr/include/libxml2 -I/usr/include/x86_64-linux-gnu -I/usr/include/enchant-2 -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -I/usr/include/libpng16 -I/usr/include/freetype2 -I/usr/include/c-client -I/<<PKGBUILDDIR>>/ext/mbstring/libmbfl -I/<<PKGBUILDDIR>>/ext-build/ext/mbstring/libmbfl -I/<<PKGBUILDDIR>>/ext/mbstring/libmbfl/mbfl -I/<<PKGBUILDDIR>>/ext-build/ext/mbstring/libmbfl/mbfl -I/usr/include/postgresql -I/usr/include/pspell -I/usr/include/editline -I/usr/include/tidy -I/<<PKGBUILDDIR>>/ext-build/TSRM -I/<<PKGBUILDDIR>>/ext-build/Zend -I/<<PKGBUILDDIR>>/main -I/<<PKGBUILDDIR>>/Zend -I/<<PKGBUILDDIR>>/TSRM -I/<<PKGBUILDDIR>>/ext-build/  -Wdate-time -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE  -fno-common -Wstrict-prototypes -Wformat-truncation -Wlogical-op -Wduplicated-cond -Wno-clobbered -Wall -Wextra -Wno-strict-aliasing -Wno-unused-parameter -Wno-sign-compare -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -O2 -Wall -pedantic -fsigned-char -fno-strict-aliasing -DOPENSSL_SUPPRESS_DEPRECATED -g -fvisibility=hidden -Wimplicit-fallthrough=1 -DZEND_SIGNALS   -Wl,-z,relro -Wl,-z,now -Wl,--as-needed  -o ext/pdo/pdo.la -export-dynamic -avoid-version -prefer-pic -module -rpath /<<PKGBUILDDIR>>/ext-build/modules -L/usr/lib/x86_64-linux-gnu/mit-krb5 ext/pdo/pdo.lo ext/pdo/pdo_dbh.lo ext/pdo/pdo_stmt.lo ext/pdo/pdo_sql_parser.lo ext/pdo/pdo_sqlstate.lo 
12639:x86_64-linux-gnu-gcc -shared  ext/pdo/.libs/pdo.o ext/pdo/.libs/pdo_dbh.o ext/pdo/.libs/pdo_stmt.o ext/pdo/.libs/pdo_sql_parser.o ext/pdo/.libs/pdo_sqlstate.o  -L/usr/lib/x86_64-linux-gnu/mit-krb5  -Wl,-z -Wl,relro -Wl,-z -Wl,now -Wl,--as-needed -Wl,-soname -Wl,pdo.so -o ext/pdo/.libs/pdo.so
12640:creating ext/pdo/pdo.la
12641:(cd ext/pdo/.libs && rm -f pdo.la && ln -s ../pdo.la pdo.la)
13997:/bin/bash /<<PKGBUILDDIR>>/ext-build/libtool --preserve-dup-deps --tag CC --mode=install cp ext/pdo/pdo.la /<<PKGBUILDDIR>>/ext-build/modules
14033:cp ext/pdo/.libs/pdo.so /<<PKGBUILDDIR>>/ext-build/modules/pdo.so
14041:cp ext/pdo/.libs/pdo.lai /<<PKGBUILDDIR>>/ext-build/modules/pdo.la
333796:/bin/bash /<<PKGBUILDDIR>>/ext-build/libtool --preserve-dup-deps --tag CC --mode=compile x86_64-linux-gnu-gcc -Iext/pdo/ -I/<<PKGBUILDDIR>>/ext/pdo/ -I/<<PKGBUILDDIR>>/ext-build/include -I/<<PKGBUILDDIR>>/ext-build/main -I/<<PKGBUILDDIR>> -I/<<PKGBUILDDIR>>/ext-build/ext/date/lib -I/<<PKGBUILDDIR>>/ext/date/lib -I/usr/include/libxml2 -I/usr/include/x86_64-linux-gnu -I/usr/include/enchant-2 -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -I/usr/include/libpng16 -I/usr/include/freetype2 -I/usr/include/c-client -I/<<PKGBUILDDIR>>/ext/mbstring/libmbfl -I/<<PKGBUILDDIR>>/ext-build/ext/mbstring/libmbfl -I/<<PKGBUILDDIR>>/ext/mbstring/libmbfl/mbfl -I/<<PKGBUILDDIR>>/ext-build/ext/mbstring/libmbfl/mbfl -I/usr/include/postgresql -I/usr/include/pspell -I/usr/include/editline -I/usr/include/tidy -I/<<PKGBUILDDIR>>/ext-build/TSRM -I/<<PKGBUILDDIR>>/ext-build/Zend -I/<<PKGBUILDDIR>>/main -I/<<PKGBUILDDIR>>/Zend -I/<<PKGBUILDDIR>>/TSRM -I/<<PKGBUILDDIR>>/ext-build/  -Wdate-time -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE  -fno-common -Wstrict-prototypes -Wformat-truncation -Wlogical-op -Wduplicated-cond -Wno-clobbered -Wall -Wextra -Wno-strict-aliasing -Wno-unused-parameter -Wno-sign-compare -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -O2 -Wall -pedantic -fsigned-char -fno-strict-aliasing -DOPENSSL_SUPPRESS_DEPRECATED -g -fvisibility=hidden -Wimplicit-fallthrough=1 -DZEND_SIGNALS   -prefer-pic  -DZEND_COMPILE_DL_EXT=1 -c /<<PKGBUILDDIR>>/ext/pdo/pdo.c -o ext/pdo/pdo.lo  -MMD -MF ext/pdo/pdo.dep -MT ext/pdo/pdo.lo
333799: x86_64-linux-gnu-gcc -Iext/pdo/ -I/<<PKGBUILDDIR>>/ext/pdo/ -I/<<PKGBUILDDIR>>/ext-build/include -I/<<PKGBUILDDIR>>/ext-build/main -I/<<PKGBUILDDIR>> -I/<<PKGBUILDDIR>>/ext-build/ext/date/lib -I/<<PKGBUILDDIR>>/ext/date/lib -I/usr/include/libxml2 -I/usr/include/x86_64-linux-gnu -I/usr/include/enchant-2 -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -I/usr/include/libpng16 -I/usr/include/freetype2 -I/usr/include/c-client -I/<<PKGBUILDDIR>>/ext/mbstring/libmbfl -I/<<PKGBUILDDIR>>/ext-build/ext/mbstring/libmbfl -I/<<PKGBUILDDIR>>/ext/mbstring/libmbfl/mbfl -I/<<PKGBUILDDIR>>/ext-build/ext/mbstring/libmbfl/mbfl -I/usr/include/postgresql -I/usr/include/pspell -I/usr/include/editline -I/usr/include/tidy -I/<<PKGBUILDDIR>>/ext-build/TSRM -I/<<PKGBUILDDIR>>/ext-build/Zend -I/<<PKGBUILDDIR>>/main -I/<<PKGBUILDDIR>>/Zend -I/<<PKGBUILDDIR>>/TSRM -I/<<PKGBUILDDIR>>/ext-build/ -Wdate-time -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -fno-common -Wstrict-prototypes -Wformat-truncation -Wlogical-op -Wduplicated-cond -Wno-clobbered -Wall -Wextra -Wno-strict-aliasing -Wno-unused-parameter -Wno-sign-compare -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -O2 -Wall -pedantic -fsigned-char -fno-strict-aliasing -DOPENSSL_SUPPRESS_DEPRECATED -g -fvisibility=hidden -Wimplicit-fallthrough=1 -DZEND_SIGNALS -DZEND_COMPILE_DL_EXT=1 -c /<<PKGBUILDDIR>>/ext/pdo/pdo.c -MMD -MF ext/pdo/pdo.dep -MT ext/pdo/pdo.lo  -fPIC -DPIC -o ext/pdo/.libs/pdo.o
333801:In file included from /<<PKGBUILDDIR>>/ext/pdo/pdo.c:28:
333806: x86_64-linux-gnu-gcc -Iext/pdo/ -I/<<PKGBUILDDIR>>/ext/pdo/ -I/<<PKGBUILDDIR>>/ext-build/include -I/<<PKGBUILDDIR>>/ext-build/main -I/<<PKGBUILDDIR>> -I/<<PKGBUILDDIR>>/ext-build/ext/date/lib -I/<<PKGBUILDDIR>>/ext/date/lib -I/usr/include/libxml2 -I/usr/include/x86_64-linux-gnu -I/usr/include/enchant-2 -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -I/usr/include/libpng16 -I/usr/include/freetype2 -I/usr/include/c-client -I/<<PKGBUILDDIR>>/ext/mbstring/libmbfl -I/<<PKGBUILDDIR>>/ext-build/ext/mbstring/libmbfl -I/<<PKGBUILDDIR>>/ext/mbstring/libmbfl/mbfl -I/<<PKGBUILDDIR>>/ext-build/ext/mbstring/libmbfl/mbfl -I/usr/include/postgresql -I/usr/include/pspell -I/usr/include/editline -I/usr/include/tidy -I/<<PKGBUILDDIR>>/ext-build/TSRM -I/<<PKGBUILDDIR>>/ext-build/Zend -I/<<PKGBUILDDIR>>/main -I/<<PKGBUILDDIR>>/Zend -I/<<PKGBUILDDIR>>/TSRM -I/<<PKGBUILDDIR>>/ext-build/ -Wdate-time -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -fno-common -Wstrict-prototypes -Wformat-truncation -Wlogical-op -Wduplicated-cond -Wno-clobbered -Wall -Wextra -Wno-strict-aliasing -Wno-unused-parameter -Wno-sign-compare -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -O2 -Wall -pedantic -fsigned-char -fno-strict-aliasing -DOPENSSL_SUPPRESS_DEPRECATED -g -fvisibility=hidden -Wimplicit-fallthrough=1 -DZEND_SIGNALS -DZEND_COMPILE_DL_EXT=1 -c /<<PKGBUILDDIR>>/ext/pdo/pdo.c -MMD -MF ext/pdo/pdo.dep -MT ext/pdo/pdo.lo  -fPIC -DPIC -o ext/pdo/pdo.o >/dev/null 2>&1
392269:/bin/bash /<<PKGBUILDDIR>>/ext-build/libtool --preserve-dup-deps --tag CC --mode=link x86_64-linux-gnu-gcc -shared -I/<<PKGBUILDDIR>>/ext-build/include -I/<<PKGBUILDDIR>>/ext-build/main -I/<<PKGBUILDDIR>> -I/<<PKGBUILDDIR>>/ext-build/ext/date/lib -I/<<PKGBUILDDIR>>/ext/date/lib -I/usr/include/libxml2 -I/usr/include/x86_64-linux-gnu -I/usr/include/enchant-2 -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -I/usr/include/libpng16 -I/usr/include/freetype2 -I/usr/include/c-client -I/<<PKGBUILDDIR>>/ext/mbstring/libmbfl -I/<<PKGBUILDDIR>>/ext-build/ext/mbstring/libmbfl -I/<<PKGBUILDDIR>>/ext/mbstring/libmbfl/mbfl -I/<<PKGBUILDDIR>>/ext-build/ext/mbstring/libmbfl/mbfl -I/usr/include/postgresql -I/usr/include/pspell -I/usr/include/editline -I/usr/include/tidy -I/<<PKGBUILDDIR>>/ext-build/TSRM -I/<<PKGBUILDDIR>>/ext-build/Zend -I/<<PKGBUILDDIR>>/main -I/<<PKGBUILDDIR>>/Zend -I/<<PKGBUILDDIR>>/TSRM -I/<<PKGBUILDDIR>>/ext-build/  -Wdate-time -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE  -fno-common -Wstrict-prototypes -Wformat-truncation -Wlogical-op -Wduplicated-cond -Wno-clobbered -Wall -Wextra -Wno-strict-aliasing -Wno-unused-parameter -Wno-sign-compare -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -O2 -Wall -pedantic -fsigned-char -fno-strict-aliasing -DOPENSSL_SUPPRESS_DEPRECATED -g -fvisibility=hidden -Wimplicit-fallthrough=1 -DZEND_SIGNALS   -Wl,-z,relro -Wl,-z,now -Wl,--as-needed  -o ext/pdo/pdo.la -export-dynamic -avoid-version -prefer-pic -module -rpath /<<PKGBUILDDIR>>/ext-build/modules -L/usr/lib/x86_64-linux-gnu/mit-krb5 ext/pdo/pdo.lo ext/pdo/pdo_dbh.lo ext/pdo/pdo_stmt.lo ext/pdo/pdo_sql_parser.lo ext/pdo/pdo_sqlstate.lo 
392275:rm -fr  ext/pdo/.libs/pdo.la ext/pdo/.libs/pdo.lai ext/pdo/.libs/pdo.so
392276:x86_64-linux-gnu-gcc -shared  ext/pdo/.libs/pdo.o ext/pdo/.libs/pdo_dbh.o ext/pdo/.libs/pdo_stmt.o ext/pdo/.libs/pdo_sql_parser.o ext/pdo/.libs/pdo_sqlstate.o  -L/usr/lib/x86_64-linux-gnu/mit-krb5  -Wl,-z -Wl,relro -Wl,-z -Wl,now -Wl,--as-needed -Wl,-soname -Wl,pdo.so -o ext/pdo/.libs/pdo.so
392277:creating ext/pdo/pdo.la
392278:(cd ext/pdo/.libs && rm -f pdo.la && ln -s ../pdo.la pdo.la)
392902:/bin/bash /<<PKGBUILDDIR>>/ext-build/libtool --preserve-dup-deps --tag CC --mode=install cp ext/pdo/pdo.la /<<PKGBUILDDIR>>/ext-build/modules
392929:cp ext/pdo/.libs/pdo.so /<<PKGBUILDDIR>>/ext-build/modules/pdo.so
392930:cp ext/pdo/.libs/pdo.lai /<<PKGBUILDDIR>>/ext-build/modules/pdo.la
604933: cp --reflink=auto -a debian/tmp/usr/lib/php/20220829/calendar.so debian/tmp/usr/lib/php/20220829/ctype.so debian/tmp/usr/lib/php/20220829/exif.so debian/tmp/usr/lib/php/20220829/ffi.so debian/tmp/usr/lib/php/20220829/fileinfo.so debian/tmp/usr/lib/php/20220829/ftp.so debian/tmp/usr/lib/php/20220829/gettext.so debian/tmp/usr/lib/php/20220829/iconv.so debian/tmp/usr/lib/php/20220829/pdo.so debian/tmp/usr/lib/php/20220829/phar.so debian/tmp/usr/lib/php/20220829/posix.so debian/tmp/usr/lib/php/20220829/shmop.so debian/tmp/usr/lib/php/20220829/sockets.so debian/tmp/usr/lib/php/20220829/sysvmsg.so debian/tmp/usr/lib/php/20220829/sysvsem.so debian/tmp/usr/lib/php/20220829/sysvshm.so debian/tmp/usr/lib/php/20220829/tokenizer.so debian/php8.2-common//usr/lib/php/20220829/
606119: objcopy --only-keep-debug --compress-debug-sections debian/php8.2-common/usr/lib/php/20220829/pdo.so debian/.debhelper/php8.2-common/dbgsym-root/usr/lib/debug/.build-id/d8/4c88ba56fd565e15611d7d8faf605ebb33db04.debug
606131: strip --remove-section=.comment --remove-section=.note --strip-unneeded debian/php8.2-common/usr/lib/php/20220829/pdo.so
606132: objcopy --add-gnu-debuglink debian/.debhelper/php8.2-common/dbgsym-root/usr/lib/debug/.build-id/d8/4c88ba56fd565e15611d7d8faf605ebb33db04.debug debian/php8.2-common/usr/lib/php/20220829/pdo.so
606503: dpkg-shlibdeps -Tdebian/php8.2-common.substvars debian/php8.2-common/usr/lib/php/20220829/tokenizer.so debian/php8.2-common/usr/lib/php/20220829/sysvshm.so debian/php8.2-common/usr/lib/php/20220829/sysvsem.so debian/php8.2-common/usr/lib/php/20220829/sysvmsg.so debian/php8.2-common/usr/lib/php/20220829/sockets.so debian/php8.2-common/usr/lib/php/20220829/shmop.so debian/php8.2-common/usr/lib/php/20220829/posix.so debian/php8.2-common/usr/lib/php/20220829/phar.so debian/php8.2-common/usr/lib/php/20220829/pdo.so debian/php8.2-common/usr/lib/php/20220829/iconv.so debian/php8.2-common/usr/lib/php/20220829/gettext.so debian/php8.2-common/usr/lib/php/20220829/ftp.so debian/php8.2-common/usr/lib/php/20220829/fileinfo.so debian/php8.2-common/usr/lib/php/20220829/ffi.so debian/php8.2-common/usr/lib/php/20220829/exif.so debian/php8.2-common/usr/lib/php/20220829/ctype.so debian/php8.2-common/usr/lib/php/20220829/calendar.so
606549:dpkg-shlibdeps: warning: debian/php8.2-common/usr/lib/php/20220829/pdo.so contains an unresolvable reference to symbol zend_std_unset_property: it's probably a plugin
610072:-rw-r--r-- root/root    129128 2023-03-16 14:24 ./usr/lib/php/20220829/pdo.so
thestinger commented 1 year ago

Does it happen with other allocators like mimalloc?

cgzones commented 1 year ago

Thanks for the suggestion!

It seems to be a common allocator incompatibility with the dlopen(3) flag RTLD_DEEPBIND. On previous glibc versions assigning the malloc hooks, e.g.

__attribute__((visibility("default"))) void *(*__malloc_hook)(size_t size) = h_malloc;
__attribute__((visibility("default"))) void *(*__realloc_hook)(void *ptr, size_t size) = h_realloc;
__attribute__((visibility("default"))) void (*__free_hook)(void *ptr) = h_free;
__attribute__((visibility("default"))) void *(*__memalign_hook)(size_t alignment, size_t size) = h_memalign;

should have worked, but that workaround has been invalidated in recent glibc versions. So it seems there is nothing allocators can do currently. Running hardened_malloc with php rebuild with the flag RTLD_DEEPBIND dropped actually works fine.