search

php / php-src

The PHP Interpreter
https://www.php.net
Other
37.57k stars 7.69k forks source link

Tests failing under Valgrind #14806

Open Girgias opened 4 days ago

Girgias commented 4 days ago

Description

Some of our tests when run under Valgrind seem to be leaking because of mistakes within php-src. I ran those tests while attempting to determine another issue, but those seem very unlikely related to my specific issue.

ext/standard/tests/network/bug74764.phpt

==1431635== Syscall param socketcall.bind(my_addr.sin6_flowinfo) points to uninitialised byte(s)
==1431635==    at 0x90660CB: bind (syscall-template.S:120)
==1431635==    by 0x1AD51DD: php_network_connect_socket_to_host (network.c:873)
==1431635==    by 0x1B283A2: php_tcp_sockop_connect (xp_socket.c:821)
==1431635==    by 0x1B29021: php_tcp_sockop_set_option (xp_socket.c:912)
==1431635==    by 0x743B6A: php_openssl_sockop_set_option (xp_ssl.c:2623)
==1431635==    by 0x1AF8635: _php_stream_set_option (streams.c:1429)
==1431635==    by 0x1B20C2E: php_stream_xport_connect (transports.c:248)
==1431635==    by 0x1B20381: _php_stream_xport_create (transports.c:145)
==1431635==    by 0x171E5E0: zif_stream_socket_client (streamsfuncs.c:158)
==1431635==    by 0x1E4435B: ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:1349)
==1431635==    by 0x201DE08: execute_ex (zend_vm_execute.h:57574)
==1431635==    by 0x202BF4E: zend_execute (zend_vm_execute.h:63001)
==1431635==  Address 0x1ffeffb094 is on thread 1's stack
==1431635==  in frame #1, created by php_network_connect_socket_to_host (network.c:771)
==1431635== 
==1431635== Syscall param socketcall.bind(my_addr.sin6_scope_id) points to uninitialised byte(s)
==1431635==    at 0x90660CB: bind (syscall-template.S:120)
==1431635==    by 0x1AD51DD: php_network_connect_socket_to_host (network.c:873)
==1431635==    by 0x1B283A2: php_tcp_sockop_connect (xp_socket.c:821)
==1431635==    by 0x1B29021: php_tcp_sockop_set_option (xp_socket.c:912)
==1431635==    by 0x743B6A: php_openssl_sockop_set_option (xp_ssl.c:2623)
==1431635==    by 0x1AF8635: _php_stream_set_option (streams.c:1429)
==1431635==    by 0x1B20C2E: php_stream_xport_connect (transports.c:248)
==1431635==    by 0x1B20381: _php_stream_xport_create (transports.c:145)
==1431635==    by 0x171E5E0: zif_stream_socket_client (streamsfuncs.c:158)
==1431635==    by 0x1E4435B: ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:1349)
==1431635==    by 0x201DE08: execute_ex (zend_vm_execute.h:57574)
==1431635==    by 0x202BF4E: zend_execute (zend_vm_execute.h:63001)
==1431635==  Address 0x1ffeffb0a8 is on thread 1's stack
==1431635==  in frame #1, created by php_network_connect_socket_to_host (network.c:771)
==1431635==

ext/standard/tests/strings/strtr_with_reference.phpt

==1455919== Conditional jump or move depends on uninitialised value(s)
==1455919==    at 0x175907C: php_str_to_str_ex (string.c:3211)
==1455919==    by 0x175B7DD: php_strtr_array (string.c:3449)
==1455919==    by 0x175C725: zflf_strtr_2 (string.c:3513)
==1455919==    by 0x1E647B5: ZEND_FRAMELESS_ICALL_2_SPEC_HANDLER (zend_vm_execute.h:3757)
==1455919==    by 0x201E4C8: execute_ex (zend_vm_execute.h:57754)
==1455919==    by 0x202BF4E: zend_execute (zend_vm_execute.h:63001)
==1455919==    by 0x225820D: zend_execute_script (zend.c:1913)
==1455919==    by 0x1A9CB4D: php_execute_script_ex (main.c:2529)
==1455919==    by 0x1A9D010: php_execute_script (main.c:2569)
==1455919==    by 0x225D6F4: do_cli (php_cli.c:956)
==1455919==    by 0x225F41A: main (php_cli.c:1330)
==1455919==

Zend/tests/generators/errors/generator_extend_error.phpt

==1267663== Conditional jump or move depends on uninitialised value(s)
==1267663==    at 0x1A9ED5E: ap_php_conv_10 (snprintf.c:251)
==1267663==    by 0x1AA4E37: xbuf_format_converter (spprintf.c:456)
==1267663==    by 0x1AA6BB5: php_printf_to_smart_string (spprintf.c:778)
==1267663==    by 0x224ACFD: zend_vspprintf (zend.c:292)
==1267663==    by 0x1A92F44: php_printf_unchecked (main.c:924)
==1267663==    by 0x1A962FC: php_error_cb (main.c:1386)
==1267663==    by 0x13C9ED3: soap_error_handler (soap.c:1902)
==1267663==    by 0x2253ADB: zend_error_zstr_at (zend.c:1473)
==1267663==    by 0x2255A3E: zend_error_va_list (zend.c:1575)
==1267663==    by 0x2256260: zend_error_noreturn (zend.c:1684)
==1267663==    by 0x209A88F: zend_do_inheritance_ex (zend_inheritance.c:1493)
==1267663==    by 0x20B52AD: zend_try_early_bind (zend_inheritance.c:3422)
==1267663== 
==1267663== Syscall param write(buf) points to uninitialised byte(s)
==1267663==    at 0x9057864: write (write.c:26)
==1267663==    by 0x225B014: sapi_cli_single_write (php_cli.c:252)
==1267663==    by 0x225B112: sapi_cli_ub_write (php_cli.c:284)
==1267663==    by 0x1AE2A95: php_output_op (output.c:1070)
==1267663==    by 0x1ADB104: php_output_write (output.c:240)
==1267663==    by 0x1A92F64: php_printf_unchecked (main.c:925)
==1267663==    by 0x1A962FC: php_error_cb (main.c:1386)
==1267663==    by 0x13C9ED3: soap_error_handler (soap.c:1902)
==1267663==    by 0x2253ADB: zend_error_zstr_at (zend.c:1473)
==1267663==    by 0x2255A3E: zend_error_va_list (zend.c:1575)
==1267663==    by 0x2256260: zend_error_noreturn (zend.c:1684)
==1267663==    by 0x209A88F: zend_do_inheritance_ex (zend_inheritance.c:1493)
==1267663==  Address 0x20b58867 is 167 bytes inside a block of size 224 alloc'd
==1267663==    at 0x4FD882F: malloc (vg_replace_malloc.c:446)
==1267663==    by 0x1CDB02B: __zend_malloc (zend_alloc.c:3319)
==1267663==    by 0x1CD70EF: _emalloc (zend_alloc.c:2776)
==1267663==    by 0x2220016: _smart_string_alloc (zend_smart_str.c:165)
==1267663==    by 0x1AA3460: smart_string_alloc (zend_smart_string.h:59)
==1267663==    by 0x1AA3622: smart_string_appendl_ex (zend_smart_string.h:85)
==1267663==    by 0x1AA669A: xbuf_format_converter (spprintf.c:761)
==1267663==    by 0x1AA6BB5: php_printf_to_smart_string (spprintf.c:778)
==1267663==    by 0x224ACFD: zend_vspprintf (zend.c:292)
==1267663==    by 0x1A92F44: php_printf_unchecked (main.c:924)
==1267663==    by 0x1A962FC: php_error_cb (main.c:1386)
==1267663==    by 0x13C9ED3: soap_error_handler (soap.c:1902)
==1267663==

Zend/tests/weakrefs/weakrefs_004.phpt

==1320353== Conditional jump or move depends on uninitialised value(s)
==1320353==    at 0x1A9ED5E: ap_php_conv_10 (snprintf.c:251)
==1320353==    by 0x1AA4E37: xbuf_format_converter (spprintf.c:456)
==1320353==    by 0x1AA6BB5: php_printf_to_smart_string (spprintf.c:778)
==1320353==    by 0x224ACFD: zend_vspprintf (zend.c:292)
==1320353==    by 0x1A92F44: php_printf_unchecked (main.c:924)
==1320353==    by 0x1A962FC: php_error_cb (main.c:1386)
==1320353==    by 0x13C9ED3: soap_error_handler (soap.c:1902)
==1320353==    by 0x2253ADB: zend_error_zstr_at (zend.c:1473)
==1320353==    by 0x2255A3E: zend_error_va_list (zend.c:1575)
==1320353==    by 0x2256260: zend_error_noreturn (zend.c:1684)
==1320353==    by 0x209A88F: zend_do_inheritance_ex (zend_inheritance.c:1493)
==1320353==    by 0x20B52AD: zend_try_early_bind (zend_inheritance.c:3422)
==1320353== 
==1320353== Syscall param write(buf) points to uninitialised byte(s)
==1320353==    at 0x9057864: write (write.c:26)
==1320353==    by 0x225B014: sapi_cli_single_write (php_cli.c:252)
==1320353==    by 0x225B112: sapi_cli_ub_write (php_cli.c:284)
==1320353==    by 0x1AE2A95: php_output_op (output.c:1070)
==1320353==    by 0x1ADB104: php_output_write (output.c:240)
==1320353==    by 0x1A92F64: php_printf_unchecked (main.c:925)
==1320353==    by 0x1A962FC: php_error_cb (main.c:1386)
==1320353==    by 0x13C9ED3: soap_error_handler (soap.c:1902)
==1320353==    by 0x2253ADB: zend_error_zstr_at (zend.c:1473)
==1320353==    by 0x2255A3E: zend_error_va_list (zend.c:1575)
==1320353==    by 0x2256260: zend_error_noreturn (zend.c:1684)
==1320353==    by 0x209A88F: zend_do_inheritance_ex (zend_inheritance.c:1493)
==1320353==  Address 0x20b583eb is 139 bytes inside a block of size 224 alloc'd
==1320353==    at 0x4FD882F: malloc (vg_replace_malloc.c:446)
==1320353==    by 0x1CDB02B: __zend_malloc (zend_alloc.c:3319)
==1320353==    by 0x1CD70EF: _emalloc (zend_alloc.c:2776)
==1320353==    by 0x2220016: _smart_string_alloc (zend_smart_str.c:165)
==1320353==    by 0x1AA3460: smart_string_alloc (zend_smart_string.h:59)
==1320353==    by 0x1AA3622: smart_string_appendl_ex (zend_smart_string.h:85)
==1320353==    by 0x1AA669A: xbuf_format_converter (spprintf.c:761)
==1320353==    by 0x1AA6BB5: php_printf_to_smart_string (spprintf.c:778)
==1320353==    by 0x224ACFD: zend_vspprintf (zend.c:292)
==1320353==    by 0x1A92F44: php_printf_unchecked (main.c:924)
==1320353==    by 0x1A962FC: php_error_cb (main.c:1386)
==1320353==    by 0x13C9ED3: soap_error_handler (soap.c:1902)
==1320353==

PHP Version

master

Operating System

No response

NattyNarwhal commented 4 days ago

For php_network_connect_socket_to_host, I think the union should probably be = {0}'d, or actually set the fields, if they are important (Scope ID does matter with link-local, at least.). Snippet of the relevant code below:

                        union { 
                                struct sockaddr common;
                                struct sockaddr_in in4;
#ifdef HAVE_IPV6
                                struct sockaddr_in6 in6;
#endif  
                        } local_address;
                        int local_address_len = 0;

                        if (sa->sa_family == AF_INET) {
                                if (inet_pton(AF_INET, bindto, &local_address.in4.sin_addr) == 1) {
                                        local_address_len = sizeof(struct sockaddr_in);
                                        local_address.in4.sin_family = sa->sa_family;
                                        local_address.in4.sin_port = htons(bindport);
                                        memset(&(local_address.in4.sin_zero), 0, sizeof(local_address.in4.sin_zero));
                                }
                        }
#ifdef HAVE_IPV6
                        else { /* IPV6 */
                                if (inet_pton(AF_INET6, bindto, &local_address.in6.sin6_addr) == 1) {
                                        local_address_len = sizeof(struct sockaddr_in6);
                                        local_address.in6.sin6_family = sa->sa_family;
                                        local_address.in6.sin6_port = htons(bindport);
                                }
                        }
#endif                  
#ifdef IP_BIND_ADDRESS_NO_PORT  
                        {       
                                int val = 1;
                                (void) setsockopt(sock, SOL_IP, IP_BIND_ADDRESS_NO_PORT, &val, sizeof(val));
                        }
#endif
                        if (local_address_len == 0) {
                                php_error_docref(NULL, E_WARNING, "Invalid IP Address: %s", bindto);
                        } else if (bind(sock, &local_address.common, local_address_len)) {
                                php_error_docref(NULL, E_WARNING, "Failed to bind to '%s:%d', system said: %s", bindto, bindport, strerror(errno));
                        }
nielsdos commented 4 days ago

@NattyNarwhal Yes that seems to be the most simple fix, just adding = {0}. And for completeness, then also removing the then-useless memset(&(local_address.in4.sin_zero), 0, sizeof(local_address.in4.sin_zero));.

nielsdos commented 4 days ago

I can't reproduce the results for Zend/tests/generators/errors/generator_extend_error.phpt or Zend/tests/weakrefs/weakrefs_004.phpt. What configuration options did you use and which compiler?

Girgias commented 4 days ago

My configure command was:

./configure -C CC=gcc CFLAGS="-DPROFITABILITY_CHECKS=0 -DZEND_RC_DEBUG=1 -DZEND_VERIFY_FUNC_INFO=1 -DZEND_TRACK_ARENA_ALLOC=1 -ggdb3" --enable-debug --enable-tokenizer --enable-opcache --enable-zend-test --enable-dl-test=shared  --enable-pcntl --enable-mbstring --enable-fpm --enable-posix --enable-bcmath --enable-calendar --enable-ctype --enable-exif   --enable-fileinfo --enable-filter --enable-ftp --enable-gd --enable-session --enable-sockets   --enable-sysvmsg --enable-shmop --enable-sysvsem --enable-sysvshm   --enable-dba --with-qdbm --with-cdb --enable-flatfile --enable-inifile --with-lmdb --with-tcadb  --with-zip --with-zlib --with-bz2   --with-curl --with-ffi --with-gmp --with-tidy --with-enchant --with-openssl --with-sodium   --with-libxml --enable-dom --enable-simplexml --enable-xml --enable-xmlreader --enable-xmlwriter --with-xsl --enable-soap   --with-sqlite3 --with-mysqli --with-unixODBC --enable-pdo --with-pdo-firebird --with-pdo-mysql --with-pdo-pgsql --with-pdo-sqlite --with-pgsql --with-iconv --disable-phar --with-readline --enable-intl --enable-simplexml --with-ffi --with-valgrind --prefix /home/girgias/Dev/custom-php/

Frustratingly, I don't have the test command as I was forced to reset my computer as it got very unresponsive and losing the terminal history/command. But I cannot reproduce them either now...