Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tests failing under Valgrind #14806

Open
Girgias opened this issue Jul 4, 2024 · 4 comments
Open

Tests failing under Valgrind #14806

Girgias opened this issue Jul 4, 2024 · 4 comments
Labels
Bug Status: Verified

Comments

@Girgias
Copy link
Member

Girgias commented Jul 4, 2024

Description

Some of our tests when run under Valgrind seem to be leaking because of mistakes within php-src.
I ran those tests while attempting to determine another issue, but those seem very unlikely related to my specific issue.

ext/standard/tests/network/bug74764.phpt

==1431635== Syscall param socketcall.bind(my_addr.sin6_flowinfo) points to uninitialised byte(s)
==1431635==    at 0x90660CB: bind (syscall-template.S:120)
==1431635==    by 0x1AD51DD: php_network_connect_socket_to_host (network.c:873)
==1431635==    by 0x1B283A2: php_tcp_sockop_connect (xp_socket.c:821)
==1431635==    by 0x1B29021: php_tcp_sockop_set_option (xp_socket.c:912)
==1431635==    by 0x743B6A: php_openssl_sockop_set_option (xp_ssl.c:2623)
==1431635==    by 0x1AF8635: _php_stream_set_option (streams.c:1429)
==1431635==    by 0x1B20C2E: php_stream_xport_connect (transports.c:248)
==1431635==    by 0x1B20381: _php_stream_xport_create (transports.c:145)
==1431635==    by 0x171E5E0: zif_stream_socket_client (streamsfuncs.c:158)
==1431635==    by 0x1E4435B: ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:1349)
==1431635==    by 0x201DE08: execute_ex (zend_vm_execute.h:57574)
==1431635==    by 0x202BF4E: zend_execute (zend_vm_execute.h:63001)
==1431635==  Address 0x1ffeffb094 is on thread 1's stack
==1431635==  in frame #1, created by php_network_connect_socket_to_host (network.c:771)
==1431635== 
==1431635== Syscall param socketcall.bind(my_addr.sin6_scope_id) points to uninitialised byte(s)
==1431635==    at 0x90660CB: bind (syscall-template.S:120)
==1431635==    by 0x1AD51DD: php_network_connect_socket_to_host (network.c:873)
==1431635==    by 0x1B283A2: php_tcp_sockop_connect (xp_socket.c:821)
==1431635==    by 0x1B29021: php_tcp_sockop_set_option (xp_socket.c:912)
==1431635==    by 0x743B6A: php_openssl_sockop_set_option (xp_ssl.c:2623)
==1431635==    by 0x1AF8635: _php_stream_set_option (streams.c:1429)
==1431635==    by 0x1B20C2E: php_stream_xport_connect (transports.c:248)
==1431635==    by 0x1B20381: _php_stream_xport_create (transports.c:145)
==1431635==    by 0x171E5E0: zif_stream_socket_client (streamsfuncs.c:158)
==1431635==    by 0x1E4435B: ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:1349)
==1431635==    by 0x201DE08: execute_ex (zend_vm_execute.h:57574)
==1431635==    by 0x202BF4E: zend_execute (zend_vm_execute.h:63001)
==1431635==  Address 0x1ffeffb0a8 is on thread 1's stack
==1431635==  in frame #1, created by php_network_connect_socket_to_host (network.c:771)
==1431635==

ext/standard/tests/strings/strtr_with_reference.phpt

==1455919== Conditional jump or move depends on uninitialised value(s)
==1455919==    at 0x175907C: php_str_to_str_ex (string.c:3211)
==1455919==    by 0x175B7DD: php_strtr_array (string.c:3449)
==1455919==    by 0x175C725: zflf_strtr_2 (string.c:3513)
==1455919==    by 0x1E647B5: ZEND_FRAMELESS_ICALL_2_SPEC_HANDLER (zend_vm_execute.h:3757)
==1455919==    by 0x201E4C8: execute_ex (zend_vm_execute.h:57754)
==1455919==    by 0x202BF4E: zend_execute (zend_vm_execute.h:63001)
==1455919==    by 0x225820D: zend_execute_script (zend.c:1913)
==1455919==    by 0x1A9CB4D: php_execute_script_ex (main.c:2529)
==1455919==    by 0x1A9D010: php_execute_script (main.c:2569)
==1455919==    by 0x225D6F4: do_cli (php_cli.c:956)
==1455919==    by 0x225F41A: main (php_cli.c:1330)
==1455919==

Zend/tests/generators/errors/generator_extend_error.phpt

==1267663== Conditional jump or move depends on uninitialised value(s)
==1267663==    at 0x1A9ED5E: ap_php_conv_10 (snprintf.c:251)
==1267663==    by 0x1AA4E37: xbuf_format_converter (spprintf.c:456)
==1267663==    by 0x1AA6BB5: php_printf_to_smart_string (spprintf.c:778)
==1267663==    by 0x224ACFD: zend_vspprintf (zend.c:292)
==1267663==    by 0x1A92F44: php_printf_unchecked (main.c:924)
==1267663==    by 0x1A962FC: php_error_cb (main.c:1386)
==1267663==    by 0x13C9ED3: soap_error_handler (soap.c:1902)
==1267663==    by 0x2253ADB: zend_error_zstr_at (zend.c:1473)
==1267663==    by 0x2255A3E: zend_error_va_list (zend.c:1575)
==1267663==    by 0x2256260: zend_error_noreturn (zend.c:1684)
==1267663==    by 0x209A88F: zend_do_inheritance_ex (zend_inheritance.c:1493)
==1267663==    by 0x20B52AD: zend_try_early_bind (zend_inheritance.c:3422)
==1267663== 
==1267663== Syscall param write(buf) points to uninitialised byte(s)
==1267663==    at 0x9057864: write (write.c:26)
==1267663==    by 0x225B014: sapi_cli_single_write (php_cli.c:252)
==1267663==    by 0x225B112: sapi_cli_ub_write (php_cli.c:284)
==1267663==    by 0x1AE2A95: php_output_op (output.c:1070)
==1267663==    by 0x1ADB104: php_output_write (output.c:240)
==1267663==    by 0x1A92F64: php_printf_unchecked (main.c:925)
==1267663==    by 0x1A962FC: php_error_cb (main.c:1386)
==1267663==    by 0x13C9ED3: soap_error_handler (soap.c:1902)
==1267663==    by 0x2253ADB: zend_error_zstr_at (zend.c:1473)
==1267663==    by 0x2255A3E: zend_error_va_list (zend.c:1575)
==1267663==    by 0x2256260: zend_error_noreturn (zend.c:1684)
==1267663==    by 0x209A88F: zend_do_inheritance_ex (zend_inheritance.c:1493)
==1267663==  Address 0x20b58867 is 167 bytes inside a block of size 224 alloc'd
==1267663==    at 0x4FD882F: malloc (vg_replace_malloc.c:446)
==1267663==    by 0x1CDB02B: __zend_malloc (zend_alloc.c:3319)
==1267663==    by 0x1CD70EF: _emalloc (zend_alloc.c:2776)
==1267663==    by 0x2220016: _smart_string_alloc (zend_smart_str.c:165)
==1267663==    by 0x1AA3460: smart_string_alloc (zend_smart_string.h:59)
==1267663==    by 0x1AA3622: smart_string_appendl_ex (zend_smart_string.h:85)
==1267663==    by 0x1AA669A: xbuf_format_converter (spprintf.c:761)
==1267663==    by 0x1AA6BB5: php_printf_to_smart_string (spprintf.c:778)
==1267663==    by 0x224ACFD: zend_vspprintf (zend.c:292)
==1267663==    by 0x1A92F44: php_printf_unchecked (main.c:924)
==1267663==    by 0x1A962FC: php_error_cb (main.c:1386)
==1267663==    by 0x13C9ED3: soap_error_handler (soap.c:1902)
==1267663==

Zend/tests/weakrefs/weakrefs_004.phpt

==1320353== Conditional jump or move depends on uninitialised value(s)
==1320353==    at 0x1A9ED5E: ap_php_conv_10 (snprintf.c:251)
==1320353==    by 0x1AA4E37: xbuf_format_converter (spprintf.c:456)
==1320353==    by 0x1AA6BB5: php_printf_to_smart_string (spprintf.c:778)
==1320353==    by 0x224ACFD: zend_vspprintf (zend.c:292)
==1320353==    by 0x1A92F44: php_printf_unchecked (main.c:924)
==1320353==    by 0x1A962FC: php_error_cb (main.c:1386)
==1320353==    by 0x13C9ED3: soap_error_handler (soap.c:1902)
==1320353==    by 0x2253ADB: zend_error_zstr_at (zend.c:1473)
==1320353==    by 0x2255A3E: zend_error_va_list (zend.c:1575)
==1320353==    by 0x2256260: zend_error_noreturn (zend.c:1684)
==1320353==    by 0x209A88F: zend_do_inheritance_ex (zend_inheritance.c:1493)
==1320353==    by 0x20B52AD: zend_try_early_bind (zend_inheritance.c:3422)
==1320353== 
==1320353== Syscall param write(buf) points to uninitialised byte(s)
==1320353==    at 0x9057864: write (write.c:26)
==1320353==    by 0x225B014: sapi_cli_single_write (php_cli.c:252)
==1320353==    by 0x225B112: sapi_cli_ub_write (php_cli.c:284)
==1320353==    by 0x1AE2A95: php_output_op (output.c:1070)
==1320353==    by 0x1ADB104: php_output_write (output.c:240)
==1320353==    by 0x1A92F64: php_printf_unchecked (main.c:925)
==1320353==    by 0x1A962FC: php_error_cb (main.c:1386)
==1320353==    by 0x13C9ED3: soap_error_handler (soap.c:1902)
==1320353==    by 0x2253ADB: zend_error_zstr_at (zend.c:1473)
==1320353==    by 0x2255A3E: zend_error_va_list (zend.c:1575)
==1320353==    by 0x2256260: zend_error_noreturn (zend.c:1684)
==1320353==    by 0x209A88F: zend_do_inheritance_ex (zend_inheritance.c:1493)
==1320353==  Address 0x20b583eb is 139 bytes inside a block of size 224 alloc'd
==1320353==    at 0x4FD882F: malloc (vg_replace_malloc.c:446)
==1320353==    by 0x1CDB02B: __zend_malloc (zend_alloc.c:3319)
==1320353==    by 0x1CD70EF: _emalloc (zend_alloc.c:2776)
==1320353==    by 0x2220016: _smart_string_alloc (zend_smart_str.c:165)
==1320353==    by 0x1AA3460: smart_string_alloc (zend_smart_string.h:59)
==1320353==    by 0x1AA3622: smart_string_appendl_ex (zend_smart_string.h:85)
==1320353==    by 0x1AA669A: xbuf_format_converter (spprintf.c:761)
==1320353==    by 0x1AA6BB5: php_printf_to_smart_string (spprintf.c:778)
==1320353==    by 0x224ACFD: zend_vspprintf (zend.c:292)
==1320353==    by 0x1A92F44: php_printf_unchecked (main.c:924)
==1320353==    by 0x1A962FC: php_error_cb (main.c:1386)
==1320353==    by 0x13C9ED3: soap_error_handler (soap.c:1902)
==1320353==

PHP Version

master

Operating System

No response
@NattyNarwhal
Copy link
Member

For php_network_connect_socket_to_host, I think the union should probably be = {0}'d, or actually set the fields, if they are important (Scope ID does matter with link-local, at least.). Snippet of the relevant code below:

                        union { 
                                struct sockaddr common;
                                struct sockaddr_in in4;
#ifdef HAVE_IPV6
                                struct sockaddr_in6 in6;
#endif  
                        } local_address;
                        int local_address_len = 0;

                        if (sa->sa_family == AF_INET) {
                                if (inet_pton(AF_INET, bindto, &local_address.in4.sin_addr) == 1) {
                                        local_address_len = sizeof(struct sockaddr_in);
                                        local_address.in4.sin_family = sa->sa_family;
                                        local_address.in4.sin_port = htons(bindport);
                                        memset(&(local_address.in4.sin_zero), 0, sizeof(local_address.in4.sin_zero));
                                }
                        }
#ifdef HAVE_IPV6
                        else { /* IPV6 */
                                if (inet_pton(AF_INET6, bindto, &local_address.in6.sin6_addr) == 1) {
                                        local_address_len = sizeof(struct sockaddr_in6);
                                        local_address.in6.sin6_family = sa->sa_family;
                                        local_address.in6.sin6_port = htons(bindport);
                                }
                        }
#endif                  
#ifdef IP_BIND_ADDRESS_NO_PORT  
                        {       
                                int val = 1;
                                (void) setsockopt(sock, SOL_IP, IP_BIND_ADDRESS_NO_PORT, &val, sizeof(val));
                        }
#endif
                        if (local_address_len == 0) {
                                php_error_docref(NULL, E_WARNING, "Invalid IP Address: %s", bindto);
                        } else if (bind(sock, &local_address.common, local_address_len)) {
                                php_error_docref(NULL, E_WARNING, "Failed to bind to '%s:%d', system said: %s", bindto, bindport, strerror(errno));
                        }

nielsdos added a commit to nielsdos/php-src that referenced this issue Jul 4, 2024
@nielsdos
Fix uninitialized (dummy) memory in php_strtr_array()
87a67e2 
Fixes one issue in phpGH-14806.
@nielsdos nielsdos mentioned this issue Jul 4, 2024
Merged
@nielsdos
Copy link
Member

nielsdos commented Jul 4, 2024

@NattyNarwhal Yes that seems to be the most simple fix, just adding = {0}. And for completeness, then also removing the then-useless memset(&(local_address.in4.sin_zero), 0, sizeof(local_address.in4.sin_zero));.

@nielsdos
Copy link
Member

nielsdos commented Jul 4, 2024

I can't reproduce the results for Zend/tests/generators/errors/generator_extend_error.phpt or Zend/tests/weakrefs/weakrefs_004.phpt. What configuration options did you use and which compiler?

nielsdos added a commit that referenced this issue Jul 4, 2024
@nielsdos
Fix uninitialized (dummy) memory in php_strtr_array() (#14812)
7b74cad 
Fixes one issue in GH-14806.
@Girgias
Copy link
Member Author

Girgias commented Jul 4, 2024

My configure command was:

./configure -C CC=gcc CFLAGS="-DPROFITABILITY_CHECKS=0 -DZEND_RC_DEBUG=1 -DZEND_VERIFY_FUNC_INFO=1 -DZEND_TRACK_ARENA_ALLOC=1 -ggdb3" --enable-debug --enable-tokenizer --enable-opcache --enable-zend-test --enable-dl-test=shared  --enable-pcntl --enable-mbstring --enable-fpm --enable-posix --enable-bcmath --enable-calendar --enable-ctype --enable-exif   --enable-fileinfo --enable-filter --enable-ftp --enable-gd --enable-session --enable-sockets   --enable-sysvmsg --enable-shmop --enable-sysvsem --enable-sysvshm   --enable-dba --with-qdbm --with-cdb --enable-flatfile --enable-inifile --with-lmdb --with-tcadb  --with-zip --with-zlib --with-bz2   --with-curl --with-ffi --with-gmp --with-tidy --with-enchant --with-openssl --with-sodium   --with-libxml --enable-dom --enable-simplexml --enable-xml --enable-xmlreader --enable-xmlwriter --with-xsl --enable-soap   --with-sqlite3 --with-mysqli --with-unixODBC --enable-pdo --with-pdo-firebird --with-pdo-mysql --with-pdo-pgsql --with-pdo-sqlite --with-pgsql --with-iconv --disable-phar --with-readline --enable-intl --enable-simplexml --with-ffi --with-valgrind --prefix /home/girgias/Dev/custom-php/

Frustratingly, I don't have the test command as I was forced to reset my computer as it got very unresponsive and losing the terminal history/command. But I cannot reproduce them either now...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Status: Verified
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@NattyNarwhal @nielsdos @Girgias