php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #61352 uninitialized value in tests/apc_009.phpt
Submitted: 2012-03-11 20:51 UTC Modified: 2012-03-18 13:20 UTC
From: ab@php.net Assigned: ab (profile)
Status: Closed Package: APC (PECL)
PHP Version: 5.4.0 OS: all
Private report: No CVE-ID: None
 [2012-03-11 20:51 UTC] ab@php.net
Description:
------------
After applying the patches there are leaks and fails on both TS and NTS builds.


TS build:

=====================================================================
FAILED TEST SUMMARY
---------------------------------------------------------------------
APC: bindump file cache part 1 [tests/apc_bin_002.phpt]
=====================================================================

=====================================================================
LEAKED TEST SUMMARY
---------------------------------------------------------------------
APC: apc_delete_file test [tests/apc_009.phpt]
APC: bindump user cache [tests/apc_bin_001.phpt]
APC: bindump file cache part 1 [tests/apc_bin_002.phpt]
APC: APCIterator general [tests/iterator_001.phpt]
APC: APCIterator regex [tests/iterator_002.phpt]
APC: APCIterator chunk size [tests/iterator_003.phpt]
APC: APCIterator regex & chunk size & list [tests/iterator_004.phpt]
APC: APCIterator delete [tests/iterator_005.phpt]
APC: APCIterator formats [tests/iterator_006.phpt]
=====================================================================


NTS build:

=====================================================================
FAILED TEST SUMMARY
---------------------------------------------------------------------
APC: bindump file cache part 1 [tests/apc_bin_002.phpt]
=====================================================================

=====================================================================
LEAKED TEST SUMMARY
---------------------------------------------------------------------
APC: apc_delete_file test [tests/apc_009.phpt]
APC: bindump user cache [tests/apc_bin_001.phpt]
APC: bindump file cache part 1 [tests/apc_bin_002.phpt]
=====================================================================


Test script:
---------------
make test TESTS=-m

Expected result:
----------------
clean test run

Actual result:
--------------
failed tests

Patches

61352.1.patch (last revision 2012-03-13 17:54 UTC by ab@php.net)
61352.0.patch (last revision 2012-03-12 11:11 UTC by ab@php.net)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-03-12 09:03 UTC] ab@php.net
Current valgrind trace for this:


==32706== Invalid read of size 1
==32706==    at 0x4026898: memcpy (mc_replace_strmem.c:497)
==32706==    by 0x46A7453: apc_pmemcpy (apc_pool.c:493)
==32706==    by 0x469B4CC: apc_string_pmemcpy (apc_compile.c:289)
==32706==    by 0x469B73F: my_copy_zval (apc_compile.c:338)
==32706==    by 0x469CDCC: apc_copy_zval (apc_compile.c:990)
==32706==    by 0x46998F0: apc_cache_fetch_zval (apc_cache.c:1136)
==32706==    by 0x46A7AF8: apc_iterator_item_ctor (apc_iterator.c:114)
==32706==    by 0x46A84CE: apc_iterator_fetch_active (apc_iterator.c:314)
==32706==    by 0x46A8BEB: zim_apc_iterator_rewind (apc_iterator.c:474)
==32706==    by 0x8267A08: zend_call_function (zend_execute_API.c:980)
==32706==    by 0x829A625: zend_call_method (zend_interfaces.c:97)
==32706==    by 0x829AECD: zend_user_it_rewind (zend_interfaces.c:261)
==32706==  Address 0x43e8767 is 7 bytes inside a block of size 8 free'd
==32706==    at 0x4024B3A: free (vg_replace_malloc.c:366)
==32706==    by 0x823E63F: _efree (zend_alloc.c:2433)
==32706==    by 0x8276874: _zval_dtor_func (zend_variables.c:36)
==32706==    by 0x82BD09F: zend_do_fcall_common_helper_SPEC 
(zend_variables.h:35)
==32706==    by 0x82C3F6F: ZEND_DO_FCALL_SPEC_CONST_HANDLER 
(zend_vm_execute.h:2219)
==32706==    by 0x82BA3CB: execute (zend_vm_execute.h:410)
==32706==    by 0x827B547: zend_execute_scripts (zend.c:1272)
==32706==    by 0x81D6053: php_execute_script (main.c:2473)
==32706==    by 0x83CD026: do_cli (php_cli.c:983)
==32706==    by 0x83CE3C1: main (php_cli.c:1356)

Reproduceable with one of the failed test.
 [2012-03-12 09:05 UTC] ab@php.net
-Assigned To: +Assigned To: ab
 [2012-03-12 11:11 UTC] ab@php.net
The following patch has been added/updated:

Patch Name: 61352.0.patch
Revision:   1331550688
URL:        https://bugs.php.net/patch-display.php?bug=61352&patch=61352.0.patch&revision=1331550688
 [2012-03-12 11:13 UTC] ab@php.net
The patch 61352.0.patch partly fixes the issue, i've got now on both TS and NTS

NTS build:

=====================================================================
FAILED TEST SUMMARY
---------------------------------------------------------------------
APC: bindump file cache part 1 [tests/apc_bin_002.phpt]
=====================================================================

=====================================================================
LEAKED TEST SUMMARY
---------------------------------------------------------------------
APC: apc_delete_file test [tests/apc_009.phpt]
APC: bindump user cache [tests/apc_bin_001.phpt]
APC: bindump file cache part 1 [tests/apc_bin_002.phpt]
=====================================================================

Just to be noted, the bin dump issue is already recorded in 
https://bugs.php.net/bug.php?id=61133
 [2012-03-12 11:29 UTC] ab@php.net
-Status: Assigned +Status: Duplicate
 [2012-03-12 11:29 UTC] ab@php.net
this patch will be merged into #61238
 [2012-03-12 11:37 UTC] pajoye@php.net
Automatic comment from SVN on behalf of pajoye
Revision: http://svn.php.net/viewvc/?view=revision&revision=324144
Log: - fix bug #61352, fix leaks
 [2012-03-12 14:31 UTC] pajoye@php.net
Patch applied (last revision 2012-03-12 11:11 UTC) already.
 [2012-03-12 14:31 UTC] pajoye@php.net
-Status: Duplicate +Status: Open
 [2012-03-12 19:52 UTC] ab@php.net
Current valgrind traces:

tests/apc_009.phpt

==3401== Use of uninitialised value of size 4
==3401==    at 0x817042F: make_digest_ex (md5.c:38)
==3401==    by 0x81703F7: make_digest (md5.c:28)
==3401==    by 0x46A52D9: apc_iterator_item_ctor (apc_iterator.c:122)
==3401==    by 0x46A5C08: apc_iterator_fetch_active (apc_iterator.c:314)
==3401==    by 0x46A6F21: apc_iterator_delete (apc_iterator.c:719)
==3401==    by 0x469413B: zif_apc_delete_file (php_apc.c:1042)
==3401==    by 0x82F668F: zend_do_fcall_common_helper_SPEC 
(zend_vm_execute.h:642)
==3401==    by 0x82FCF33: ZEND_DO_FCALL_SPEC_CONST_HANDLER 
(zend_vm_execute.h:2219)
==3401==    by 0x82F5127: execute (zend_vm_execute.h:410)
==3401==    by 0x82BB8EE: zend_execute_scripts (zend.c:1272)
==3401==    by 0x82315BA: php_execute_script (main.c:2473)
==3401==    by 0x83DFEBD: do_cli (php_cli.c:983)
==3401== 
==3401== Use of uninitialised value of size 4
==3401==    at 0x8170453: make_digest_ex (md5.c:39)
==3401==    by 0x81703F7: make_digest (md5.c:28)
==3401==    by 0x46A52D9: apc_iterator_item_ctor (apc_iterator.c:122)
==3401==    by 0x46A5C08: apc_iterator_fetch_active (apc_iterator.c:314)
==3401==    by 0x46A6F21: apc_iterator_delete (apc_iterator.c:719)
==3401==    by 0x469413B: zif_apc_delete_file (php_apc.c:1042)
==3401==    by 0x82F668F: zend_do_fcall_common_helper_SPEC 
(zend_vm_execute.h:642)
==3401==    by 0x82FCF33: ZEND_DO_FCALL_SPEC_CONST_HANDLER 
(zend_vm_execute.h:2219)
==3401==    by 0x82F5127: execute (zend_vm_execute.h:410)
==3401==    by 0x82BB8EE: zend_execute_scripts (zend.c:1272)
==3401==    by 0x82315BA: php_execute_script (main.c:2473)
==3401==    by 0x83DFEBD: do_cli (php_cli.c:983)
==3401==

tests/apc_bin_001.phpt

==3424== Invalid read of size 4
==3424==    at 0x46A11FD: sma_allocate (apc_sma.c:261)
==3424==    by 0x46A17C4: apc_sma_malloc_ex (apc_sma.c:453)
==3424==    by 0x46A1C52: apc_sma_malloc (apc_sma.c:517)
==3424==    by 0x46A4A7D: apc_realpool_create (apc_pool.c:435)
==3424==    by 0x46A453F: apc_pool_create (apc_pool.c:57)
==3424==    by 0x4692B0E: _apc_store (php_apc.c:589)
==3424==    by 0x46AA208: apc_bin_load (apc_bin.c:958)
==3424==    by 0x46958E7: zif_apc_bin_load (php_apc.c:1482)
==3424==    by 0x82F668F: zend_do_fcall_common_helper_SPEC 
(zend_vm_execute.h:642)
==3424==    by 0x82FCF33: ZEND_DO_FCALL_SPEC_CONST_HANDLER 
(zend_vm_execute.h:2219)
==3424==    by 0x82F5127: execute (zend_vm_execute.h:410)
==3424==    by 0x82BB8EE: zend_execute_scripts (zend.c:1272)
==3424==  Address 0x4abc3f8 is 0 bytes after a block of size 584 alloc'd
==3424==    at 0x46A193E: apc_sma_malloc_ex (apc_sma.c:467)
==3424==    by 0x46A1C52: apc_sma_malloc (apc_sma.c:517)
==3424==    by 0x46A4A7D: apc_realpool_create (apc_pool.c:435)
==3424==    by 0x46A453F: apc_pool_create (apc_pool.c:57)
==3424==    by 0x46A9BD4: apc_bin_load (apc_bin.c:852)
==3424==    by 0x46958E7: zif_apc_bin_load (php_apc.c:1482)
==3424==    by 0x82F668F: zend_do_fcall_common_helper_SPEC 
(zend_vm_execute.h:642)
==3424==    by 0x82FCF33: ZEND_DO_FCALL_SPEC_CONST_HANDLER 
(zend_vm_execute.h:2219)
==3424==    by 0x82F5127: execute (zend_vm_execute.h:410)
==3424==    by 0x82BB8EE: zend_execute_scripts (zend.c:1272)
==3424==    by 0x82315BA: php_execute_script (main.c:2473)
==3424==    by 0x83DFEBD: do_cli (php_cli.c:983)

==3424== 
==3424== Invalid write of size 4
==3424==    at 0x46A120A: sma_allocate (apc_sma.c:266)
==3424==    by 0x46A17C4: apc_sma_malloc_ex (apc_sma.c:453)
==3424==    by 0x46A1C52: apc_sma_malloc (apc_sma.c:517)
==3424==    by 0x46A4A7D: apc_realpool_create (apc_pool.c:435)
==3424==    by 0x46A453F: apc_pool_create (apc_pool.c:57)
==3424==    by 0x4692B0E: _apc_store (php_apc.c:589)
==3424==    by 0x46AA208: apc_bin_load (apc_bin.c:958)
==3424==    by 0x46958E7: zif_apc_bin_load (php_apc.c:1482)
==3424==    by 0x82F668F: zend_do_fcall_common_helper_SPEC 
(zend_vm_execute.h:642)
==3424==    by 0x82FCF33: ZEND_DO_FCALL_SPEC_CONST_HANDLER 
(zend_vm_execute.h:2219)
==3424==    by 0x82F5127: execute (zend_vm_execute.h:410)
==3424==    by 0x82BB8EE: zend_execute_scripts (zend.c:1272)
==3424==  Address 0x4abc408 is not stack'd, malloc'd or (recently) free'd
==3424==
 [2012-03-12 21:23 UTC] ab@php.net
the latter three tests was listed in the leaked list with php 5.3 and APC 3.1.9
 [2012-03-12 21:45 UTC] ab@php.net
The summary just changed, this ticket should be used for tests/apc_009.phpt only.
 [2012-03-12 21:45 UTC] ab@php.net
-Summary: memory leaks after fixes in #61219 and #61238 +Summary: uninitialized value in tests/apc_009.phpt
 [2012-03-13 17:54 UTC] ab@php.net
The following patch has been added/updated:

Patch Name: 61352.1.patch
Revision:   1331661287
URL:        https://bugs.php.net/patch-display.php?bug=61352&patch=61352.1.patch&revision=1331661287
 [2012-03-13 17:56 UTC] ab@php.net
The patch 61352.1.patch fixes memory leaks in the tests/apc_009.phpt
 [2012-03-18 13:19 UTC] pajoye@php.net
Automatic comment from SVN on behalf of pajoye
Revision: http://svn.php.net/viewvc/?view=revision&revision=324326
Log: - fix bug #61352, fix invalid read
 [2012-03-18 13:20 UTC] pajoye@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.


 [2012-03-18 13:20 UTC] pajoye@php.net
-Status: Assigned +Status: Closed
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Wed Feb 19 17:01:32 2020 UTC