|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75599 Thread Sanitizer error due to setlocale() usage in timelib
Submitted: 2017-11-30 14:14 UTC Modified: 2019-09-18 08:58 UTC
From: rperper at litespeedtech dot com Assigned: nikic (profile)
Status: Closed Package: PCRE related
PHP Version: 7.2.0 OS: OpenSuSE
Private report: No CVE-ID: None
 [2017-11-30 14:14 UTC] rperper at litespeedtech dot com
I am a developer at LiteSpeed Technologies and am working on a thread-capable version of the PHP module to be included in the Open-LiteSpeed web server.  During load testing, we got a thread-sanitizer message in parse_tz.c line 389 (see backtrace below) in a call to setlocale.  setlocale is not a thread-safe function and this is expected, though not desired, behavior.  We noted setlocale in a number of different locations throughout the code and recommend its removal.

Test script:
Not reproducible in a script.

Actual result:
WARNING: ThreadSanitizer: data race (pid=52259)
  Write of size 8 at 0x7d040000d700 by thread T1 (mutexes: write M504):
    #0 setlocale /home/abuild/rpmbuild/BUILD/llvm-3.8.0.src/stage2/../projects/compiler-rt/lib/tsan/../sanitizer_common/ (openlitespeed+0x000000524600)
    #1 seek_to_tz_position /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/ext/date/lib/parse_tz.c:389 (
    #2 timelib_timezone_id_is_valid /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/ext/date/lib/parse_tz.c:436 (
    #3 zif_date_default_timezone_set /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/ext/date/php_date.c:4835 (
    #4 ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/Zend/zend_vm_execute.h:573 (
    #5 execute_ex /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/Zend/zend_vm_execute.h:59726 (
    #6 zend_execute /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/Zend/zend_vm_execute.h:63763 (
    #7 zend_execute_scripts /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/Zend/zend.c:1496 (
    #8 php_execute_script /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/main/main.c:2592 (
    #9 lsiapi_execute_script /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/sapi/mod_lsphp/mod_lsphp.c:1400 (
    #10 lsiapi_module_main /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/sapi/mod_lsphp/mod_lsphp.c:1509 (
    #11 process_req /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/sapi/mod_lsphp/mod_lsphp.c:1536 (
    #12 mod_lsphp_begin_process /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/sapi/mod_lsphp/mod_lsphp.c:1667 (
    #13 MtHandlerProcess(ls_lfnodei_s*) /home/user/proj/openlitespeed/src/lsiapi/modulehandler.cpp:46 (openlitespeed+0x00000088ced5)
    #14 WorkCrew::workerRoutine(CrewWorker*) /home/user/proj/openlitespeed/src/thread/workcrew.cpp:448 (openlitespeed+0x000000944a11)
    #15 CrewWorker::thr_main(void*) /home/user/proj/openlitespeed/src/thread/crewworker.cpp:36 (openlitespeed+0x00000094531e)
    #16 Thread::start_routine(void*) /home/user/proj/openlitespeed/src/thread/thread.cpp:43 (openlitespeed+0x000000942657)


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2017-12-06 11:18 UTC]
Thanks for the report. While timelib is a part of PHP, it's maintained in a separate repository . The bundled timelib should not be patched, i would ask you to please file an issue to the upstream repository on GitHub. In PHP we could mitigate it by locking the corresponding function call, which is in this case not an optimal solution but would have to be done if no other solution is found. In general, there are several other places with setlocale() in the core that might need to be checked for the same pattern.

 [2017-12-06 13:27 UTC] rperper at litespeedtech dot com
Thanks for the response.  I've opened issue #30 in the repository issue thread and referred to this submission.
 [2017-12-07 07:32 UTC]
@rperper, after some research, it seems that migrating to newlocale/uselocale might make sense. Even dependency libraries aside, for the core where setlocale is currently used it's actually doable.

 [2019-09-18 08:58 UTC]
-Summary: Thread Sanitizer error. +Summary: Thread Sanitizer error due to setlocale() usage in timelib -Status: Open +Status: Closed -Assigned To: +Assigned To: nikic
 [2019-09-18 08:58 UTC]
Not sure when, but this got fixed at some point and timelib no longer uses setlocale(). IIRC it switched to a manual strcasecmp implementation.
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Wed Jul 28 07:01:23 2021 UTC