php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75599 Thread Sanitizer error.
Submitted: 2017-11-30 14:14 UTC Modified: 2017-12-07 07:32 UTC
From: rperper at litespeedtech dot com Assigned:
Status: Open Package: PCRE related
PHP Version: 7.2.0 OS: OpenSuSE
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2017-11-30 14:14 UTC] rperper at litespeedtech dot com
Description:
------------
I am a developer at LiteSpeed Technologies and am working on a thread-capable version of the PHP module to be included in the Open-LiteSpeed web server.  During load testing, we got a thread-sanitizer message in parse_tz.c line 389 (see backtrace below) in a call to setlocale.  setlocale is not a thread-safe function and this is expected, though not desired, behavior.  We noted setlocale in a number of different locations throughout the code and recommend its removal.

Test script:
---------------
Not reproducible in a script.

Actual result:
--------------
WARNING: ThreadSanitizer: data race (pid=52259)
  Write of size 8 at 0x7d040000d700 by thread T1 (mutexes: write M504):
    #0 setlocale /home/abuild/rpmbuild/BUILD/llvm-3.8.0.src/stage2/../projects/compiler-rt/lib/tsan/../sanitizer_common/sanitizer_common_interceptors.inc:2523 (openlitespeed+0x000000524600)
    #1 seek_to_tz_position /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/ext/date/lib/parse_tz.c:389 (mod_lsphp72.so+0x0000002243cc)
    #2 timelib_timezone_id_is_valid /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/ext/date/lib/parse_tz.c:436 (mod_lsphp72.so+0x00000022430c)
    #3 zif_date_default_timezone_set /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/ext/date/php_date.c:4835 (mod_lsphp72.so+0x0000001777df)
    #4 ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/Zend/zend_vm_execute.h:573 (mod_lsphp72.so+0x0000014a67c8)
    #5 execute_ex /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/Zend/zend_vm_execute.h:59726 (mod_lsphp72.so+0x0000013c3345)
    #6 zend_execute /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/Zend/zend_vm_execute.h:63763 (mod_lsphp72.so+0x0000013c3c60)
    #7 zend_execute_scripts /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/Zend/zend.c:1496 (mod_lsphp72.so+0x0000012d2adc)
    #8 php_execute_script /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/main/main.c:2592 (mod_lsphp72.so+0x0000010d17a9)
    #9 lsiapi_execute_script /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/sapi/mod_lsphp/mod_lsphp.c:1400 (mod_lsphp72.so+0x00000158ad02)
    #10 lsiapi_module_main /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/sapi/mod_lsphp/mod_lsphp.c:1509 (mod_lsphp72.so+0x000001586718)
    #11 process_req /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/sapi/mod_lsphp/mod_lsphp.c:1536 (mod_lsphp72.so+0x0000015847c5)
    #12 mod_lsphp_begin_process /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/sapi/mod_lsphp/mod_lsphp.c:1667 (mod_lsphp72.so+0x00000157f3a0)
    #13 MtHandlerProcess(ls_lfnodei_s*) /home/user/proj/openlitespeed/src/lsiapi/modulehandler.cpp:46 (openlitespeed+0x00000088ced5)
    #14 WorkCrew::workerRoutine(CrewWorker*) /home/user/proj/openlitespeed/src/thread/workcrew.cpp:448 (openlitespeed+0x000000944a11)
    #15 CrewWorker::thr_main(void*) /home/user/proj/openlitespeed/src/thread/crewworker.cpp:36 (openlitespeed+0x00000094531e)
    #16 Thread::start_routine(void*) /home/user/proj/openlitespeed/src/thread/thread.cpp:43 (openlitespeed+0x000000942657)



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-12-06 11:18 UTC] ab@php.net
Thanks for the report. While timelib is a part of PHP, it's maintained in a separate repository https://github.com/derickr/timelib . The bundled timelib should not be patched, i would ask you to please file an issue to the upstream repository on GitHub. In PHP we could mitigate it by locking the corresponding function call, which is in this case not an optimal solution but would have to be done if no other solution is found. In general, there are several other places with setlocale() in the core that might need to be checked for the same pattern.

Thanks.
 [2017-12-06 13:27 UTC] rperper at litespeedtech dot com
Thanks for the response.  I've opened issue #30 in the repository issue thread and referred to this submission.
 [2017-12-07 07:32 UTC] ab@php.net
@rperper, after some research, it seems that migrating to newlocale/uselocale might make sense. Even dependency libraries aside, for the core where setlocale is currently used it's actually doable.

Thanks.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Fri Apr 26 07:01:25 2019 UTC