php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #75599 Thread Sanitizer error due to setlocale() usage in timelib
Submitted: 2017-11-30 14:14 UTC Modified: 2019-09-18 08:58 UTC
From: rperper at litespeedtech dot com Assigned: nikic (profile)
Status: Closed Package: PCRE related
PHP Version: 7.2.0 OS: OpenSuSE
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: rperper at litespeedtech dot com
New email:
PHP Version: OS:

 

 [2017-11-30 14:14 UTC] rperper at litespeedtech dot com 
Description:
------------
I am a developer at LiteSpeed Technologies and am working on a thread-capable version of the PHP module to be included in the Open-LiteSpeed web server.  During load testing, we got a thread-sanitizer message in parse_tz.c line 389 (see backtrace below) in a call to setlocale.  setlocale is not a thread-safe function and this is expected, though not desired, behavior.  We noted setlocale in a number of different locations throughout the code and recommend its removal.

Test script:
---------------
Not reproducible in a script.

Actual result:
--------------
WARNING: ThreadSanitizer: data race (pid=52259)
  Write of size 8 at 0x7d040000d700 by thread T1 (mutexes: write M504):
    #0 setlocale /home/abuild/rpmbuild/BUILD/llvm-3.8.0.src/stage2/../projects/compiler-rt/lib/tsan/../sanitizer_common/sanitizer_common_interceptors.inc:2523 (openlitespeed+0x000000524600)
    #1 seek_to_tz_position /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/ext/date/lib/parse_tz.c:389 (mod_lsphp72.so+0x0000002243cc)
    #2 timelib_timezone_id_is_valid /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/ext/date/lib/parse_tz.c:436 (mod_lsphp72.so+0x00000022430c)
    #3 zif_date_default_timezone_set /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/ext/date/php_date.c:4835 (mod_lsphp72.so+0x0000001777df)
    #4 ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/Zend/zend_vm_execute.h:573 (mod_lsphp72.so+0x0000014a67c8)
    #5 execute_ex /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/Zend/zend_vm_execute.h:59726 (mod_lsphp72.so+0x0000013c3345)
    #6 zend_execute /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/Zend/zend_vm_execute.h:63763 (mod_lsphp72.so+0x0000013c3c60)
    #7 zend_execute_scripts /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/Zend/zend.c:1496 (mod_lsphp72.so+0x0000012d2adc)
    #8 php_execute_script /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/main/main.c:2592 (mod_lsphp72.so+0x0000010d17a9)
    #9 lsiapi_execute_script /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/sapi/mod_lsphp/mod_lsphp.c:1400 (mod_lsphp72.so+0x00000158ad02)
    #10 lsiapi_module_main /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/sapi/mod_lsphp/mod_lsphp.c:1509 (mod_lsphp72.so+0x000001586718)
    #11 process_req /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/sapi/mod_lsphp/mod_lsphp.c:1536 (mod_lsphp72.so+0x0000015847c5)
    #12 mod_lsphp_begin_process /home/user/proj/openlitespeed/src/modules/mod_lsphp/php-7.2/sapi/mod_lsphp/mod_lsphp.c:1667 (mod_lsphp72.so+0x00000157f3a0)
    #13 MtHandlerProcess(ls_lfnodei_s*) /home/user/proj/openlitespeed/src/lsiapi/modulehandler.cpp:46 (openlitespeed+0x00000088ced5)
    #14 WorkCrew::workerRoutine(CrewWorker*) /home/user/proj/openlitespeed/src/thread/workcrew.cpp:448 (openlitespeed+0x000000944a11)
    #15 CrewWorker::thr_main(void*) /home/user/proj/openlitespeed/src/thread/crewworker.cpp:36 (openlitespeed+0x00000094531e)
    #16 Thread::start_routine(void*) /home/user/proj/openlitespeed/src/thread/thread.cpp:43 (openlitespeed+0x000000942657)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-12-06 11:18 UTC] ab@php.net 
Thanks for the report. While timelib is a part of PHP, it's maintained in a separate repository https://github.com/derickr/timelib . The bundled timelib should not be patched, i would ask you to please file an issue to the upstream repository on GitHub. In PHP we could mitigate it by locking the corresponding function call, which is in this case not an optimal solution but would have to be done if no other solution is found. In general, there are several other places with setlocale() in the core that might need to be checked for the same pattern.

Thanks.
 [2017-12-06 13:27 UTC] rperper at litespeedtech dot com 
Thanks for the response.  I've opened issue #30 in the repository issue thread and referred to this submission.
 [2017-12-07 07:32 UTC] ab@php.net 
@rperper, after some research, it seems that migrating to newlocale/uselocale might make sense. Even dependency libraries aside, for the core where setlocale is currently used it's actually doable.

Thanks.
 [2019-09-18 08:58 UTC] nikic@php.net
-Summary: Thread Sanitizer error. +Summary: Thread Sanitizer error due to setlocale() usage in timelib -Status: Open +Status: Closed -Assigned To: +Assigned To: nikic
 [2019-09-18 08:58 UTC] nikic@php.net 
Not sure when, but this got fixed at some point and timelib no longer uses setlocale(). IIRC it switched to a manual strcasecmp implementation.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Apr 18 09:01:27 2024 UTC