Skip to content

EG(strtod_state).freelist leaks with opcache.preload #16577

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
bwoebi opened this issue Oct 24, 2024 · 4 comments
Closed

EG(strtod_state).freelist leaks with opcache.preload #16577

bwoebi opened this issue Oct 24, 2024 · 4 comments
Assignees
@nielsdos
Labels
Bug Extension: opcache Status: Verified

Comments

@bwoebi
Copy link
Member

bwoebi commented Oct 24, 2024
edited
Loading

Description

The following code (in a file preload.php):

<?php
var_dump(1.5);

Resulted in this output:

$ php -d zend_extension=opcache.so -d opcache.enable_cli=1 -d opcache.preload=$(pwd)/preload.php -r ''
float(1.5)

=================================================================
==34672==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 44 byte(s) in 1 object(s) allocated from:
    #0 0xffff94f4b8c0 in malloc (/usr/lib/llvm-17/lib/clang/17/lib/linux/libclang_rt.asan-aarch64.so+0x10a8c0) (BuildId: 5edc5baee74137099dd7cbd6e2b27e95530fd7e2)
    #1 0xaaaad35a2c20 in Balloc /usr/local/src/php/Zend/zend_strtod.c:591:18
    #2 0xaaaad35a48d0 in lshift /usr/local/src/php/Zend/zend_strtod.c:1026:7
    #3 0xaaaad35aa5c0 in zend_dtoa /usr/local/src/php/Zend/zend_strtod.c:4203:7
    #4 0xaaaad35ad224 in zend_gcvt /usr/local/src/php/Zend/zend_strtod.c:4516:11
    #5 0xaaaad2c9c754 in xbuf_format_converter /usr/local/src/php/main/spprintf.c:654:10
    #6 0xaaaad2c96054 in php_printf_to_smart_string /usr/local/src/php/main/spprintf.c:778:2
    #7 0xaaaad35ca1fc in zend_vspprintf /usr/local/src/php/Zend/zend.c:293:2
    #8 0xaaaad2c23790 in php_printf_unchecked /usr/local/src/php/main/main.c:964:9
    #9 0xaaaad28140d8 in php_var_dump /usr/local/src/php/ext/standard/var.c:132:4
    #10 0xaaaad2816a48 in zif_var_dump /usr/local/src/php/ext/standard/var.c:245:3
    #11 0xaaaad3277030 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /usr/local/src/php/Zend/zend_vm_execute.h:1287:2
    #12 0xaaaad30ace60 in execute_ex /usr/local/src/php/Zend/zend_vm_execute.h:58554:7
    #13 0xaaaad30adde8 in zend_execute /usr/local/src/php/Zend/zend_vm_execute.h:64206:2
    #14 0xffff8df97a30 in accel_preload /usr/local/src/php/ext/opcache/ZendAccelerator.c:4392:4
    #15 0xffff8df95308 in accel_finish_startup_preload /usr/local/src/php/ext/opcache/ZendAccelerator.c:4658:7
    #16 0xffff8df88674 in accel_finish_startup /usr/local/src/php/ext/opcache/ZendAccelerator.c:4803:10
    #17 0xffff8df82924 in accel_post_startup /usr/local/src/php/ext/opcache/ZendAccelerator.c:3355:6
    #18 0xaaaad35d0860 in zend_post_startup /usr/local/src/php/Zend/zend.c:1103:7
    #19 0xaaaad2c2ca5c in php_module_startup /usr/local/src/php/main/main.c:2323:6
    #20 0xaaaad35e7924 in php_cli_startup /usr/local/src/php/sapi/cli/php_cli.c:397:9
    #21 0xaaaad35e1bc4 in main /usr/local/src/php/sapi/cli/php_cli.c:1277:6
    #22 0xffff91fdcda0 in __libc_start_main /build/reproducible-path/glibc-2.28/csu/../csu/libc-start.c:308:16

// multiple further leaks at a very similar location

PHP Version

PHP 8.4RC3

Operating System

No response
@nielsdos
Copy link
Member

I can reproduce this only on ZTS.

@nielsdos
Copy link
Member

This happens because on ZTS we execute executor_globals_ctor which reset the freelist and p5s pointers, while on NTS we don't. I think this can be solved by calling zend_shutdown_strtod when the preload is done.

@nielsdos nielsdos self-assigned this Oct 25, 2024
nielsdos added a commit to nielsdos/php-src that referenced this issue Oct 25, 2024
@nielsdos
Fix phpGH-16577: EG(strtod_state).freelist leaks with opcache.preload
4248bfd 
This happens because on ZTS we execute `executor_globals_ctor` which reset the
`freelist` and `p5s` pointers, while on NTS we don't.
On NTS we can reuse the caches but on ZTS we can't, the easiest fix is
to call `zend_shutdown_strtod` when preloading is shut down.
This regressed in phpGH-13974 and therefore only exists in PHP 8.4 and
higher.
@nielsdos nielsdos linked a pull request Oct 25, 2024 that will close this issue
Fix GH-16577: EG(strtod_state).freelist leaks with opcache.preload #16602
Closed
@bwoebi
Copy link
Member Author

bwoebi commented Oct 25, 2024

Sorry for not mentioning that it's a ZTS build, though I was aware that it's ZTS specific. Thanks :-)

@nielsdos
Copy link
Member

No worries 🙂

nielsdos added a commit that referenced this issue Oct 28, 2024
@nielsdos
Merge branch 'PHP-8.4'
91270aa 
* PHP-8.4:
  Fix GH-16594: Assertion failure in DOM -> before
  Fix GH-16572: Incorrect result with reflection in low-trigger JIT
  Fix GH-16577: EG(strtod_state).freelist leaks with opcache.preload
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nielsdos nielsdos

Labels
Bug Extension: opcache Status: Verified
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix GH-16577: EG(strtod_state).freelist leaks with opcache.preload nielsdos/php-src
2 participants
@bwoebi @nielsdos