Hi,
About this bug #44872, I run my small sample script (posted on the bug
reporting page) through valgrind and got the attached output. I'm not
sure whether this shows that there's a leak in the mssql extension or if
this is normal. Valgrind said that 853 bytes where definitely lost, does
this mean that there is a memory leak? Hopefully someone who is better
to analyze valgrinds output than me can tell the answer... Here's the
full output from valgrind:
==3285== Memcheck, a memory error detector.
==3285== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==3285== Using LibVEX rev 1854, a library for dynamic binary translation.
==3285== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==3285== Using valgrind-3.3.1, a dynamic binary instrumentation framework.
==3285== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==3285== For more details, rerun with: -v
==3285==
==3285== My PID = 3285, parent PID = 2824. Prog and args are:
==3285== php
==3285== TestMsSQL.php
==3285==
==3285== Conditional jump or move depends on uninitialised value(s)
==3285== at 0x400B4E0: _dl_relocate_object (in /lib/ld-2.5.so)
==3285== by 0x4004027: dl_main (in /lib/ld-2.5.so)
==3285== by 0x4014A05: _dl_sysdep_start (in /lib/ld-2.5.so)
==3285== by 0x4000C2F: _dl_start (in /lib/ld-2.5.so)
==3285== by 0x4000816: (within /lib/ld-2.5.so)
==3285==
==3285== Conditional jump or move depends on uninitialised value(s)
==3285== at 0x400B1C2: _dl_relocate_object (in /lib/ld-2.5.so)
==3285== by 0x4004027: dl_main (in /lib/ld-2.5.so)
==3285== by 0x4014A05: _dl_sysdep_start (in /lib/ld-2.5.so)
==3285== by 0x4000C2F: _dl_start (in /lib/ld-2.5.so)
==3285== by 0x4000816: (within /lib/ld-2.5.so)
==3285==
==3285== Conditional jump or move depends on uninitialised value(s)
==3285== at 0x400B971: _dl_relocate_object (in /lib/ld-2.5.so)
==3285== by 0x4004027: dl_main (in /lib/ld-2.5.so)
==3285== by 0x4014A05: _dl_sysdep_start (in /lib/ld-2.5.so)
==3285== by 0x4000C2F: _dl_start (in /lib/ld-2.5.so)
==3285== by 0x4000816: (within /lib/ld-2.5.so)
==3285==
==3285== Conditional jump or move depends on uninitialised value(s)
==3285== at 0x400B079: _dl_relocate_object (in /lib/ld-2.5.so)
==3285== by 0x400413D: dl_main (in /lib/ld-2.5.so)
==3285== by 0x4014A05: _dl_sysdep_start (in /lib/ld-2.5.so)
==3285== by 0x4000C2F: _dl_start (in /lib/ld-2.5.so)
==3285== by 0x4000816: (within /lib/ld-2.5.so)
==3285==
==3285== Conditional jump or move depends on uninitialised value(s)
==3285== at 0x400B081: _dl_relocate_object (in /lib/ld-2.5.so)
==3285== by 0x400413D: dl_main (in /lib/ld-2.5.so)
==3285== by 0x4014A05: _dl_sysdep_start (in /lib/ld-2.5.so)
==3285== by 0x4000C2F: _dl_start (in /lib/ld-2.5.so)
==3285== by 0x4000816: (within /lib/ld-2.5.so)
==3285==
==3285== Conditional jump or move depends on uninitialised value(s)
==3285== at 0x400B1C2: _dl_relocate_object (in /lib/ld-2.5.so)
==3285== by 0x400413D: dl_main (in /lib/ld-2.5.so)
==3285== by 0x4014A05: _dl_sysdep_start (in /lib/ld-2.5.so)
==3285== by 0x4000C2F: _dl_start (in /lib/ld-2.5.so)
==3285== by 0x4000816: (within /lib/ld-2.5.so)
==3285==
==3285== Conditional jump or move depends on uninitialised value(s)
==3285== at 0x400B4E0: _dl_relocate_object (in /lib/ld-2.5.so)
==3285== by 0x401251F: dl_open_worker (in /lib/ld-2.5.so)
==3285== by 0x400E3B1: _dl_catch_error (in /lib/ld-2.5.so)
==3285== by 0x4011E48: _dl_open (in /lib/ld-2.5.so)
==3285== by 0x4250C2C: dlopen_doit (in /lib/libdl-2.5.so)
==3285== by 0x400E3B1: _dl_catch_error (in /lib/ld-2.5.so)
==3285== by 0x42512AB: _dlerror_run (in /lib/libdl-2.5.so)
==3285== by 0x4250B60: dlopen@@GLIBC_2.1 (in /lib/libdl-2.5.so)
==3285== by 0x8137D22: php_dl (in /usr/bin/php)
==3285== by 0x81AA0C2: (within /usr/bin/php)
==3285== by 0x81E0007: zend_llist_apply (in /usr/bin/php)
==3285== by 0x81AA066: php_ini_register_extensions (in /usr/bin/php)
==3285==
==3285== Conditional jump or move depends on uninitialised value(s)
==3285== at 0x400B1C2: _dl_relocate_object (in /lib/ld-2.5.so)
==3285== by 0x401251F: dl_open_worker (in /lib/ld-2.5.so)
==3285== by 0x400E3B1: _dl_catch_error (in /lib/ld-2.5.so)
==3285== by 0x4011E48: _dl_open (in /lib/ld-2.5.so)
==3285== by 0x4250C2C: dlopen_doit (in /lib/libdl-2.5.so)
==3285== by 0x400E3B1: _dl_catch_error (in /lib/ld-2.5.so)
==3285== by 0x42512AB: _dlerror_run (in /lib/libdl-2.5.so)
==3285== by 0x4250B60: dlopen@@GLIBC_2.1 (in /lib/libdl-2.5.so)
==3285== by 0x8137D22: php_dl (in /usr/bin/php)
==3285== by 0x81AA0C2: (within /usr/bin/php)
==3285== by 0x81E0007: zend_llist_apply (in /usr/bin/php)
==3285== by 0x81AA066: php_ini_register_extensions (in /usr/bin/php)
==3285==
==3285== Invalid read of size 1
==3285== at 0x5261F7B: (within /usr/lib/libnetsnmp.so.15.1.1)
==3285== by 0x52622DA: read_config_files (in
/usr/lib/libnetsnmp.so.15.1.1)
==3285== by 0x52631D5: read_premib_configs (in
/usr/lib/libnetsnmp.so.15.1.1)
==3285== by 0x5252236: init_snmp (in /usr/lib/libnetsnmp.so.15.1.1)
==3285== by 0x506AD53: zm_startup_snmp (in
/usr/lib/php/extensions/snmp.so)
==3285== by 0x81EF927: zend_startup_module_ex (in /usr/bin/php)
==3285== by 0x81F4A3C: zend_hash_apply (in /usr/bin/php)
==3285== by 0x81EE0CC: zend_startup_modules (in /usr/bin/php)
==3285== by 0x81A4343: php_module_startup (in /usr/bin/php)
==3285== by 0x826F228: (within /usr/bin/php)
==3285== by 0x826FA06: main (in /usr/bin/php)
==3285== Address 0x45c0a01 is 0 bytes after a block of size 57 alloc'd
==3285== at 0x40227C9: malloc (in
/usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==3285== by 0x42C2F8F: strdup (in /lib/libc-2.5.so)
==3285== by 0x5261F68: (within /usr/lib/libnetsnmp.so.15.1.1)
==3285== by 0x52622DA: read_config_files (in
/usr/lib/libnetsnmp.so.15.1.1)
==3285== by 0x52631D5: read_premib_configs (in
/usr/lib/libnetsnmp.so.15.1.1)
==3285== by 0x5252236: init_snmp (in /usr/lib/libnetsnmp.so.15.1.1)
==3285== by 0x506AD53: zm_startup_snmp (in
/usr/lib/php/extensions/snmp.so)
==3285== by 0x81EF927: zend_startup_module_ex (in /usr/bin/php)
==3285== by 0x81F4A3C: zend_hash_apply (in /usr/bin/php)
==3285== by 0x81EE0CC: zend_startup_modules (in /usr/bin/php)
==3285== by 0x81A4343: php_module_startup (in /usr/bin/php)
==3285== by 0x826F228: (within /usr/bin/php)
==3285==
==3285== Invalid read of size 1
==3285== at 0x5261F7B: (within /usr/lib/libnetsnmp.so.15.1.1)
==3285== by 0x52622DA: read_config_files (in
/usr/lib/libnetsnmp.so.15.1.1)
==3285== by 0x526329F: read_configs (in /usr/lib/libnetsnmp.so.15.1.1)
==3285== by 0x5252244: init_snmp (in /usr/lib/libnetsnmp.so.15.1.1)
==3285== by 0x506AD53: zm_startup_snmp (in
/usr/lib/php/extensions/snmp.so)
==3285== by 0x81EF927: zend_startup_module_ex (in /usr/bin/php)
==3285== by 0x81F4A3C: zend_hash_apply (in /usr/bin/php)
==3285== by 0x81EE0CC: zend_startup_modules (in /usr/bin/php)
==3285== by 0x81A4343: php_module_startup (in /usr/bin/php)
==3285== by 0x826F228: (within /usr/bin/php)
==3285== by 0x826FA06: main (in /usr/bin/php)
==3285== Address 0x4794c01 is 0 bytes after a block of size 57 alloc'd
==3285== at 0x40227C9: malloc (in
/usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==3285== by 0x42C2F8F: strdup (in /lib/libc-2.5.so)
==3285== by 0x5261F68: (within /usr/lib/libnetsnmp.so.15.1.1)
==3285== by 0x52622DA: read_config_files (in
/usr/lib/libnetsnmp.so.15.1.1)
==3285== by 0x526329F: read_configs (in /usr/lib/libnetsnmp.so.15.1.1)
==3285== by 0x5252244: init_snmp (in /usr/lib/libnetsnmp.so.15.1.1)
==3285== by 0x506AD53: zm_startup_snmp (in
/usr/lib/php/extensions/snmp.so)
==3285== by 0x81EF927: zend_startup_module_ex (in /usr/bin/php)
==3285== by 0x81F4A3C: zend_hash_apply (in /usr/bin/php)
==3285== by 0x81EE0CC: zend_startup_modules (in /usr/bin/php)
==3285== by 0x81A4343: php_module_startup (in /usr/bin/php)
==3285== by 0x826F228: (within /usr/bin/php)
==3285==
==3285== ERROR SUMMARY: 159 errors from 10 contexts (suppressed: 0 from 0)
==3285== malloc/free: in use at exit: 3,174 bytes in 23 blocks.
==3285== malloc/free: 44,130 allocs, 44,107 frees, 3,189,161 bytes
allocated.
==3285== For counts of detected errors, rerun with: -v
==3285== searching for pointers to 23 not-freed blocks.
==3285== checked 541,584 bytes.
==3285==
==3285==
==3285== 9 bytes in 1 blocks are definitely lost in loss record 1 of 9
==3285== at 0x40227C9: malloc (in
/usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==3285== by 0x5251E3B: ???
==3285== by 0x525222C: ???
==3285== by 0x506AD53: ???
==3285== by 0x81EF927: zend_startup_module_ex (in /usr/bin/php)
==3285== by 0x81F4A3C: zend_hash_apply (in /usr/bin/php)
==3285== by 0x81EE0CC: zend_startup_modules (in /usr/bin/php)
==3285== by 0x81A4343: php_module_startup (in /usr/bin/php)
==3285== by 0x826F228: (within /usr/bin/php)
==3285== by 0x826FA06: main (in /usr/bin/php)
==3285==
==3285==
==3285== 37 bytes in 2 blocks are still reachable in loss record 2 of 9
==3285== at 0x40227C9: malloc (in
/usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==3285== by 0x400AC7E: _dl_new_object (in /lib/ld-2.5.so)
==3285== by 0x4006067: _dl_map_object_from_fd (in /lib/ld-2.5.so)
==3285== by 0x40085A4: _dl_map_object (in /lib/ld-2.5.so)
==3285== by 0x400C706: openaux (in /lib/ld-2.5.so)
==3285== by 0x400E3B1: _dl_catch_error (in /lib/ld-2.5.so)
==3285== by 0x400CCD9: _dl_map_object_deps (in /lib/ld-2.5.so)
==3285== by 0x401244E: dl_open_worker (in /lib/ld-2.5.so)
==3285== by 0x400E3B1: _dl_catch_error (in /lib/ld-2.5.so)
==3285== by 0x4011E48: _dl_open (in /lib/ld-2.5.so)
==3285== by 0x4250C2C: dlopen_doit (in /lib/libdl-2.5.so)
==3285== by 0x400E3B1: _dl_catch_error (in /lib/ld-2.5.so)
==3285==
==3285==
==3285== 37 bytes in 2 blocks are still reachable in loss record 3 of 9
==3285== at 0x40227C9: malloc (in
/usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==3285== by 0x4008BA6: _dl_map_object (in /lib/ld-2.5.so)
==3285== by 0x400C706: openaux (in /lib/ld-2.5.so)
==3285== by 0x400E3B1: _dl_catch_error (in /lib/ld-2.5.so)
==3285== by 0x400CCD9: _dl_map_object_deps (in /lib/ld-2.5.so)
==3285== by 0x401244E: dl_open_worker (in /lib/ld-2.5.so)
==3285== by 0x400E3B1: _dl_catch_error (in /lib/ld-2.5.so)
==3285== by 0x4011E48: _dl_open (in /lib/ld-2.5.so)
==3285== by 0x4250C2C: dlopen_doit (in /lib/libdl-2.5.so)
==3285== by 0x400E3B1: _dl_catch_error (in /lib/ld-2.5.so)
==3285== by 0x42512AB: _dlerror_run (in /lib/libdl-2.5.so)
==3285== by 0x4250B60: dlopen@@GLIBC_2.1 (in /lib/libdl-2.5.so)
==3285==
==3285==
==3285== 64 bytes in 2 blocks are still reachable in loss record 4 of 9
==3285== at 0x40227C9: malloc (in
/usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==3285== by 0x400CD51: _dl_map_object_deps (in /lib/ld-2.5.so)
==3285== by 0x401244E: dl_open_worker (in /lib/ld-2.5.so)
==3285== by 0x400E3B1: _dl_catch_error (in /lib/ld-2.5.so)
==3285== by 0x4011E48: _dl_open (in /lib/ld-2.5.so)
==3285== by 0x4250C2C: dlopen_doit (in /lib/libdl-2.5.so)
==3285== by 0x400E3B1: _dl_catch_error (in /lib/ld-2.5.so)
==3285== by 0x42512AB: _dlerror_run (in /lib/libdl-2.5.so)
==3285== by 0x4250B60: dlopen@@GLIBC_2.1 (in /lib/libdl-2.5.so)
==3285== by 0x8137D22: php_dl (in /usr/bin/php)
==3285== by 0x81AA0C2: (within /usr/bin/php)
==3285== by 0x81E0007: zend_llist_apply (in /usr/bin/php)
==3285==
==3285==
==3285== 332 bytes in 1 blocks are still reachable in loss record 5 of 9
==3285== at 0x402289D: realloc (in
/usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==3285== by 0x4012224: add_to_global (in /lib/ld-2.5.so)
==3285== by 0x401260C: dl_open_worker (in /lib/ld-2.5.so)
==3285== by 0x400E3B1: _dl_catch_error (in /lib/ld-2.5.so)
==3285== by 0x4011E48: _dl_open (in /lib/ld-2.5.so)
==3285== by 0x4250C2C: dlopen_doit (in /lib/libdl-2.5.so)
==3285== by 0x400E3B1: _dl_catch_error (in /lib/ld-2.5.so)
==3285== by 0x42512AB: _dlerror_run (in /lib/libdl-2.5.so)
==3285== by 0x4250B60: dlopen@@GLIBC_2.1 (in /lib/libdl-2.5.so)
==3285== by 0x8137D22: php_dl (in /usr/bin/php)
==3285== by 0x81AA0C2: (within /usr/bin/php)
==3285== by 0x81E0007: zend_llist_apply (in /usr/bin/php)
==3285==
==3285==
==3285== 624 bytes in 2 blocks are still reachable in loss record 6 of 9
==3285== at 0x40218F9: calloc (in
/usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==3285== by 0x400FD81: _dl_check_map_versions (in /lib/ld-2.5.so)
==3285== by 0x40126D4: dl_open_worker (in /lib/ld-2.5.so)
==3285== by 0x400E3B1: _dl_catch_error (in /lib/ld-2.5.so)
==3285== by 0x4011E48: _dl_open (in /lib/ld-2.5.so)
==3285== by 0x4250C2C: dlopen_doit (in /lib/libdl-2.5.so)
==3285== by 0x400E3B1: _dl_catch_error (in /lib/ld-2.5.so)
==3285== by 0x42512AB: _dlerror_run (in /lib/libdl-2.5.so)
==3285== by 0x4250B60: dlopen@@GLIBC_2.1 (in /lib/libdl-2.5.so)
==3285== by 0x8137D22: php_dl (in /usr/bin/php)
==3285== by 0x81AA0C2: (within /usr/bin/php)
==3285== by 0x81E0007: zend_llist_apply (in /usr/bin/php)
==3285==
==3285==
==3285== 844 (236 direct, 608 indirect) bytes in 4 blocks are definitely
lost in loss record 7 of 9
==3285== at 0x40227C9: malloc (in
/usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==3285== by 0x48B0BBB: ???
==3285==
==3285==
==3285== 608 bytes in 7 blocks are indirectly lost in loss record 8 of 9
==3285== at 0x40227C9: malloc (in
/usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==3285== by 0x48B0BBB: ???
==3285==
==3285==
==3285== 1,227 bytes in 2 blocks are still reachable in loss record 9 of 9
==3285== at 0x40218F9: calloc (in
/usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==3285== by 0x400A9E9: _dl_new_object (in /lib/ld-2.5.so)
==3285== by 0x4006067: _dl_map_object_from_fd (in /lib/ld-2.5.so)
==3285== by 0x40085A4: _dl_map_object (in /lib/ld-2.5.so)
==3285== by 0x400C706: openaux (in /lib/ld-2.5.so)
==3285== by 0x400E3B1: _dl_catch_error (in /lib/ld-2.5.so)
==3285== by 0x400CCD9: _dl_map_object_deps (in /lib/ld-2.5.so)
==3285== by 0x401244E: dl_open_worker (in /lib/ld-2.5.so)
==3285== by 0x400E3B1: _dl_catch_error (in /lib/ld-2.5.so)
==3285== by 0x4011E48: _dl_open (in /lib/ld-2.5.so)
==3285== by 0x4250C2C: dlopen_doit (in /lib/libdl-2.5.so)
==3285== by 0x400E3B1: _dl_catch_error (in /lib/ld-2.5.so)
==3285==
==3285== LEAK SUMMARY:
==3285== definitely lost: 245 bytes in 5 blocks.
==3285== indirectly lost: 608 bytes in 7 blocks.
==3285== possibly lost: 0 bytes in 0 blocks.
==3285== still reachable: 2,321 bytes in 11 blocks.
==3285== suppressed: 0 bytes in 0 blocks.
/Krister Karlström
Krister Karlström wrote:
Hi!
I re-run the small simple script that I posted on the bug tracking page.
This time I used a Slackware server with PHP 5.2.5 (no Suhosin or other
patches), compiled from source. php -v gives:
PHP 5.2.5 (cli) (built: Mar 28 2008 12:02:55)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
This is the summary of the run:
==3182== ERROR SUMMARY: 159 errors from 10 contexts (suppressed: 0 from 0)
==3182== malloc/free: in use at exit: 3,174 bytes in 23 blocks.
==3182== malloc/free: 44,130 allocs, 44,107 frees, 3,189,161 bytes
allocated.
==3182== For counts of detected errors, rerun with: -v
==3182== searching for pointers to 23 not-freed blocks.
==3182== checked 541,584 bytes.
==3182==
==3182== LEAK SUMMARY:
==3182== definitely lost: 853 bytes in 12 blocks.
==3182== possibly lost: 0 bytes in 0 blocks.
==3182== still reachable: 2,321 bytes in 11 blocks.
==3182== suppressed: 0 bytes in 0 blocks.
==3182== Rerun with --leak-check=full to see details of leaked memory.
I need some help with analyzing the full output, so if it's OK for you
Ilia I will mail you the full output from valgrind.
/Krister Karlström
Ilia Alshanetsky wrote:
The error messages comes from Suhosin, which is why a basic PHP
environment does not exhibit this problem. What I can ask you to try
is to run the affected code on a basic PHP environment through
valgrind and see if it reports any errors. If it does not, there is a
chance it maybe a false positive on the part of Suhosin. If it does
report a problem however, then mssql extension has a bug and valgrind
output should be good enough to identify the where & the why.
On 10-Oct-08, at 7:18 AM, Krister Karlström wrote:
Hi,
This bug #44872 puzzles me, I experienced it today running testcases
with PHPUnit on command line, thus invoking PHP CLI. I'm working on a
Ubuntu Hardy 8.0.4 server, using PHP 5.2.4-2ubuntu5.3 with
Suhosin-Patch 0.9.6.2 (cli).
The operation mssql_free_result() is terminated by Suhosin with the
following message:
ALERT - canary mismatch on efree() - heap overflow detected (attacker
'REMOTE_ADDR not set', file 'TestMsSQL.php', line 16)
The bug report for this matter has status "No feedback". The bug was
reported on 30 Apr 5:19pm UTC, and status was changed to "no
feedback" on 10 May 1:00am UTC. However, after that some comments
confirming this bug have been posted, including myself today.
Does anyone know where's the _source_ of this problem? Is it in the
source code of PHP or in the Suhosin patch? I have not encountered
this problem in a "pure" Slackware environment where the Suhosin
patch is not used, so it seems like a Suhosin issue. It might as well
be a bug in PHP that Suhosin catches...
Maybe someone should re-open this ticket?
http://bugs.php.net/bug.php?id=44872
Greetings,
Krister Karlström, Helsinki, Finland
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Ilia Alshanetsky
--
* Ing. Krister Karlström, Zend Certified Engineer *
* Systemutvecklare, IT-Centralen *
* Arcada - Nylands Svenska Yrkeshögskola *
* Jan-Magnus Janssons plats 1, 00550 Helsingfors, Finland *
* Tel: +358(20)7699699 GSM: +358(50)5328390 *
* E-mail: [EMAIL PROTECTED] *
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php