Couchbase-3.2.2 on Debian 11(docker) - php-default-server die with error std::bad_alloc/std::length_error

OG · January 21, 2022, 4:44pm

The error is only reproduced on debian11(php8.1) for debian10(php8.0) everything works

dockerfile on which the experiment was conducted (installation via Install and Start Using the C SDK with Couchbase Server | Couchbase Docs)

FROM php:8.1.1-fpm

RUN apt update && apt install -y curl gnupg

RUN curl -O https://packages.couchbase.com/clients/c/repos/deb/couchbase.key
RUN apt-key add couchbase.key

RUN echo 'deb https://packages.couchbase.com/clients/c/repos/deb/debian11 bullseye bullseye/main' > /etc/apt/sources.list.d/couchbase.list

RUN apt update && apt install -y libcouchbase3 libcouchbase-dev libcouchbase3-tools libcouchbase-dbg libcouchbase3-libev libcouchbase3-libevent

RUN pecl install https://packages.couchbase.com/clients/php/couchbase-3.2.2.tgz && docker-php-ext-enable couchbase

<?php

use Couchbase\Cluster;
use Couchbase\ClusterOptions;
use Couchbase\QueryOptions;

$clusterOptions = new ClusterOptions();
$clusterOptions->credentials('login', 'password');
$cluster = new Cluster('couchbase://couchbase', $clusterOptions);
$bucket = $cluster->bucket('testing');

$queryOptions = new QueryOptions();
$bucket->defaultScope()->query("UPDATE `testing` SET isOk = 'hello' WHERE meta().id ='test'", $queryOptions);

php -S 0.0.0.0:8080 -t ./&
curl 0.0.0.0:8080

Server dies with error:

terminate called after throwing an instance of 'std::bad_alloc'
  what():  std::bad_alloc

or

terminate called after throwing an instance of 'std::length_error'
  what():  basic_string::_M_create

But if with the same configuration, in the php-script, replace the line
$queryOptions = new QueryOptions();
with line
$queryOptions = null;

the request fulfills without errors and the server does not crash

did the same experiment for debian10(php8.0) attach dockerfile

FROM php:8.0.3-fpm

RUN apt update && apt install -y curl gnupg

RUN curl -O https://packages.couchbase.com/clients/c/repos/deb/couchbase.key
RUN apt-key add couchbase.key

RUN echo 'deb https://packages.couchbase.com/clients/c/repos/deb/debian10 buster buster/main' > /etc/apt/sources.list.d/couchbase.list

RUN apt update && apt install -y libcouchbase3 libcouchbase-dev libcouchbase3-tools libcouchbase-dbg libcouchbase3-libev libcouchbase3-libevent

RUN pecl install https://packages.couchbase.com/clients/php/couchbase-3.2.2.tgz && docker-php-ext-enable couchbase

the same php-script with $queryOptions = new QueryOptions();

the same

php -S 0.0.0.0:8080 -t ./&
curl 0.0.0.0:8080

the request fulfills without errors and the server does not crash

docker for all case on 5.10.76-linuxkit

OG · January 22, 2022, 11:08am

by viewing the execution through the profiler valgrind (not attach the dockerfile, but it is almost the same as in the previous message)


root@8df391074b9b:/var/www/html# valgrind php index.php
==676== Memcheck, a memory error detector
==676== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==676== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info
==676== Command: php public/index.php
==676==
==676== Conditional jump or move depends on uninitialised value(s)
==676==    at 0xB44BAD5: do_query (n1ql.c:548)
==676==    by 0xB44C543: zim_Scope_query (n1ql.c:764)
==676==    by 0x7996934: xdebug_execute_internal (base.c:897)
==676==    by 0x44EBBB: execute_ex (in /usr/bin/php8.1)
==676==    by 0x7996099: xdebug_execute_ex (base.c:779)
==676==    by 0x44FC0B: zend_execute (in /usr/bin/php8.1)
==676==    by 0x3E2794: zend_execute_scripts (in /usr/bin/php8.1)
==676==    by 0x37F24E: php_execute_script (in /usr/bin/php8.1)
==676==    by 0x4C80CE: ??? (in /usr/bin/php8.1)
==676==    by 0x2262DA: ??? (in /usr/bin/php8.1)
==676==    by 0x525E09A: (below main) (libc-start.c:308)
==676==
==676== Use of uninitialised value of size 8
==676==    at 0xB44BAD7: do_query (n1ql.c:549)
==676==    by 0xB44C543: zim_Scope_query (n1ql.c:764)
==676==    by 0x7996934: xdebug_execute_internal (base.c:897)
==676==    by 0x44EBBB: execute_ex (in /usr/bin/php8.1)
==676==    by 0x7996099: xdebug_execute_ex (base.c:779)
==676==    by 0x44FC0B: zend_execute (in /usr/bin/php8.1)
==676==    by 0x3E2794: zend_execute_scripts (in /usr/bin/php8.1)
==676==    by 0x37F24E: php_execute_script (in /usr/bin/php8.1)
==676==    by 0x4C80CE: ??? (in /usr/bin/php8.1)
==676==    by 0x2262DA: ??? (in /usr/bin/php8.1)
==676==    by 0x525E09A: (below main) (libc-start.c:308)
==676==
==676== Conditional jump or move depends on uninitialised value(s)
==676==    at 0xB58B2E3: lcb_cmdquery_scope_name (cmd_query.cc:86)
==676==    by 0xB44BAE8: do_query (n1ql.c:549)
==676==    by 0xB44C543: zim_Scope_query (n1ql.c:764)
==676==    by 0x7996934: xdebug_execute_internal (base.c:897)
==676==    by 0x44EBBB: execute_ex (in /usr/bin/php8.1)
==676==    by 0x7996099: xdebug_execute_ex (base.c:779)
==676==    by 0x44FC0B: zend_execute (in /usr/bin/php8.1)
==676==    by 0x3E2794: zend_execute_scripts (in /usr/bin/php8.1)
==676==    by 0x37F24E: php_execute_script (in /usr/bin/php8.1)
==676==    by 0x4C80CE: ??? (in /usr/bin/php8.1)
==676==    by 0x2262DA: ??? (in /usr/bin/php8.1)
==676==    by 0x525E09A: (below main) (libc-start.c:308)
==676==
==676== Conditional jump or move depends on uninitialised value(s)
==676==    at 0xB4FCCC1: void std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_construct<char const*>(char const*, char const*, std::forward_iterator_tag) (basic_string.tcc:211)
==676==    by 0xB58B313: _M_construct_aux<char const*> (basic_string.h:236)
==676==    by 0xB58B313: _M_construct<char const*> (basic_string.h:255)
==676==    by 0xB58B313: basic_string (basic_string.h:502)
==676==    by 0xB58B313: lcb_cmdquery_scope_name (cmd_query.cc:89)
==676==    by 0xB44BAE8: do_query (n1ql.c:549)
==676==    by 0xB44C543: zim_Scope_query (n1ql.c:764)
==676==    by 0x7996934: xdebug_execute_internal (base.c:897)
==676==    by 0x44EBBB: execute_ex (in /usr/bin/php8.1)
==676==    by 0x7996099: xdebug_execute_ex (base.c:779)
==676==    by 0x44FC0B: zend_execute (in /usr/bin/php8.1)
==676==    by 0x3E2794: zend_execute_scripts (in /usr/bin/php8.1)
==676==    by 0x37F24E: php_execute_script (in /usr/bin/php8.1)
==676==    by 0x4C80CE: ??? (in /usr/bin/php8.1)
==676==    by 0x2262DA: ??? (in /usr/bin/php8.1)
==676==
==676== Conditional jump or move depends on uninitialised value(s)
==676==    at 0xB4FCCC6: void std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_construct<char const*>(char const*, char const*, std::forward_iterator_tag) (basic_string.tcc:211)
==676==    by 0xB58B313: _M_construct_aux<char const*> (basic_string.h:236)
==676==    by 0xB58B313: _M_construct<char const*> (basic_string.h:255)
==676==    by 0xB58B313: basic_string (basic_string.h:502)
==676==    by 0xB58B313: lcb_cmdquery_scope_name (cmd_query.cc:89)
==676==    by 0xB44BAE8: do_query (n1ql.c:549)
==676==    by 0xB44C543: zim_Scope_query (n1ql.c:764)
==676==    by 0x7996934: xdebug_execute_internal (base.c:897)
==676==    by 0x44EBBB: execute_ex (in /usr/bin/php8.1)
==676==    by 0x7996099: xdebug_execute_ex (base.c:779)
==676==    by 0x44FC0B: zend_execute (in /usr/bin/php8.1)
==676==    by 0x3E2794: zend_execute_scripts (in /usr/bin/php8.1)
==676==    by 0x37F24E: php_execute_script (in /usr/bin/php8.1)
==676==    by 0x4C80CE: ??? (in /usr/bin/php8.1)
==676==    by 0x2262DA: ??? (in /usr/bin/php8.1)
==676==
==676== Conditional jump or move depends on uninitialised value(s)
==676==    at 0xB4FCCD7: void std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_construct<char const*>(char const*, char const*, std::forward_iterator_tag) (basic_string.tcc:217)
==676==    by 0xB58B313: _M_construct_aux<char const*> (basic_string.h:236)
==676==    by 0xB58B313: _M_construct<char const*> (basic_string.h:255)
==676==    by 0xB58B313: basic_string (basic_string.h:502)
==676==    by 0xB58B313: lcb_cmdquery_scope_name (cmd_query.cc:89)
==676==    by 0xB44BAE8: do_query (n1ql.c:549)
==676==    by 0xB44C543: zim_Scope_query (n1ql.c:764)
==676==    by 0x7996934: xdebug_execute_internal (base.c:897)
==676==    by 0x44EBBB: execute_ex (in /usr/bin/php8.1)
==676==    by 0x7996099: xdebug_execute_ex (base.c:779)
==676==    by 0x44FC0B: zend_execute (in /usr/bin/php8.1)
==676==    by 0x3E2794: zend_execute_scripts (in /usr/bin/php8.1)
==676==    by 0x37F24E: php_execute_script (in /usr/bin/php8.1)
==676==    by 0x4C80CE: ??? (in /usr/bin/php8.1)
==676==    by 0x2262DA: ??? (in /usr/bin/php8.1)
==676==
==676== Conditional jump or move depends on uninitialised value(s)
==676==    at 0x73FDAD6: std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_create(unsigned long&, unsigned long) (in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.25)
==676==    by 0xB4FCD1E: void std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_construct<char const*>(char const*, char const*, std::forward_iterator_tag) (basic_string.tcc:219)
==676==    by 0xB58B313: _M_construct_aux<char const*> (basic_string.h:236)
==676==    by 0xB58B313: _M_construct<char const*> (basic_string.h:255)
==676==    by 0xB58B313: basic_string (basic_string.h:502)
==676==    by 0xB58B313: lcb_cmdquery_scope_name (cmd_query.cc:89)
==676==    by 0xB44BAE8: do_query (n1ql.c:549)
==676==    by 0xB44C543: zim_Scope_query (n1ql.c:764)
==676==    by 0x7996934: xdebug_execute_internal (base.c:897)
==676==    by 0x44EBBB: execute_ex (in /usr/bin/php8.1)
==676==    by 0x7996099: xdebug_execute_ex (base.c:779)
==676==    by 0x44FC0B: zend_execute (in /usr/bin/php8.1)
==676==    by 0x3E2794: zend_execute_scripts (in /usr/bin/php8.1)
==676==    by 0x37F24E: php_execute_script (in /usr/bin/php8.1)
==676==    by 0x4C80CE: ??? (in /usr/bin/php8.1)
==676==
==676== Conditional jump or move depends on uninitialised value(s)
==676==    at 0x73FDADB: std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_create(unsigned long&, unsigned long) (in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.25)
==676==    by 0xB4FCD1E: void std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_construct<char const*>(char const*, char const*, std::forward_iterator_tag) (basic_string.tcc:219)
==676==    by 0xB58B313: _M_construct_aux<char const*> (basic_string.h:236)
==676==    by 0xB58B313: _M_construct<char const*> (basic_string.h:255)
==676==    by 0xB58B313: basic_string (basic_string.h:502)
==676==    by 0xB58B313: lcb_cmdquery_scope_name (cmd_query.cc:89)
==676==    by 0xB44BAE8: do_query (n1ql.c:549)
==676==    by 0xB44C543: zim_Scope_query (n1ql.c:764)
==676==    by 0x7996934: xdebug_execute_internal (base.c:897)
==676==    by 0x44EBBB: execute_ex (in /usr/bin/php8.1)
==676==    by 0x7996099: xdebug_execute_ex (base.c:779)
==676==    by 0x44FC0B: zend_execute (in /usr/bin/php8.1)
==676==    by 0x3E2794: zend_execute_scripts (in /usr/bin/php8.1)
==676==    by 0x37F24E: php_execute_script (in /usr/bin/php8.1)
==676==    by 0x4C80CE: ??? (in /usr/bin/php8.1)
==676==
==676== Conditional jump or move depends on uninitialised value(s)
==676==    at 0x73FDAE3: std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_create(unsigned long&, unsigned long) (in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.25)
==676==    by 0xB4FCD1E: void std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_construct<char const*>(char const*, char const*, std::forward_iterator_tag) (basic_string.tcc:219)
==676==    by 0xB58B313: _M_construct_aux<char const*> (basic_string.h:236)
==676==    by 0xB58B313: _M_construct<char const*> (basic_string.h:255)
==676==    by 0xB58B313: basic_string (basic_string.h:502)
==676==    by 0xB58B313: lcb_cmdquery_scope_name (cmd_query.cc:89)
==676==    by 0xB44BAE8: do_query (n1ql.c:549)
==676==    by 0xB44C543: zim_Scope_query (n1ql.c:764)
==676==    by 0x7996934: xdebug_execute_internal (base.c:897)
==676==    by 0x44EBBB: execute_ex (in /usr/bin/php8.1)
==676==    by 0x7996099: xdebug_execute_ex (base.c:779)
==676==    by 0x44FC0B: zend_execute (in /usr/bin/php8.1)
==676==    by 0x3E2794: zend_execute_scripts (in /usr/bin/php8.1)
==676==    by 0x37F24E: php_execute_script (in /usr/bin/php8.1)
==676==    by 0x4C80CE: ??? (in /usr/bin/php8.1)
==676==
==676== Conditional jump or move depends on uninitialised value(s)
==676==    at 0x4835D9C: operator new(unsigned long) (vg_replace_malloc.c:334)
==676==    by 0xB4FCD1E: void std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_construct<char const*>(char const*, char const*, std::forward_iterator_tag) (basic_string.tcc:219)
==676==    by 0xB58B313: _M_construct_aux<char const*> (basic_string.h:236)
==676==    by 0xB58B313: _M_construct<char const*> (basic_string.h:255)
==676==    by 0xB58B313: basic_string (basic_string.h:502)
==676==    by 0xB58B313: lcb_cmdquery_scope_name (cmd_query.cc:89)
==676==    by 0xB44BAE8: do_query (n1ql.c:549)
==676==    by 0xB44C543: zim_Scope_query (n1ql.c:764)
==676==    by 0x7996934: xdebug_execute_internal (base.c:897)
==676==    by 0x44EBBB: execute_ex (in /usr/bin/php8.1)
==676==    by 0x7996099: xdebug_execute_ex (base.c:779)
==676==    by 0x44FC0B: zend_execute (in /usr/bin/php8.1)
==676==    by 0x3E2794: zend_execute_scripts (in /usr/bin/php8.1)
==676==    by 0x37F24E: php_execute_script (in /usr/bin/php8.1)
==676==    by 0x4C80CE: ??? (in /usr/bin/php8.1)
==676==
**676** new/new[] failed and should throw an exception, but Valgrind
**676**    cannot throw exceptions and so is aborting instead.  Sorry.
==676==    at 0x48353AC: VALGRIND_PRINTF_BACKTRACE (valgrind.h:6306)
==676==    by 0x4835E65: operator new(unsigned long) (vg_replace_malloc.c:334)
==676==    by 0xB4FCD1E: void std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_construct<char const*>(char const*, char const*, std::forward_iterator_tag) (basic_string.tcc:219)
==676==    by 0xB58B313: _M_construct_aux<char const*> (basic_string.h:236)
==676==    by 0xB58B313: _M_construct<char const*> (basic_string.h:255)
==676==    by 0xB58B313: basic_string (basic_string.h:502)
==676==    by 0xB58B313: lcb_cmdquery_scope_name (cmd_query.cc:89)
==676==    by 0xB44BAE8: do_query (n1ql.c:549)
==676==    by 0xB44C543: zim_Scope_query (n1ql.c:764)
==676==    by 0x7996934: xdebug_execute_internal (base.c:897)
==676==    by 0x44EBBB: execute_ex (in /usr/bin/php8.1)
==676==    by 0x7996099: xdebug_execute_ex (base.c:779)
==676==    by 0x44FC0B: zend_execute (in /usr/bin/php8.1)
==676==    by 0x3E2794: zend_execute_scripts (in /usr/bin/php8.1)
==676==    by 0x37F24E: php_execute_script (in /usr/bin/php8.1)
==676==
==676== HEAP SUMMARY:
==676==     in use at exit: 4,368,918 bytes in 36,940 blocks
==676==   total heap usage: 47,187 allocs, 10,247 frees, 6,895,848 bytes allocated
==676==
==676== LEAK SUMMARY:
==676==    definitely lost: 37,016 bytes in 1,151 blocks
==676==    indirectly lost: 40 bytes in 1 blocks
==676==      possibly lost: 3,128,824 bytes in 24,043 blocks
==676==    still reachable: 1,203,038 bytes in 11,745 blocks
==676==         suppressed: 0 bytes in 0 blocks
==676== Rerun with --leak-check=full to see details of leaked memory
==676==
==676== For counts of detected and suppressed errors, rerun with: -v
==676== Use --track-origins=yes to see where uninitialised values come from
==676== ERROR SUMMARY: 10 errors from 10 contexts (suppressed: 0 from 0)

the problem was found in lcb_cmdquery_scope_name 89 - in libcouchbase
and do_query 548 - in php-couchbase

now that in the script code instead of

$bucket->defaultScope()->query

i write

$bucket->scope('')->query

script runs without error

but $bucket->defaultScope()->query dies with an error

by the end removed the condition lines at php-couchbase/n1ql.c at master · couchbase/php-couchbase · GitHub

rebuilt and the error is not reproduced for $bucket->defaultScope()->query

@avsej could you help fix it?