Skip to content

Clear client_ip on request_init#3496

Merged
cataphract merged 1 commit intomasterfrom
glopes/stale-client-ip
Nov 24, 2025
Merged

Clear client_ip on request_init#3496
cataphract merged 1 commit intomasterfrom
glopes/stale-client-ip

Conversation

@cataphract
Copy link
Copy Markdown
Contributor

@cataphract cataphract commented Nov 24, 2025

Description

Telemetry showed a crash when serializing the client ip. The data looks corrupted:

  - RSI = 0x7ff82c5ff0f8 (source pointer - 2nd parameter to memcpy)
  - RDX = 0x3078 = 12408 (size parameter - 3rd parameter to memcpy)
  - CR2 = 0x7ff82c6000f8 (fault address; read)

1.13.1:

0x7ff82a411e95 _iovec_writer_flush (/go/src/github.com/DataDog/apm-reliability/dd-trace-php/appsec/src/extension/msgpack_helpers.c:485)
0x7ff82a408250 _request_pack (/go/src/github.com/DataDog/apm-reliability/dd-trace-php/appsec/src/extension/commands/request_init.c:132)
0x7ff82a408f7c _dd_command_exec (/go/src/github.com/DataDog/apm-reliability/dd-trace-php/appsec/src/extension/commands_helpers.c:69)
0x7ff82a4167e2 _do_request_begin (/go/src/github.com/DataDog/apm-reliability/dd-trace-php/appsec/src/extension/request_lifecycle.c:221)
0x7ff82a416af4 _do_request_begin_php (/go/src/github.com/DataDog/apm-reliability/dd-trace-php/appsec/src/extension/request_lifecycle.c:130)
0x7ff82a416af4 dd_req_lifecycle_rinit (/go/src/github.com/DataDog/apm-reliability/dd-trace-php/appsec/src/extension/request_lifecycle.c:121)
0x7ff82a40cfc3 zm_activate_ddappsec (/go/src/github.com/DataDog/apm-reliability/dd-trace-php/appsec/src/extension/ddappsec.c:284)
0x7ff82fc7b570 zend_activate_modules
0x7ff82fc0f483 php_request_startup

Reviewer checklist

  • Test coverage seems ok.
  • Appropriate labels assigned.

@cataphract cataphract requested a review from a team as a code owner November 24, 2025 14:31
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Nov 24, 2025

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 61.79%. Comparing base (4485a51) to head (b512139).
⚠️ Report is 3 commits behind head on master.

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #3496      +/-   ##
==========================================
- Coverage   61.88%   61.79%   -0.10%     
==========================================
  Files         142      142              
  Lines       12904    12909       +5     
  Branches     1689     1690       +1     
==========================================
- Hits         7986     7977       -9     
- Misses       4159     4172      +13     
- Partials      759      760       +1
Files with missing lines Coverage Δ
appsec/src/extension/request_lifecycle.c 63.61% <100.00%> (+0.24%) ⬆️

... and 3 files with indirect coverage changes

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4485a51...b512139. Read the comment docs.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@pr-commenter
Copy link
Copy Markdown

pr-commenter Bot commented Nov 24, 2025

Benchmarks [ appsec ]

Benchmark execution time: 2025-11-24 15:04:47

Comparing candidate commit b512139 in PR branch glopes/stale-client-ip with baseline commit 4485a51 in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

estringana
estringana reviewed Nov 24, 2025
View reviewed changes
Comment thread appsec/src/extension/request_lifecycle.c
}

if (_client_ip) {
mlog(dd_log_warning, "Client IP not cleared on prev request. Value %p",
Copy link
Copy Markdown
Contributor

@estringana estringana Nov 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this be a debug instead?

Copy link
Copy Markdown
Contributor Author

@cataphract cataphract Nov 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

for this to get here, sth strange that made request_shutdown not being executed must have happened. If this were common, we'd see a lot of crashes. So I think the warning is warranted.

@cataphract cataphract merged commit ddced7c into master Nov 24, 2025
1984 of 2006 checks passed
@cataphract cataphract deleted the glopes/stale-client-ip branch November 24, 2025 15:19
@github-actions github-actions Bot added this to the 1.15.0 milestone Nov 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@estringana estringana estringana approved these changes

Assignees

No one assigned

Labels

area:asm tracing

Projects

None yet

Milestone

1.15.0

Development

Successfully merging this pull request may close these issues.

3 participants

@cataphract @codecov-commenter @estringana