Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

Bug#464186: random heap corruption in php5

33 views

Skip to first unread message

Yuri D'Elia

unread,

Feb 5, 2008, 12:30:19 PM2/5/08

Package: php5-cgi
Version: 5.2.5-2
Severity: important

After switching to 5.2.5.x, suhosin reveals several heap corruption
cases:

Feb 4 07:46:55 e suhosin[2951]: ALERT - linked list corrupt on efree
() - heap corruption detected (attacker 'x.x.x.x', file 'xxxfile.php')
Feb 4 07:47:22 e suhosin[11754]: ALERT - linked list corrupt on efree
() - heap corruption detected (attacker 'x.x.x.x', file 'xxxfile.php')
Feb 4 07:47:53 e suhosin[3178]: ALERT - linked list corrupt on efree
() - heap corruption detected (attacker 'x.x.x.x', file 'xxxfile.php')
Feb 4 07:47:59 e suhosin[3199]: ALERT - canary mismatch on efree() -
heap overflow detected (attacker 'x.x.x.x', file 'xxxfile.php')
Feb 4 14:21:33 e suhosin[3204]: ALERT - canary mismatch on efree() -
heap overflow detected (attacker 'x.x.x.x', file 'xxxfile.php')
Feb 4 15:11:56 e suhosin[10601]: ALERT - canary mismatch on efree()
- heap overflow detected (attacker 'x.x.x.x', file 'xxxfile.php')
Feb 4 15:12:17 e suhosin[10385]: ALERT - canary mismatch on efree()
- heap overflow detected (attacker 'x.x.x.x', file 'xxxfile.php')
Feb 4 15:25:40 e suhosin[11580]: ALERT - canary mismatch on efree()
- heap overflow detected (attacker 'x.x.x.x', file 'xxxfile.php')
Feb 4 15:25:52 e suhosin[11667]: ALERT - canary mismatch on efree()
- heap overflow detected (attacker 'x.x.x.x', file 'xxxfile.php')
Feb 4 21:10:40 e suhosin[18365]: ALERT - linked list corrupt on efree
() - heap corruption detected (attacker 'x.x.x.x', file 'xxxfile.php')

These are not attacks (this is a local test machine), but important
bugs in php5.
I'm using php5-cgi via fcgid and php5-sqlite only. Both are built
from the same php sources, so this is not an external module bug.
I'm having an hard time reproducing the crashes though, since these
are classic heap corruption problems occurring after several hours of
usage.
php5 has always been very crashy compared to php4, but suhosin raised
the bar significantly. I can hardly suggest to run it on production
boxes.
Running the php test-suite under valgrind may help.

--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org

0 new messages