[php-maint] Bug#464186: random heap corruption in php5
Yuri D'Elia
wavexx at users.sf.net
Tue Feb 5 17:14:10 UTC 2008
Package: php5-cgi
Version: 5.2.5-2
Severity: important
After switching to 5.2.5.x, suhosin reveals several heap corruption
cases:
Feb 4 07:46:55 e suhosin[2951]: ALERT - linked list corrupt on efree
() - heap corruption detected (attacker 'x.x.x.x', file 'xxxfile.php')
Feb 4 07:47:22 e suhosin[11754]: ALERT - linked list corrupt on efree
() - heap corruption detected (attacker 'x.x.x.x', file 'xxxfile.php')
Feb 4 07:47:53 e suhosin[3178]: ALERT - linked list corrupt on efree
() - heap corruption detected (attacker 'x.x.x.x', file 'xxxfile.php')
Feb 4 07:47:59 e suhosin[3199]: ALERT - canary mismatch on efree() -
heap overflow detected (attacker 'x.x.x.x', file 'xxxfile.php')
Feb 4 14:21:33 e suhosin[3204]: ALERT - canary mismatch on efree() -
heap overflow detected (attacker 'x.x.x.x', file 'xxxfile.php')
Feb 4 15:11:56 e suhosin[10601]: ALERT - canary mismatch on efree()
- heap overflow detected (attacker 'x.x.x.x', file 'xxxfile.php')
Feb 4 15:12:17 e suhosin[10385]: ALERT - canary mismatch on efree()
- heap overflow detected (attacker 'x.x.x.x', file 'xxxfile.php')
Feb 4 15:25:40 e suhosin[11580]: ALERT - canary mismatch on efree()
- heap overflow detected (attacker 'x.x.x.x', file 'xxxfile.php')
Feb 4 15:25:52 e suhosin[11667]: ALERT - canary mismatch on efree()
- heap overflow detected (attacker 'x.x.x.x', file 'xxxfile.php')
Feb 4 21:10:40 e suhosin[18365]: ALERT - linked list corrupt on efree
() - heap corruption detected (attacker 'x.x.x.x', file 'xxxfile.php')
These are not attacks (this is a local test machine), but important
bugs in php5.
I'm using php5-cgi via fcgid and php5-sqlite only. Both are built
from the same php sources, so this is not an external module bug.
I'm having an hard time reproducing the crashes though, since these
are classic heap corruption problems occurring after several hours of
usage.
php5 has always been very crashy compared to php4, but suhosin raised
the bar significantly. I can hardly suggest to run it on production
boxes.
Running the php test-suite under valgrind may help.
More information about the pkg-php-maint
mailing list