[php-maint] Bug#464186: random heap corruption in php5

Yuri D'Elia wavexx at users.sf.net
Tue Feb 5 17:14:10 UTC 2008 

Package: php5-cgi
Version: 5.2.5-2
Severity: important

After switching to 5.2.5.x, suhosin reveals several heap corruption  
cases:

Feb  4 07:46:55 e suhosin[2951]: ALERT - linked list corrupt on efree 
() - heap corruption detected (attacker 'x.x.x.x', file 'xxxfile.php')
Feb  4 07:47:22 e suhosin[11754]: ALERT - linked list corrupt on efree 
() - heap corruption detected (attacker 'x.x.x.x', file 'xxxfile.php')
Feb  4 07:47:53 e suhosin[3178]: ALERT - linked list corrupt on efree 
() - heap corruption detected (attacker 'x.x.x.x', file 'xxxfile.php')
Feb  4 07:47:59 e suhosin[3199]: ALERT - canary mismatch on efree() -  
heap overflow detected (attacker 'x.x.x.x', file 'xxxfile.php')
Feb  4 14:21:33 e suhosin[3204]: ALERT - canary mismatch on efree() -  
heap overflow detected (attacker 'x.x.x.x', file 'xxxfile.php')
Feb  4 15:11:56 e suhosin[10601]: ALERT - canary mismatch on efree()  
- heap overflow detected (attacker 'x.x.x.x', file 'xxxfile.php')
Feb  4 15:12:17 e suhosin[10385]: ALERT - canary mismatch on efree()  
- heap overflow detected (attacker 'x.x.x.x', file 'xxxfile.php')
Feb  4 15:25:40 e suhosin[11580]: ALERT - canary mismatch on efree()  
- heap overflow detected (attacker 'x.x.x.x', file 'xxxfile.php')
Feb  4 15:25:52 e suhosin[11667]: ALERT - canary mismatch on efree()  
- heap overflow detected (attacker 'x.x.x.x', file 'xxxfile.php')
Feb  4 21:10:40 e suhosin[18365]: ALERT - linked list corrupt on efree 
() - heap corruption detected (attacker 'x.x.x.x', file 'xxxfile.php')

These are not attacks (this is a local test machine), but important  
bugs in php5.
I'm using php5-cgi via fcgid and php5-sqlite only. Both are built  
from the same php sources, so this is not an external module bug.
I'm having an hard time reproducing the crashes though, since these  
are classic heap corruption problems occurring after several hours of  
usage.
php5 has always been very crashy compared to php4, but suhosin raised  
the bar significantly. I can hardly suggest to run it on production  
boxes.
Running the php test-suite under valgrind may help.

More information about the pkg-php-maint mailing list