[php-maint] Bug#481737: Bug#481737: PHP 5.2.6 with suhosin causes bus errors

Stefan Esser sesser at hardened-php.net
Sun Jun 29 14:58:16 UTC 2008


sorry for the late response...

I see that meanwhile a backtrace was posted. And like I thought it is 
exactly the problem I thought it is:

It crashes in the following macro
*+# define SUHOSIN_MM_END_CANARY_PTR(block) \
+    (size_t*)(((char*)(ZEND_MM_DATA_OF(block))) + 
((zend_mm_block*)(block))->info.size + END_MAGIC_SIZE)
+# define SUHOSIN_MM_SET_END_CANARY(block) do { \
+        size_t *p = SUHOSIN_MM_END_CANARY_PTR(block); \
+        memcpy(p, &heap->canary_3, CANARY_SIZE); \
+    } while (0)

*After digging through the internet I realized that maybe using a size_t 
pointer is what causes the problem. I read it that something like a 
size_t pointer MUST be aligned when assigned, otherwise undefined stuff 
might occur.  Could you please try to change size_t * in both macros to 
char *? If we are lucky this means the memcpy is no longer optimized away.

Stefan Esser

More information about the pkg-php-maint mailing list