[php-maint] Bug#481737: Bug#481737: PHP 5.2.6 with suhosin 0.9.6.2 causes bus errors
Stefan Esser
sesser at hardened-php.net
Sun Jun 29 14:58:16 UTC 2008
Hi,
sorry for the late response...
I see that meanwhile a backtrace was posted. And like I thought it is
exactly the problem I thought it is:
It crashes in the following macro
*+# define SUHOSIN_MM_END_CANARY_PTR(block) \
+ (size_t*)(((char*)(ZEND_MM_DATA_OF(block))) +
((zend_mm_block*)(block))->info.size + END_MAGIC_SIZE)
+
+# define SUHOSIN_MM_SET_END_CANARY(block) do { \
+ size_t *p = SUHOSIN_MM_END_CANARY_PTR(block); \
+ memcpy(p, &heap->canary_3, CANARY_SIZE); \
+ } while (0)
+
*After digging through the internet I realized that maybe using a size_t
pointer is what causes the problem. I read it that something like a
size_t pointer MUST be aligned when assigned, otherwise undefined stuff
might occur. Could you please try to change size_t * in both macros to
char *? If we are lucky this means the memcpy is no longer optimized away.
Stefan Esser
More information about the pkg-php-maint
mailing list