Debian Bug report logs - #464186
random heap corruption in php5

version graph

Package: php5-cgi; Maintainer for php5-cgi is (unknown);

Reported by: Yuri D'Elia <wavexx@users.sf.net>

Date: Tue, 5 Feb 2008 17:18:17 UTC

Severity: normal

Tags: moreinfo

Found in version php5/5.2.5-2

Done: Ondřej Surý <ondrej@sury.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#464186; Package php5-cgi. (full text, mbox, link).

Acknowledgement sent to Yuri D'Elia <wavexx@users.sf.net>:
New Bug report received and forwarded. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Yuri D'Elia <wavexx@users.sf.net>
To: submit@bugs.debian.org
Subject: random heap corruption in php5
Date: Tue, 5 Feb 2008 18:14:10 +0100
Package: php5-cgi
Version: 5.2.5-2
Severity: important

After switching to 5.2.5.x, suhosin reveals several heap corruption  
cases:

Feb  4 07:46:55 e suhosin[2951]: ALERT - linked list corrupt on efree 
() - heap corruption detected (attacker 'x.x.x.x', file 'xxxfile.php')
Feb  4 07:47:22 e suhosin[11754]: ALERT - linked list corrupt on efree 
() - heap corruption detected (attacker 'x.x.x.x', file 'xxxfile.php')
Feb  4 07:47:53 e suhosin[3178]: ALERT - linked list corrupt on efree 
() - heap corruption detected (attacker 'x.x.x.x', file 'xxxfile.php')
Feb  4 07:47:59 e suhosin[3199]: ALERT - canary mismatch on efree() -  
heap overflow detected (attacker 'x.x.x.x', file 'xxxfile.php')
Feb  4 14:21:33 e suhosin[3204]: ALERT - canary mismatch on efree() -  
heap overflow detected (attacker 'x.x.x.x', file 'xxxfile.php')
Feb  4 15:11:56 e suhosin[10601]: ALERT - canary mismatch on efree()  
- heap overflow detected (attacker 'x.x.x.x', file 'xxxfile.php')
Feb  4 15:12:17 e suhosin[10385]: ALERT - canary mismatch on efree()  
- heap overflow detected (attacker 'x.x.x.x', file 'xxxfile.php')
Feb  4 15:25:40 e suhosin[11580]: ALERT - canary mismatch on efree()  
- heap overflow detected (attacker 'x.x.x.x', file 'xxxfile.php')
Feb  4 15:25:52 e suhosin[11667]: ALERT - canary mismatch on efree()  
- heap overflow detected (attacker 'x.x.x.x', file 'xxxfile.php')
Feb  4 21:10:40 e suhosin[18365]: ALERT - linked list corrupt on efree 
() - heap corruption detected (attacker 'x.x.x.x', file 'xxxfile.php')

These are not attacks (this is a local test machine), but important  
bugs in php5.
I'm using php5-cgi via fcgid and php5-sqlite only. Both are built  
from the same php sources, so this is not an external module bug.
I'm having an hard time reproducing the crashes though, since these  
are classic heap corruption problems occurring after several hours of  
usage.
php5 has always been very crashy compared to php4, but suhosin raised  
the bar significantly. I can hardly suggest to run it on production  
boxes.
Running the php test-suite under valgrind may help.

Tags added: moreinfo Request was from Raphael Geissert <atomo64@gmail.com> to control@bugs.debian.org. (Tue, 26 Aug 2008 20:24:05 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#464186; Package php5-cgi. (Fri, 08 Jan 2010 15:33:03 GMT) (full text, mbox, link).

Acknowledgement sent to Ondřej Surý <ondrej@sury.org>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Fri, 08 Jan 2010 15:33:03 GMT) (full text, mbox, link).

Message #12 received at 464186@bugs.debian.org (full text, mbox, reply):

From: Ondřej Surý <ondrej@sury.org>
To: control@bugs.debian.org, 464186-submitter@bugs.debian.org, 464186@bugs.debian.org
Subject: #464186: random heap corruption in php5
Date: Fri, 8 Jan 2010 16:27:11 +0100
tag 464186 +moreinfo
severity 464186 normal
thank you

Hi,

your anonymized bug report is basically useless. Please retry with
php5 from stable (or testing/unstable) and if you encounter and heap
corruption attach a backtrace (with php5-dbg installed).

Thank you,
Ondrej
-- 
Ondřej Surý <ondrej@sury.org>
http://blog.rfc1925.org/

Severity set to 'normal' from 'important' Request was from Ondřej Surý <ondrej@sury.org> to control@bugs.debian.org. (Fri, 08 Jan 2010 15:33:10 GMT) (full text, mbox, link).

Message sent on to Yuri D'Elia <wavexx@users.sf.net>:
Bug#464186. (Fri, 08 Jan 2010 15:33:20 GMT) (full text, mbox, link).

Information stored :
Bug#464186; Package php5-cgi. (Fri, 08 Jan 2010 15:57:06 GMT) (full text, mbox, link).

Acknowledgement sent to Yuri D'Elia <wavexx@thregr.org>:
Extra info received and filed, but not forwarded. (Fri, 08 Jan 2010 15:57:06 GMT) (full text, mbox, link).

Message #22 received at 464186-quiet@bugs.debian.org (full text, mbox, reply):

From: Yuri D'Elia <wavexx@thregr.org>
To: Ondřej Surý <ondrej@sury.org>, 464186-quiet@bugs.debian.org
Subject: Re: Bug#464186: #464186: random heap corruption in php5
Date: Fri, 8 Jan 2010 16:54:01 +0100
On Fri, 8 Jan 2010 16:27:11 +0100
Ondřej Surý <ondrej@sury.org> wrote:

> tag 464186 +moreinfo
> severity 464186 normal
> thank you
> 
> Hi,
> 
> your anonymized bug report is basically useless. Please retry with
> php5 from stable (or testing/unstable) and if you encounter and heap
> corruption attach a backtrace (with php5-dbg installed).

I was never able to reproduce the problem systematically enough to get
a simple test case. I should have enabled core files and leave the
system running for hours doing disparate things to get a dump.

My bad, really. But I partially think that in case of heap corruption, a
backtrace triggered from suhosin is useless (and running apache under
valgrind was prohibitive at that time).

That being said, random crashes have reduced at every php5 "unstable"
release. This bug report is useless now (I could have done something
when I filed it).

Please close it, thanks.

Reply sent to Ondřej Surý <ondrej@sury.org>:
You have taken responsibility. (Fri, 08 Jan 2010 16:27:19 GMT) (full text, mbox, link).

Notification sent to Yuri D'Elia <wavexx@users.sf.net>:
Bug acknowledged by developer. (Fri, 08 Jan 2010 16:27:19 GMT) (full text, mbox, link).

Message #27 received at 464186-done@bugs.debian.org (full text, mbox, reply):

From: Ondřej Surý <ondrej@sury.org>
To: 464186-done@bugs.debian.org
Subject: Re: Bug#464186: #464186: random heap corruption in php5
Date: Fri, 8 Jan 2010 17:23:24 +0100
> Please close it, thanks.

Closing per submitter request.

Ondrej
-- 
Ondřej Surý <ondrej@sury.org>
http://blog.rfc1925.org/

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 06 Feb 2010 07:35:33 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Jul 2 03:07:30 2023; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.