ID: 44872
Comment by: werner at flyingdog dot de
Reported By: mattr at shoplet dot com
Status: No Feedback
Bug Type: MySQLi related
Operating System: FreeBSD 6.2
PHP Version: 5.2.5
New Comment:
I also can reproduce this error (Suhosin Patch installed). Very simple
test script:
<?php
$demo_user[]=(object)array("first" => 1);
$demo_user[]=(object)array("second" => 2);
$demo_user[]=(object)array("third" => 3);
echo "<pre>"; var_dump($demo_user); echo "</pre>";
?>
Error Log:
[Fri Aug 07 14:38:06 2009] [error] [client xx.xx.xx.xx] ALERT - canary
mismatch on efree() - heap overflow detected (attacker 'xx.xx.xx.xx',
file '/somedir/somedir/htdocs/f.php', line 2)
Version Info:
Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.6 with Suhosin-Patch
proxy_html/3.0.0 Server at xxxxxx Port 80
Previous Comments:
------------------------------------------------------------------------
[2009-08-06 00:18:58] robert at robert-gonzalez dot com
I am having this same issue on Ubuntu 8.10 running against Sybase 12.5.
This actually just started happening against the CLI version of PHP when
attempting to connect more than once to the database server in the same
request. Any idea when this might get fixed? Or if not, anyone have a
reliable work around?
------------------------------------------------------------------------
[2009-07-17 09:13:13] emiel dot molenaar at gmail dot com
Any news about this one? Having the same issue here on Debian:
PHP 5.2.10-2 with Suhosin-Patch 0.9.7 (cli) (built: Jul 10 2009
01:47:03)
------------------------------------------------------------------------
[2009-05-06 14:16:33] j dot vd dot broek at home dot nl
This solution I saw on another website might help fixing it in a next
build of PHP or at least show people with the same problem a way out of
it:
http://chrisblunt.com/blog/2009/05/01/php-fixing-mismatched-canaries-how-to-remove-suhosin-from-debianubuntu-packages/
------------------------------------------------------------------------
[2009-05-03 13:48:10] ewilded at gmail dot com
Same situation on PHP 5.2.9 with Suhosin-Patch 0.9.7 (cli) (built: May
2 2009 14:51:38), OS: Slackware 12, i'm connecting to Oracle DB on
remote machine using PDO, script gets killed while trying to execute
simple SELECT statement without any params (same code works fine with
MySQL).
------------------------------------------------------------------------
[2009-04-21 14:39:12] fr33z at inmail dot cz
I have the same issue with PHP Version 5.2.9-pl2-gentoo
'./configure' '--prefix=/usr/lib64/php5' '--host=x86_64-pc-linux-gnu'
'--mandir=/usr/lib64/php5/man' '--infodir=/usr/lib64/php5/info'
'--sysconfdir=/etc' '--cache-file=./config.cache' '--with-libdir=lib64'
'--with-pcre-regex=/usr' '--enable-maintainer-zts' '--disable-cli'
'--with-apxs2=/usr/sbin/apxs2'
'--with-config-file-path=/etc/php/apache2-php5'
'--with-config-file-scan-dir=/etc/php/apache2-php5/ext-active'
'--without-pear' '--disable-bcmath' '--with-bz2' '--disable-calendar'
'--with-curl' '--with-curlwrappers' '--disable-dbase' '--enable-exif'
'--without-fbsql' '--without-fdftk' '--enable-ftp' '--with-gettext'
'--without-gmp' '--disable-ipv6' '--disable-json' '--without-kerberos'
'--enable-mbstring' '--with-mcrypt' '--with-mhash' '--without-msql'
'--without-mssql' '--with-ncurses' '--with-openssl'
'--with-openssl-dir=/usr' '--disable-pcntl' '--without-pgsql'
'--without-pspell' '--without-recode' '--disable-shmop' '--without-snmp'
'--disable-soap' '--enable-sockets' '--without-sybase'
'--without-sybase-ct' '--disable-sysvmsg' '--disable-sysvsem'
'--disable-sysvshm' '--without-tidy' '--disable-wddx' '--without-xmlrpc'
'--with-xsl' '--enable-zip' '--with-zlib' '--disable-debug'
'--enable-dba' '--without-cdb' '--with-db4' '--disable-flatfile'
'--with-gdbm' '--without-qdbm' '--with-freetype-dir=/usr'
'--with-t1lib=/usr' '--disable-gd-jis-conv' '--with-jpeg-dir=/usr'
'--with-png-dir=/usr' '--without-xpm-dir' '--with-gd'
'--with-mysql=/usr' '--with-mysql-sock=/var/run/mysqld/mysqld.sock'
'--without-mysqli' '--without-pdo-dblib' '--with-pdo-mysql=/usr'
'--without-pdo-odbc' '--without-pdo-pgsql' '--without-pdo-sqlite'
'--with-readline' '--without-libedit' '--without-mm' '--without-sqlite'
'--with-pic'
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/44872
--
Edit this bug report at http://bugs.php.net/?id=44872&edit=1
