www/php5 in -stable segfaults in infinite loop (suhosin issue?)

[Martin Pelikan]

Hello list,
I'm trying to set up cacti (www.cacti.net) on an OpenBSD 4.8 (both
-release and -stable) server. After I properly configure the mysql
connection, the PHP (5.2.13) module keeps segfaulting after infinite
loop executing this (#8 to #6) thousands of times:

(gdb) run -DSSL -X
Breakpoint 2, 0x0000000210e0cfc4 in execute () from
/usr/local/lib/php/libphp5.so
(gdb) where
#0  0x0000000210e0cfc4 in execute () from /usr/local/lib/php/libphp5.so
#1  0x0000000210d906cc in suhosin_execute_ex () from
/usr/local/lib/php/libphp5.so
#2  0x0000000210e11479 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER ()
from /usr/local/lib/php/libphp5.so
#3  0x0000000210e0d143 in execute () from /usr/local/lib/php/libphp5.so
#4  0x0000000210d906cc in suhosin_execute_ex () from
/usr/local/lib/php/libphp5.so
#5  0x0000000210e11479 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER ()
from /usr/local/lib/php/libphp5.so
#6  0x0000000210e0d143 in execute () from /usr/local/lib/php/libphp5.so
#7  0x0000000210d906cc in suhosin_execute_ex () from
/usr/local/lib/php/libphp5.so
#8  0x0000000210dec163 in zend_execute_scripts () from
/usr/local/lib/php/libphp5.so
#9  0x0000000210da870f in php_execute_script () from
/usr/local/lib/php/libphp5.so
#10 0x0000000210e76d52 in apache_php_module_main () from
/usr/local/lib/php/libphp5.so
#11 0x0000000210e77e15 in send_php () from /usr/local/lib/php/libphp5.so
#12 0x0000000210e78073 in send_parsed_php () from /usr/local/lib/php/libphp5.so
#13 0x00000000004403c8 in ap_invoke_handler ()
#14 0x00000000004516cc in ap_die ()
#15 0x0000000000434a3d in ssl_expr_yylex ()
#16 0x00000000004403c8 in ap_invoke_handler ()
#17 0x00000000004516cc in ap_die ()
#18 0x00000000004518eb in ap_process_request ()
#19 0x0000000000448c06 in ap_kill_timeout ()
#20 0x0000000000449077 in ap_kill_timeout ()
#21 0x000000000044915f in ap_kill_timeout ()
#22 0x0000000000449fc3 in ap_init_mutex_method ()
#23 0x000000000044ad1e in main ()

I'm not really a PHP hacker and the www/php5 port does not have the
"no_suhosin" flavor. Archives told me this was an issue earlier in 4.5
and toggling "suhosin.session.encrypt" as suggested doesn't work
either.
Any ideas? Thanks in advance.

-- 
Martin Pelikan