ID: 49968 Updated by: j...@php.net Reported By: ciny at synapsia dot sk -Status: Open +Status: Feedback Bug Type: mhash related Operating System: FreeBSD 7.2 amd64 PHP Version: 5.2.11 New Comment:
Proper link: http://www.pastebin.cz/43ef1b43ee1dbd And obvious question: Does it crash without that 3rd party patch? Previous Comments: ------------------------------------------------------------------------ [2009-10-23 10:24:08] ciny at synapsia dot sk <a href="http://www.pastebin.cz/43ef1b43ee1dbd"> here is the gdb output </a> ------------------------------------------------------------------------ [2009-10-23 10:15:52] j...@php.net Thank you for this bug report. To properly diagnose the problem, we need a backtrace to see what is happening behind the scenes. To find out how to generate a backtrace, please read http://bugs.php.net/bugs-generating-backtrace.php for *NIX and http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32 Once you have generated a backtrace, please submit it to this bug report and change the status back to "Open". Thank you for helping us make PHP better. ------------------------------------------------------------------------ [2009-10-23 10:11:16] ciny at synapsia dot sk Description: ------------ When I use php 5.2.11 with suhosin and mhash it generates a canary mismatch. If I try: %php -v i get: ALERT - canary mismatch on efree() - heap overflow detected (attacker 'REMOTE_ADDR not set', file 'unknown' if I try %setenv USE_ZEND_ALLOC 0 %php -v I get: PHP 5.2.11 with Suhosin-Patch 0.9.7 (cli) (built: Oct 23 2009 11:05:12) Copyright (c) 1997-2009 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies Segmentation fault (core dumped) there is no package for valgrind on freebsd amd64 so I don't know If I can post more exact trace. Reproduce code: --------------- php -v Expected result: ---------------- PHP 5.2.11 with Suhosin-Patch 0.9.7 (cli) (built: Oct 23 2009 11:05:12) Copyright (c) 1997-2009 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies Actual result: -------------- ALERT - canary mismatch on efree() - heap overflow detected (attacker 'REMOTE_ADDR not set', file 'unknown') ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=49968&edit=1