ID: 44872 Comment by: j dot vd dot broek at home dot nl Reported By: mattr at shoplet dot com Status: No Feedback Bug Type: MySQLi related Operating System: FreeBSD 6.2 PHP Version: 5.2.5 New Comment:
This solution I saw on another website might help fixing it in a next build of PHP or at least show people with the same problem a way out of it: http://chrisblunt.com/blog/2009/05/01/php-fixing-mismatched-canaries-how-to-remove-suhosin-from-debianubuntu-packages/ Previous Comments: ------------------------------------------------------------------------ [2009-05-03 13:48:10] ewilded at gmail dot com Same situation on PHP 5.2.9 with Suhosin-Patch 0.9.7 (cli) (built: May 2 2009 14:51:38), OS: Slackware 12, i'm connecting to Oracle DB on remote machine using PDO, script gets killed while trying to execute simple SELECT statement without any params (same code works fine with MySQL). ------------------------------------------------------------------------ [2009-04-21 14:39:12] fr33z at inmail dot cz I have the same issue with PHP Version 5.2.9-pl2-gentoo './configure' '--prefix=/usr/lib64/php5' '--host=x86_64-pc-linux-gnu' '--mandir=/usr/lib64/php5/man' '--infodir=/usr/lib64/php5/info' '--sysconfdir=/etc' '--cache-file=./config.cache' '--with-libdir=lib64' '--with-pcre-regex=/usr' '--enable-maintainer-zts' '--disable-cli' '--with-apxs2=/usr/sbin/apxs2' '--with-config-file-path=/etc/php/apache2-php5' '--with-config-file-scan-dir=/etc/php/apache2-php5/ext-active' '--without-pear' '--disable-bcmath' '--with-bz2' '--disable-calendar' '--with-curl' '--with-curlwrappers' '--disable-dbase' '--enable-exif' '--without-fbsql' '--without-fdftk' '--enable-ftp' '--with-gettext' '--without-gmp' '--disable-ipv6' '--disable-json' '--without-kerberos' '--enable-mbstring' '--with-mcrypt' '--with-mhash' '--without-msql' '--without-mssql' '--with-ncurses' '--with-openssl' '--with-openssl-dir=/usr' '--disable-pcntl' '--without-pgsql' '--without-pspell' '--without-recode' '--disable-shmop' '--without-snmp' '--disable-soap' '--enable-sockets' '--without-sybase' '--without-sybase-ct' '--disable-sysvmsg' '--disable-sysvsem' '--disable-sysvshm' '--without-tidy' '--disable-wddx' '--without-xmlrpc' '--with-xsl' '--enable-zip' '--with-zlib' '--disable-debug' '--enable-dba' '--without-cdb' '--with-db4' '--disable-flatfile' '--with-gdbm' '--without-qdbm' '--with-freetype-dir=/usr' '--with-t1lib=/usr' '--disable-gd-jis-conv' '--with-jpeg-dir=/usr' '--with-png-dir=/usr' '--without-xpm-dir' '--with-gd' '--with-mysql=/usr' '--with-mysql-sock=/var/run/mysqld/mysqld.sock' '--without-mysqli' '--without-pdo-dblib' '--with-pdo-mysql=/usr' '--without-pdo-odbc' '--without-pdo-pgsql' '--without-pdo-sqlite' '--with-readline' '--without-libedit' '--without-mm' '--without-sqlite' '--with-pic' ------------------------------------------------------------------------ [2009-03-22 19:38:40] mr dot jony at gmail dot com i have this same problem in a fresh install of ubuntu 8.04 lts and i dont have the suhosin patch please help ------------------------------------------------------------------------ [2009-03-11 09:17:40] dballance at roydshall dot org I have the same error when running certain queries with mssql_query(). There seems to be no way to predict which queries will run and which fail - although if a query fails it always fails and if it runs then it alway runs. The more complex the query, the more likely to fail. I am running PHP Version 5.2.4-2ubuntu5.5 with Suhosin Patch 0.9.6.2. Example code that trips the switch: $dbhandle = mssql_connect($myServer, $myUser, $myPass); $selected = mssql_select_db($myDB, $dbhandle); $query = "SELECT * FROM sims.curr_group INNER JOIN sims.curr_class_period ON sims.curr_group.base_group_id = sims.curr_class_period.base_group_id INNER JOIN sims.sims_person ON sims.sims_person.person_id = sims.curr_class_period.person_id WHERE (sims.curr_group.short_name = '9b/It1')"; $result = mssql_query($query); while($row = mssql_fetch_array($result)) { print_r($row); } //close the connection mssql_close($dbhandle); ------------------------------------------------------------------------ [2008-10-10 09:50:38] krister dot karlstrom at arcada dot fi I'm experiencing the same bug using PHP 5.2.4-2ubuntu5.3 with Suhosin-Patch 0.9.6.2 (cli) on a Ubuntu Hardy 8.0.4 server. The following simplified example shows the problem, the last echo row is not executed because of mssql_free_result() fails: <?php $link = mssql_connect('xxxx.xx', 'xxx', 'xxxx'); if(is_resource($link)) { if(mssql_select_db('kursbok', $link)) { $result = mssql_query('select * from Utbildningsprogram order by up_nr'); if(is_resource($result)) { $obj = mssql_fetch_object($result); echo $obj->up_nr."\n"; mssql_free_result($result); } } } echo "Here I am - NOT!"; ?> OUTPUT ================================================================== 201000 ALERT - canary mismatch on efree() - heap overflow detected (attacker 'REMOTE_ADDR not set', file '/var/www/xxxx/TestMsSQL.php', line 16) ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/44872 -- Edit this bug report at http://bugs.php.net/?id=44872&edit=1