ID: 44872 Comment by: jimmy at pixelant dot se Reported By: mattr at shoplet dot com Status: No Feedback Bug Type: MySQLi related Operating System: FreeBSD 6.2 PHP Version: 5.2.5 New Comment:
Feb 9 13:51:36 xxxxxxxxxxxxxx suhosin[4498]: ALERT - canary mismatch on efree() - heap overflow detected (attacker 'x.x.x.x', file 'class.t3lib_htmlmail.php', line 718) Upgrade to php 5.2.12 resolved this issue. Previous Comments: ------------------------------------------------------------------------ [2009-09-09 20:51:05] squarious at gmail dot com I have the same error on 5.2.10 with suhosin patch. Linux 2.6.31-10-generic #30-Ubuntu SMP Tue Sep 8 12:32:38 UTC 2009 x86_64 GNU/Linux The tested site was working perfectly on Ubuntu 8.04 LTS with untouched PHP 5.2.4 (with suhosin patch). The behaviour however is not standard and it depends if the page is first time visite ------------------------------------------------------------------------ [2009-09-09 12:03:27] neofutur dot php at ww7 dot be update/workaround . . . but scary . . . someone on ##php tols me to restart apache, that when you get one of those canary mismatch on efree() you get many until you restart apache. I didnt pay attention at the beginning but finally tried it. Its simply true, when you get those messages , restart apache and you will see no more of them ( until the next apache overflow ? ) ------------------------------------------------------------------------ [2009-09-09 10:21:49] neofutur dot php at ww7 dot be I also tried the code suggested : <?php $demo_user[]=(object)array("first" => 1); $demo_user[]=(object)array("second" => 2); $demo_user[]=(object)array("third" => 3); echo "<pre>"; var_dump($demo_user); echo "</pre>"; ?> This doesnt trigger any error message here ------------------------------------------------------------------------ [2009-09-09 10:07:50] neofutur dot php at ww7 dot be your bugtool dont accept my comment after 40 attempts, so I just post the pastebin url containing all my comments and logs : http://dpaste.com/91360/ ------------------------------------------------------------------------ [2009-09-09 09:56:15] joeysmith at gmail dot com Sorry for the noise - testing the assertion that CAPTCHAs are broken. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/44872 -- Edit this bug report at http://bugs.php.net/?id=44872&edit=1