[php-maint] Bug#481737: additional info FTBFS: php5
Joerg Friedrich
Joerg.Friedrich at friedrich-kn.de
Wed Jul 2 00:50:58 UTC 2008
Hi, I tried to collect some more info.
this is a try to see what happening. The problem is
/usr/local/src/php5-5.2.6/Zend/zend_alloc.c:1991
SUHOSIN_MM_SET_END_CANARY(best_fit);
This is:
size_t *p = (size_t*)(((char*)(ZEND_MM_DATA_OF(best_fit))) + ((zend_mm_block*)(best_fit))->info.size + END_MAGIC_SIZE);
memcpy(p, &heap->canary_3, CANARY_SIZE);
disassemble shows:
0x0025931c <_zend_mm_alloc_int+940>: add %i1, 0x18, %g3
0x00259320 <_zend_mm_alloc_int+944>: ld [ %l1 + 0x254 ], %g1
0x00259324 <_zend_mm_alloc_int+948>: st %g1, [ %i0 + %g3 ]
size_t *p = (size_t*)(((char*)(ZEND_MM_DATA_OF(best_fit))) + ((zend_mm_block*)(best_fit))->info.size + END_MAGIC_SIZE);
------------------------ --------------------------------------- --------------
= best_fit + = size (function arg, stored in %i1) fix_val at compile time
fix_val calculated at
compile time
0x0025931c is: size + two fix_vals, stored into %g3
0x00259320 is: load heap->canary_d into %g1 (addr of heap is in %l1)
0x00259324 is: store %g1 into "best_fit (%i0) + %g3
which is the same as
store %g1 into "bestfit + size + two fix_vals"
since bestfit is aligned and the fix_vals are 0x18 (does not change the alignment)
the problem must be the argument size.
#if SUHOSIN_PATCH
SUHOSIN_MM_SET_CANARIES(best_fit);
((zend_mm_block*)best_fit)->info.size = size;
SUHOSIN_MM_SET_END_CANARY(best_fit);
#endif
maybe instead of size it's better to use true_size
atm, i try to compile php this way, but my machine is not the fastest.
(gdb) run
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /usr/local/src/php5-5.2.6/cgi-build/sapi/cli/php
[Thread debugging using libthread_db enabled]
[New Thread 0xf75a66d0 (LWP 3659)]
[Switching to Thread 0xf75a66d0 (LWP 3659)]
Breakpoint 5, _zend_mm_alloc_int (heap=0x5085d0, size=<error type>) at /usr/local/src/php5-5.2.6/Zend/zend_alloc.c:1991
1991 SUHOSIN_MM_SET_END_CANARY(best_fit);
7: /x $pc = 0x25931c
5: /x $i0 + $g3 = 0xf7552010
4: /x $i0 = 0xf7552010
3: /x $g3 = 0x0
2: /x $g1 = 0x3247c1bf
(gdb) disassemble 0x25931c 0x259328
Dump of assembler code from 0x25931c to 0x259328:
0x0025931c <_zend_mm_alloc_int+940>: add %i1, 0x18, %g3
0x00259320 <_zend_mm_alloc_int+944>: ld [ %l1 + 0x254 ], %g1
0x00259324 <_zend_mm_alloc_int+948>: st %g1, [ %i0 + %g3 ]
End of assembler dump.
(gdb) si
0x00259320 1991 SUHOSIN_MM_SET_END_CANARY(best_fit);
7: /x $pc = 0x259320
5: /x $i0 + $g3 = 0xf7554028
4: /x $i0 = 0xf7552010
3: /x $g3 = 0x2018
2: /x $g1 = 0x3247c1bf
(gdb) si
0x00259324 1991 SUHOSIN_MM_SET_END_CANARY(best_fit);
7: /x $pc = 0x259324
5: /x $i0 + $g3 = 0xf7554028
4: /x $i0 = 0xf7552010
3: /x $g3 = 0x2018
2: /x $g1 = 0x2f8f5219
(gdb) si
1994 heap->size += true_size;
7: /x $pc = 0x259328
5: /x $i0 + $g3 = 0xf7554028
4: /x $i0 = 0xf7552010
3: /x $g3 = 0x2018
2: /x $g1 = 0x2f8f5219
(gdb) c
Continuing.
Breakpoint 5, _zend_mm_alloc_int (heap=0x5085d0, size=<error type>) at /usr/local/src/php5-5.2.6/Zend/zend_alloc.c:1991
1991 SUHOSIN_MM_SET_END_CANARY(best_fit);
7: /x $pc = 0x25931c
5: /x $i0 + $g3 = 0xf7554030
4: /x $i0 = 0xf7554030
3: /x $g3 = 0x0
2: /x $g1 = 0x3247c1bf
(gdb) si
0x00259320 1991 SUHOSIN_MM_SET_END_CANARY(best_fit);
7: /x $pc = 0x259320
5: /x $i0 + $g3 = 0xf755404d
4: /x $i0 = 0xf7554030
3: /x $g3 = 0x1d
2: /x $g1 = 0x3247c1bf
(gdb) si
0x00259324 1991 SUHOSIN_MM_SET_END_CANARY(best_fit);
7: /x $pc = 0x259324
5: /x $i0 + $g3 = 0xf755404d
4: /x $i0 = 0xf7554030
3: /x $g3 = 0x1d
2: /x $g1 = 0x2f8f5219
(gdb) si
Program received signal SIGBUS, Bus error.
0x00259324 in _zend_mm_alloc_int (heap=0x5085d0, size=<error type>) at /usr/local/src/php5-5.2.6/Zend/zend_alloc.c:1991
1991 SUHOSIN_MM_SET_END_CANARY(best_fit);
7: /x $pc = 0x259324
5: /x $i0 + $g3 = 0xf755404d
4: /x $i0 = 0xf7554030
3: /x $g3 = 0x1d
2: /x $g1 = 0x2f8f5219
--
Jörg Friedrich
There are only 10 types of people:
Those who understand binary and those who don't.
More information about the pkg-php-maint
mailing list