[php-maint] Bug#481737: Bug#481737: Bug#481737: Bug#481737: PHP 5.2.6 with suhosin 0.9.6.2 causes bus errors

sean finney seanius at debian.org
Wed Jul 2 19:53:50 UTC 2008 

and hello again,

i can report back that making a similar change in the third place seems to 
have resolved the FTBFS problems.

Stefan, attached you will find a patch against the patch.  since this may be 
hard to read i've also attached it in interdiff format, which should be a 
little easier for the eyes :)


	sean

On Tuesday 01 July 2008 08:34:47 am sean finney wrote:
> hi everyone,
>
> i just ran a build last night with the modified patch, which unfortunately
> failed.  *however*, it failed later than before, and looking at the crash
> it looks like there's at least a third place where unaligned access is
> occurring:
>
> (gdb) run
> Starting program: /home/seanius/php5-5.2.6/cgi-build/sapi/cli/php
> [Thread debugging using libthread_db enabled]
> [New Thread 0xf7f92f60 (LWP 31508)]
>
> Program received signal SIGBUS, Bus error.
> [Switching to Thread 0xf7f92f60 (LWP 31508)]
> _zend_mm_free_int (heap=0x5085c0, p=0xf75c4030)
>     at /home/seanius/php5-5.2.6/Zend/zend_alloc.c:2018
> 2018        SUHOSIN_MM_CHECK_CANARIES(mm_block, "efree()");
>
> and the relevant code:
>
> +# define SUHOSIN_MM_CHECK_CANARIES(block, MFUNCTION) do { \
> +        size_t *p = SUHOSIN_MM_END_CANARY_PTR(block), check; \
> +               if (((block)->info.canary_1 != heap->canary_1) ||
> ((block)->info
> .canary_2 != heap->canary_2)) { \
> +                       canary_mismatch: \
> +            zend_suhosin_log(S_MEMORY, "canary mismatch on " MFUNCTION " -
> heap
>  overflow detected"); \
> +            exit(1); \
> +               } \
> +        memcpy(&check, p, CANARY_SIZE); \
>
> so in other words a char* from the previously modified macro is being
> assigned to the size_t *p, which is then possibly not aligned and passed to
> memcpy. i'll try changing these to a char * too and see if it makes any
> difference.
>
>
> br,
> 	sean
-------------- next part --------------
A non-text attachment was scrubbed...
Name: suhosin.patch.patch
Type: text/x-diff
Size: 1194 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20080702/ac63bd27/attachment-0001.patch 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: suhosin.patch.interdiff
Type: text/x-diff
Size: 1105 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20080702/ac63bd27/attachment-0001.diff 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20080702/ac63bd27/attachment-0001.pgp

More information about the pkg-php-maint mailing list