hi everyone, i just ran a build last night with the modified patch, which unfortunately failed. *however*, it failed later than before, and looking at the crash it looks like there's at least a third place where unaligned access is occurring:
(gdb) run
Starting program: /home/seanius/php5-5.2.6/cgi-build/sapi/cli/php
[Thread debugging using libthread_db enabled]
[New Thread 0xf7f92f60 (LWP 31508)]
Program received signal SIGBUS, Bus error.
[Switching to Thread 0xf7f92f60 (LWP 31508)]
_zend_mm_free_int (heap=0x5085c0, p=0xf75c4030)
at /home/seanius/php5-5.2.6/Zend/zend_alloc.c:2018
2018 SUHOSIN_MM_CHECK_CANARIES(mm_block, "efree()");
and the relevant code:
+# define SUHOSIN_MM_CHECK_CANARIES(block, MFUNCTION) do { \
+ size_t *p = SUHOSIN_MM_END_CANARY_PTR(block), check; \
+ if (((block)->info.canary_1 != heap->canary_1) ||
((block)->info
.canary_2 != heap->canary_2)) { \
+ canary_mismatch: \
+ zend_suhosin_log(S_MEMORY, "canary mismatch on " MFUNCTION " -
heap
overflow detected"); \
+ exit(1); \
+ } \
+ memcpy(&check, p, CANARY_SIZE); \
so in other words a char* from the previously modified macro is being assigned
to the size_t *p, which is then possibly not aligned and passed to memcpy.
i'll try changing these to a char * too and see if it makes any difference.
br,
sean
signature.asc
Description: This is a digitally signed message part.
