ID: 44872 Comment by: p dot elagin at gmail dot com Reported By: mattr at shoplet dot com Status: No Feedback Bug Type: MySQLi related Operating System: FreeBSD 6.2 PHP Version: 5.2.5 New Comment:
PHP Version 5.2.10-2 Linux xxxxxxx.ru 2.6.26-2-amd64 #1 SMP Fri Aug 14 07:12:04 UTC 2009 x86_64 ___ Same Problem [Thu Aug 20 11:34:09 2009] [error] [client 212.16.10.34] ALERT - canary mismatch on efree() - heap overflow detected (attacker 'xxxxxxx', file 'xxxxxxx/index.php'), referer: http://text.foothold.ru/index.php Linux - Debian ( squeeze ) i have this problem when i install 5.2.10-1, i reinstall to 5.2.9 all is ok. now i update my system and problem restore (((( Previous Comments: ------------------------------------------------------------------------ [2009-08-07 12:44:19] werner at flyingdog dot de I also can reproduce this error (Suhosin Patch installed). Very simple test script: <?php $demo_user[]=(object)array("first" => 1); $demo_user[]=(object)array("second" => 2); $demo_user[]=(object)array("third" => 3); echo "<pre>"; var_dump($demo_user); echo "</pre>"; ?> Error Log: [Fri Aug 07 14:38:06 2009] [error] [client xx.xx.xx.xx] ALERT - canary mismatch on efree() - heap overflow detected (attacker 'xx.xx.xx.xx', file '/somedir/somedir/htdocs/f.php', line 2) Version Info: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.6 with Suhosin-Patch proxy_html/3.0.0 Server at xxxxxx Port 80 ------------------------------------------------------------------------ [2009-08-06 00:18:58] robert at robert-gonzalez dot com I am having this same issue on Ubuntu 8.10 running against Sybase 12.5. This actually just started happening against the CLI version of PHP when attempting to connect more than once to the database server in the same request. Any idea when this might get fixed? Or if not, anyone have a reliable work around? ------------------------------------------------------------------------ [2009-07-17 09:13:13] emiel dot molenaar at gmail dot com Any news about this one? Having the same issue here on Debian: PHP 5.2.10-2 with Suhosin-Patch 0.9.7 (cli) (built: Jul 10 2009 01:47:03) ------------------------------------------------------------------------ [2009-05-06 14:16:33] j dot vd dot broek at home dot nl This solution I saw on another website might help fixing it in a next build of PHP or at least show people with the same problem a way out of it: http://chrisblunt.com/blog/2009/05/01/php-fixing-mismatched-canaries-how-to-remove-suhosin-from-debianubuntu-packages/ ------------------------------------------------------------------------ [2009-05-03 13:48:10] ewilded at gmail dot com Same situation on PHP 5.2.9 with Suhosin-Patch 0.9.7 (cli) (built: May 2 2009 14:51:38), OS: Slackware 12, i'm connecting to Oracle DB on remote machine using PDO, script gets killed while trying to execute simple SELECT statement without any params (same code works fine with MySQL). ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/44872 -- Edit this bug report at http://bugs.php.net/?id=44872&edit=1
