#44872 [Com]: canary mismatch on efree() - heap overflow detected

2009-09-09 Thread squarious at gmail dot com 
 ID:   44872
 Comment by:   squarious at gmail dot com
 Reported By:  mattr at shoplet dot com
 Status:   No Feedback
 Bug Type: MySQLi related
 Operating System: FreeBSD 6.2
 PHP Version:  5.2.5
 New Comment:

I have the same error on 5.2.10 with suhosin patch.
Linux 2.6.31-10-generic #30-Ubuntu SMP Tue Sep 8 12:32:38 UTC 2009
x86_64 GNU/Linux

The tested site was working perfectly on Ubuntu 8.04 LTS with untouched
PHP 5.2.4 (with suhosin patch). The behaviour however is not standard
and it depends if the page is first time visite


Previous Comments:


[2009-09-09 12:03:27] neofutur dot php at ww7 dot be

update/workaround . . . but scary . . .

 someone on ##php tols me to restart apache, that when you get one of 
those canary mismatch on efree() you get many until you restart apache.
 I didnt pay attention at the beginning but finally tried it.

 Its simply true, when you get those messages , restart apache and you
will see no more of them ( until the next apache overflow ? )



[2009-09-09 10:21:49] neofutur dot php at ww7 dot be

I also tried the code suggested :

 1);
$demo_user[]=(object)array("second" => 2);
$demo_user[]=(object)array("third" => 3);

echo ""; var_dump($demo_user); echo "";

?>

 This doesnt trigger any error message here



[2009-09-09 10:07:50] neofutur dot php at ww7 dot be

your bugtool dont accept my comment after 40 attempts, so I just post
the pastebin url containing all my comments and logs :

http://dpaste.com/91360/



[2009-09-09 09:56:15] joeysmith at gmail dot com

Sorry for the noise - testing the assertion that CAPTCHAs are broken.



[2009-08-20 07:42:34] p dot elagin at gmail dot com

PHP Version 5.2.10-2
Linux xxx.ru 2.6.26-2-amd64 #1 SMP Fri Aug 14 07:12:04 UTC 2009
x86_64
___
Same Problem
[Thu Aug 20 11:34:09 2009] [error] [client 212.16.10.34] ALERT - canary
mismatch on efree() - heap overflow detected (attacker 'xxx', file
'xxx/index.php'), referer: http://text.foothold.ru/index.php

Linux - Debian ( squeeze )

i have this problem when i install 5.2.10-1, i reinstall to 5.2.9 all
is ok. now i update my system and problem restore 



The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/44872

-- 
Edit this bug report at http://bugs.php.net/?id=44872&edit=1

[PHP-BUG] Bug #53483 [NEW]: using mysqli_stmt::send_long_data() makes execute() fail

2010-12-06 Thread squarious at gmail dot com 
From: 
Operating system: linux
PHP version:  5.3.3
Package:  MySQLi related
Bug Type: Bug
Bug description:using mysqli_stmt::send_long_data() makes execute() fail

Description:

This bug was found from a framework test units after a system upgrade
(ubuntu/10.04 -> ubuntu/10.10). The bug was tracked that the
send_long_data() stopped working completely. If I try to use it for large
packets, the following execute() command will fail with error "Error
executing prepared statement. Incorrect arguments to mysqld_stmt_execute".



I made a script that reproduces 100% the bug and I ran it at 

ubuntu/10.04(php5.3.2, mysql5.1.41) PASS,

ubuntu/10.10(php5.3.3, mysql5.1.49) FAIL,

debian/squeeze(php5.3.3, mysql5.1.49) FAIL.



So I assume its a regression at php's 5.3.3.

Test script:
---
//Full test @ http://codepad.org/eKnJnWnC 



// Code chunk that trigger the problem.

if (!$stmt->bind_param('b', $null))

die("Error binding parameters. {$stmt->error}\n");

foreach(str_split($big_data, $max_allowed_packet) as $packet )

if (!$stmt->send_long_data(0, $packet))

die("Error sending long packet. {$stmt->error}\n");

if (!$stmt->execute())

die("Error executing prepared statement. {$stmt->error}\n");

Expected result:

OK: Executed prepared statement with blob less than max_allowed_packet.

OK: Executed prepared statement with blob bigger than max_allowed_packet,
sent at chunks.



Actual result:
--
OK: Executed prepared statement with blob less than max_allowed_packet.

Error executing prepared statement. Incorrect arguments to
mysqld_stmt_execute

-- 
Edit bug report at http://bugs.php.net/bug.php?id=53483&edit=1
-- 
Try a snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=53483&r=trysnapshot52
Try a snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=53483&r=trysnapshot53
Try a snapshot (trunk):  
http://bugs.php.net/fix.php?id=53483&r=trysnapshottrunk
Fixed in SVN:
http://bugs.php.net/fix.php?id=53483&r=fixed
Fixed in SVN and need be documented: 
http://bugs.php.net/fix.php?id=53483&r=needdocs
Fixed in release:
http://bugs.php.net/fix.php?id=53483&r=alreadyfixed
Need backtrace:  
http://bugs.php.net/fix.php?id=53483&r=needtrace
Need Reproduce Script:   
http://bugs.php.net/fix.php?id=53483&r=needscript
Try newer version:   
http://bugs.php.net/fix.php?id=53483&r=oldversion
Not developer issue: 
http://bugs.php.net/fix.php?id=53483&r=support
Expected behavior:   
http://bugs.php.net/fix.php?id=53483&r=notwrong
Not enough info: 
http://bugs.php.net/fix.php?id=53483&r=notenoughinfo
Submitted twice: 
http://bugs.php.net/fix.php?id=53483&r=submittedtwice
register_globals:
http://bugs.php.net/fix.php?id=53483&r=globals
PHP 4 support discontinued:  http://bugs.php.net/fix.php?id=53483&r=php4
Daylight Savings:http://bugs.php.net/fix.php?id=53483&r=dst
IIS Stability:   
http://bugs.php.net/fix.php?id=53483&r=isapi
Install GNU Sed: 
http://bugs.php.net/fix.php?id=53483&r=gnused
Floating point limitations:  
http://bugs.php.net/fix.php?id=53483&r=float
No Zend Extensions:  
http://bugs.php.net/fix.php?id=53483&r=nozend
MySQL Configuration Error:   
http://bugs.php.net/fix.php?id=53483&r=mysqlcfg