php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #59306 "unknown Hashtable destructor" on static class properties of type array +SUHOSIN
Submitted: 2010-07-12 12:54 UTC Modified: 2013-02-18 23:31 UTC
Votes:2
Avg. Score:4.0 ± 1.0
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: joost at joost dot cx Assigned: gopalv (profile)
Status: Not a bug Package: APC (PECL)
PHP Version: 5.2.13 OS: Debian Lenny
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: joost at joost dot cx
New email:
PHP Version: OS:

 

 [2010-07-12 12:54 UTC] joost at joost dot cx
Description:
------------
The current APC SVN package consistently crashes on reassigning static class properties that have been pre-initialized as empty arrays.

We've constructed a very minimal test-case.

Instructions:
1) put the 2 included php files in /var/www/
2) make an httpreq to http://127.0.0.1/apcloadbug.php?recompile=1 
This step compiles /var/www/apcbug.php and stores it in /tmp/apcbug.php.bin
3) make a second httpreq to http://127.0.0.1/apcloadbug.php (without the recompile parameter set).




Reproduce code:
---------------
http://www.joost.cx/apc-possible-memory-corruption-detected-unknown-hashtable-destructor/
In short:
1) Create a class that has a static property pre-initialized to 'array()'.
2) pre-compile the opcode to a file (apc_compile_file + apc_bin_dumpfile)
3) load the file back (apc_bin_loadfile) and try to change the static property (triggering a 'unknown Hashtable destructor error).




Expected result:
----------------
Expected result is that the apcbug.php.bin file executes just like it's sourcefile. 

Actual result:
--------------
a line is added to /var/log/apache2/error.log 

[Mon Jul 12 11:40:47 2010] [error] [client x.x.x.x] ALERT - possible memory corruption detected - unknown Hashtable destructor (attacker 'x.x.x.x', file '/var/www/apcbug.php', line 6)


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-07-12 13:01 UTC] joost at joost dot cx
Updated link to the examplecode:

http://www.joost.cx/apc-unknown-hashtable-destructor/

Best regards,
Joost Faassen
 [2013-01-31 20:11 UTC] ogreve at millennics dot com
I had this issue too (FreeBSD, with Suhosin, but no Xdebug) after installing 
APC. When disabling APC by setting the flag apc.enabled to 0 and restarting it 
was gone (so I then at least knew the base installation was still o.k. and that 
it was definitely the introduction of APC that caused the error on my box).
I had this error on many pages, even several old ones that weren't programmed in 
an OO manner, so it's not just with the static properties.
I looked around some further, and at the PHP chapter about APC I encountered a 
comment about some users having trouble with the 'slam defense' setting (a 
different error was reported there though, but it sounded somewhat similar to 
what I was experiencing).
Adding the following setting to php.ini and restarting Apache, totally 
eliminated the problem for me:
apc.slam_defense = 0

YMMV, but it works for me!

Cheers,
Olafo
 [2013-01-31 21:11 UTC] ogreve at millennics dot com
Unfortunately I was a bit too hasty in stating that the 'slam_defense' setting alleviated the problem; in fact it still occurs -- often :(((
Possibly it's a combination of Suhosin and APC, but there seem to be precious few good hits to be found about this particular issue.
I'd be very grateful if someone knows of a good fix (the box runs FreeBSD AMD64, PHP 5.2.17, APC 3.1.14 and Suhosin 0.9.7).
Cheers,
Olafo
 [2013-01-31 21:22 UTC] rasmus@php.net
Downgrade to APC 3.1.13 and try again please
 [2013-02-01 10:25 UTC] ogreve at millennics dot com
Hi again,

Issue solved (for me)!
So, the final (?) comment from me, I think:
After putting the installation to the grind and reducing all APC settings to their very defaults, I still kept getting the error.
In the end, in light of the few Google hits on this topic, I suspected it to be a rather uncommon problem, which just had to occur on my box (grrr). The main suspects were Suhosin (always a red hot favourite for stuff like this) and perhaps an outdated PHP installation.
Not coming across any references of trouble between PHP 5.2 and APC (to be precise, respectively versions 5.2.17 and 3.1.14), I strongly suspected Suhosin to be the culprit.
I recompiled (clean) PHP 5.2.17 while leaving everything unchanged, except for Suhosin support. After a restart of Apache... Gone!
No more issues. 
This is then yet another nasty side-effect of Suhosin doing its thing; in a way I don't like running a live box without it, but it's about the 3rd time that Suhosin has messed up otherwise properly working technology, so at this moment it seems to be the lesser of two evils to just leave Suhosin disabled.
If anyone knows of a way to configure Suhosin such that it CAN be used, without this mess-up, I'd be very interested in hearing about it.

Cheers,
Olafo
 [2013-02-18 23:31 UTC] gopalv@php.net
Closing this as a Suhosin related issue
 [2013-02-18 23:31 UTC] gopalv@php.net
-Summary: "unknown Hashtable destructor" on static class properties of type array +Summary: "unknown Hashtable destructor" on static class properties of type array +SUHOSIN -Status: Assigned +Status: Not a bug
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 14:01:32 2024 UTC