php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #47877 ALERT - canary mismatch on efree() - heap overflow detected
Submitted: 2009-04-02 12:22 UTC Modified: 2009-04-11 01:00 UTC
Votes:13
Avg. Score:4.2 ± 1.0
Reproduced:11 of 12 (91.7%)
Same Version:4 (36.4%)
Same OS:3 (27.3%)
From: leif at neland dot dk Assigned:
Status: No Feedback Package: MSSQL related
PHP Version: 5.2.9 OS: Debian 5
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: leif at neland dot dk
New email:
PHP Version: OS:

 

 [2009-04-02 12:22 UTC] leif at neland dot dk 
Description:
------------
Basically the same bug as 43861, it seems.

Some mssql-queries triggers

ALERT - canary mismatch on efree() - heap overflow detected

I'm willing to patch, submit traces etc :-)


Reproduce code:
---------------
Code probably irrellevant.

Expected result:
----------------
No errors in the log

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-04-03 03:00 UTC] kalle@php.net 
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.

Aswell as a backtrace would help give some insight on the matter for the maintainer
 [2009-04-11 01:00 UTC] php-bugs at lists dot php dot net 
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2009-07-10 02:30 UTC] synec dot net at gmail dot com 
run 'php -v' on CLI.

ALERT - canary mismatch on efree() - heap overflow detected (attacker 
'REMOTE_ADDR not set', file 'unknown')

Install php v5.2.10 by FreeBSD ports.
Using options are 'CLI, CGI, APACHE, SUHOSIN, MULTIBYTE, IPV6, MAILHEAD, 
REDIRECT, DISCARD, FASTCGI, PATHINFO'
 [2009-07-10 03:11 UTC] synec dot net at gmail dot com 
I checked extension.ini and remove some lines.

#extension=oci8.so
#extension=recode.so
#extension=pdo_oci.so

and then works fine.
 [2009-08-13 22:16 UTC] nick at ihighteam dot com 
I found a solution here and it works for me!

http://www.nabble.com/-Bug-41297--NEW:-PHP-Suhosin-Patch-creates-a-problem-with-mssql_query%28%29-when-selecting-a-smalldatetime-field-td17693263.html

Steps to Reproduce:
1. Use the default configuration of PHP with the mssql-extension.
2. create a sql-statement that selects a smalldatetimevalue from a MSSQL-Database or use the Script at the end of this report.
3. the Script dies in the mssql_query()-function

Solution:
I found the following solution that works for me:
1. Open /etc/php.ini
2. "Decomment" the line "mssql.datetimeconvert = On" and change it to "mssql.datetimeconvert = Off"
3. Restart Apache
4. The Problem dissappears
 [2010-04-23 02:13 UTC] caesium at gmail dot com 
nick at ihighteam dot com's solution works.

I have a rather large dataset I am iterating through and ran into this issue. I can confirm that Nicks solution is a suitable workaround.

Thanks Nick!
 [2014-02-26 08:14 UTC] emirhanizmir at gmail dot com 
I confirm that nick at ihighteam dot com ' s solution is OK. It solved like a charm.
 [2014-07-10 18:17 UTC] nelson dot ota at buonny dot com dot br 
I have changed mssql.datetimeconvert = Off and work for me!
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Apr 25 12:01:31 2024 UTC