[wp-trac] [WordPress Trac] #13847: canary mismatch on efree() - heap overflow
WordPress Trac
wp-trac at lists.automattic.com
Fri Jun 11 13:04:30 UTC 2010
#13847: canary mismatch on efree() - heap overflow
----------------------------+-----------------------------------------------
Reporter: priitsalumaa | Owner:
Type: defect (bug) | Status: new
Priority: high | Milestone: 3.0
Component: Administration | Version: 3.0
Severity: blocker | Keywords: heap overflow
----------------------------+-----------------------------------------------
Hi, I discovered a following problem:
I'm trying out the WP 3.0RC2 (no additional plugins or themes) and the
admin dashboard breaks. Namely, the following menu items display a blank
page under wp-admin:
* Links->Links
* Links->Link Categories
* Appearance->Menus
* Users
It seems to be caused by problems with heap overflow (and maybe WP
increasing the memory above the limit set for PHP (it's 64MB)).
Examples from Appache error log:
[Fri Jun 11 13:11:49 2010] [error] [client 90.190.xxx.xxx] ALERT - script
tried to increase memory_limit to 268435456 bytes which is above the
allowed value (attacker '90.190.xxx.xxx', file '/var/www/www.xxxxx.ee/wp-
admin/admin.php', line 96), referer: http://www.xxxxx.ee/wp-admin/
[Fri Jun 11 13:11:49 2010] [error] [client 90.190.xxx.xxx] ALERT - canary
mismatch on efree() - heap overflow detected (attacker '90.190.xxx.xxx',
file '/var/www/www.xxxxx.ee/wp-admin/includes/template.php', line 3557),
referer: http://www.xxxxx.ee/wp-admin/
[Fri Jun 11 13:12:16 2010] [error] [client 90.190.xxx.xxx] ALERT - script
tried to increase memory_limit to 268435456 bytes which is above the
allowed value (attacker '90.190.xxx.xxx', file '/var/www/www.xxxxx.ee/wp-
admin/admin.php', line 96), referer: http://www.xxxxx.ee/wp-admin/link-
manager.php
[Fri Jun 11 13:12:16 2010] [error] [client 90.190.xxx.xxx] ALERT - canary
mismatch on efree() - heap overflow detected (attacker '90.190.xxx.xxx',
file '/var/www/www.xxxxx.ee/wp-admin/includes/template.php', line 3557),
referer: http://www.xxxxx.ee/wp-admin/link-manager.php
[Fri Jun 11 13:12:23 2010] [error] [client 90.190.xxx.xxx] ALERT - script
tried to increase memory_limit to 268435456 bytes which is above the
allowed value (attacker '90.190.xxx.xxx', file '/var/www/www.xxxxx.ee/wp-
admin/admin.php', line 96), referer: http://www.xxxxx.ee/wp-
admin/index.php
The same errors are reported when I use the nightly build.
If the memory limit is increased to 256M for PHP the "ALERT - script tried
to increase memory_limit" errors dissapear from the log, but the "ALERT -
canary mismatch on efree() - heap overflow detected" remain. The menus are
still broken in wp-admin environment.
My questions hereby are:
* Is there possibly a bug in WP 3.0 code causing memory corruption (read
the: http://www.suspekt.org/2008/10/12/suhosin-canary-mismatch-on-efree-
heap-overflow-detected/)?
* For memory increase related error messages - is there any solution to
this, which does not require increasing the memory limit of the server?
Cheers,
Priit Salumaa
--
Ticket URL: <http://core.trac.wordpress.org/ticket/13847>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list