FS#29024 : [php-memcached] *** stack smashing detected ***: php terminated

FS#29024 - [php-memcached] * stack smashing detected *: php terminated

Attached to Project: Community Packages
Opened by Rasmus Abrahamsen (Ralle) - Tuesday, 20 March 2012, 23:13 GMT
Last edited by Evangelos Foutras (foutrelis) - Friday, 23 March 2012, 12:21 GMT

Task Type	Bug Report
Category	Packages
Status	Closed
Assigned To	Evangelos Foutras (foutrelis)
Architecture	x86_64
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Description:
using Memcached::getMulti() destroys the stack with or without a connection to a server. I am not sure if this is a bug in php-memcached in general, but I would assume they would catch such a bug.

Additional info:
* versions: libmemcached-1.0.5-1 php-5.3.10-4 php-memcached-2.0.1-1
* just add extension=memcached.so to php.ini

Steps to reproduce:
Make file test.php:
<?php
$m = new Memcached();
$d = $m->getMulti(array('a'));
?>
run it:
php test.php

Output:
*** stack smashing detected ***: php terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7f265decf317]
/lib/libc.so.6(__fortify_fail+0x0)[0x7f265decf2e0]
/usr/lib/php/modules/memcached.so(+0xb6d7)[0x7f265c2d36d7]
php[0x68ce4d]
php(execute+0x1eb)[0x62d59b]
php(zend_execute_scripts+0x119)[0x6090a9]
php(php_execute_script+0x1d3)[0x5b5f53]
php[0x42644e]
/lib/libc.so.6(__libc_start_main+0xed)[0x7f265ddf738d]
php[0x42649d]
======= Memory map: ========
00400000-00ad7000 r-xp 00000000 ca:00 2914401 /usr/bin/php
00cd7000-00d32000 r--p 006d7000 ca:00 2914401 /usr/bin/php
00d32000-00d3c000 rw-p 00732000 ca:00 2914401 /usr/bin/php
00d3c000-00d59000 rw-p 00000000 00:00 0
013f1000-01603000 rw-p 00000000 00:00 0 [heap]
7f265bb7e000-7f265bb93000 r-xp 00000000 ca:00 24896 /usr/lib/libgcc_s.so.1
7f265bb93000-7f265bd93000 ---p 00015000 ca:00 24896 /usr/lib/libgcc_s.so.1
7f265bd93000-7f265bd94000 rw-p 00015000 ca:00 24896 /usr/lib/libgcc_s.so.1
7f265bd94000-7f265be7b000 r-xp 00000000 ca:00 24878 /usr/lib/libstdc++.so.6.0.16
7f265be7b000-7f265c07a000 ---p 000e7000 ca:00 24878 /usr/lib/libstdc++.so.6.0.16
7f265c07a000-7f265c082000 r--p 000e6000 ca:00 24878 /usr/lib/libstdc++.so.6.0.16
7f265c082000-7f265c084000 rw-p 000ee000 ca:00 24878 /usr/lib/libstdc++.so.6.0.16
7f265c084000-7f265c099000 rw-p 00000000 00:00 0
7f265c099000-7f265c0c7000 r-xp 00000000 ca:00 24934 /usr/lib/libmemcached.so.9.0.0
7f265c0c7000-7f265c2c6000 ---p 0002e000 ca:00 24934 /usr/lib/libmemcached.so.9.0.0
7f265c2c6000-7f265c2c7000 r--p 0002d000 ca:00 24934 /usr/lib/libmemcached.so.9.0.0
7f265c2c7000-7f265c2c8000 rw-p 0002e000 ca:00 24934 /usr/lib/libmemcached.so.9.0.0
7f265c2c8000-7f265c2da000 r-xp 00000000 ca:00 258201 /usr/lib/php/modules/memcached.so
7f265c2da000-7f265c4d9000 ---p 00012000 ca:00 258201 /usr/lib/php/modules/memcached.so
7f265c4d9000-7f265c4dc000 r--p 00011000 ca:00 258201 /usr/lib/php/modules/memcached.so
7f265c4dc000-7f265c4dd000 rw-p 00014000 ca:00 258201 /usr/lib/php/modules/memcached.so
7f265c4dd000-7f265c4e5000 r-xp 00000000 ca:00 258175 /usr/lib/php/modules/json.so
7f265c4e5000-7f265c6e4000 ---p 00008000 ca:00 258175 /usr/lib/php/modules/json.so
7f265c6e4000-7f265c6e5000 r--p 00007000 ca:00 258175 /usr/lib/php/modules/json.so
7f265c6e5000-7f265c6e6000 rw-p 00008000 ca:00 258175 /usr/lib/php/modules/json.so
7f265c6e6000-7f265c6e8000 r-xp 00000000 ca:00 258183 /usr/lib/php/modules/gettext.so
7f265c6e8000-7f265c8e8000 ---p 00002000 ca:00 258183 /usr/lib/php/modules/gettext.so
7f265c8e8000-7f265c8e9000 r--p 00002000 ca:00 258183 /usr/lib/php/modules/gettext.so
7f265c8e9000-7f265c8ea000 rw-p 00003000 ca:00 258183 /usr/lib/php/modules/gettext.so
7f265c8ea000-7f265c901000 r-xp 00000000 ca:00 81973 /lib/libpthread-2.15.so
7f265c901000-7f265cb00000 ---p 00017000 ca:00 81973 /lib/libpthread-2.15.so
7f265cb00000-7f265cb01000 r--p 00016000 ca:00 81973 /lib/libpthread-2.15.so
7f265cb01000-7f265cb02000 rw-p 00017000 ca:00 81973 /lib/libpthread-2.15.so
7f265cb02000-7f265cb06000 rw-p 00000000 00:00 0
7f265cb06000-7f265cc95000 r-xp 00000000 ca:00 24865 /usr/lib/libcrypto.so.1.0.0
7f265cc95000-7f265ce94000 ---p 0018f000 ca:00 24865 /usr/lib/libcrypto.so.1.0.0
7f265ce94000-7f265cead000 r--p 0018e000 ca:00 24865 /usr/lib/libcrypto.so.1.0.0
7f265cead000-7f265ceb7000 rw-p 001a7000 ca:00 24865 /usr/lib/libcrypto.so.1.0.0
7f265ceb7000-7f265cebb000 rw-p 00000000 00:00 0
7f265cebb000-7f265cf10000 r-xp 00000000 ca:00 24864 /usr/lib/libssl.so.1.0.0
7f265cf10000-7f265d110000 ---p 00055000 ca:00 24864 /usr/lib/libssl.so.1.0.0
7f265d110000-7f265d113000 r--p 00055000 ca:00 24864 /usr/lib/libssl.so.1.0.0
7f265d113000-7f265d118000 rw-p 00058000 ca:00 24864 /usr/lib/libssl.so.1.0.0
7f265d118000-7f265d11f000 r-xp 00000000 ca:00 82012 /lib/librt-2.15.so
7f265d11f000-7f265d31e000 ---p 00007000 ca:00 82012 /lib/librt-2.15.so
7f265d31e000-7f265d31f000 r--p 00006000 ca:00 82012 /lib/librt-2.15.so
7f265d31f000-7f265d320000 rw-p 00007000 ca:00 82012 /lib/librt-2.15.so
7f265d320000-7f265d347000 r-xp 00000000 ca:00 25840 /usr/lib/libssh2.so.1.0.1
7f265d347000-7f265d546000 ---p 00027000 ca:00 25840 /usr/lib/libssh2.so.1.0.1
7f265d546000-7f265d547000 r--p 00026000 ca:00 25840 /usr/lib/libssh2.so.1.0.1
7f265d547000-7f265d548000 rw-p 00027000 ca:00 25840 /usr/lib/libssh2.so.1.0.1
7f265d548000-7f265d5a1000 r-xp 00000000 ca:00 25890 /usr/lib/libcurl.so.4.2.0
7f265d5a1000-7f265d7a0000 ---p 00059000 ca:00 25890 /usr/lib/libcurl.so.4.2.0
7f265d7a0000-7f265d7a2000 r--p 00058000 ca:00 25890 /usr/lib/libcurl.so.4.2.0
7f265d7a2000-7f265d7a3000 rw-p 0005a000 ca:00 25890 /usr/lib/libcurl.so.4.2.0
7f265d7a3000-7f265d7b3000 r-xp 00000000 ca:00 258180 /usr/lib/php/modules/curl.so
7f265d7b3000-7f265d9b2000 ---p 00010000 ca:00 258180 /usr/lib/php/modules/curl.so
7f265d9b2000-7f265d9b3000 r--p 0000f000 ca:00 258180 /usr/lib/php/modules/curl.so
7f265d9b3000-7f265d9b4000 rw-p 00010000 ca:00 258180 /usr/lib/php/modules/curl.so
7f265d9b4000-7f265db79000 r--p 00000000 ca:00 3692545 /usr/lib/locale/locale-archive
7f265db79000-7f265dbd1000 r-xp 00000000 ca:00 24695 /usr/lib/libncursesw.so.5.9
7f265dbd1000-7f265ddd0000 ---p 00058000 ca:00 24695 /usr/lib/libncursesw.so.5.9
7f265ddd0000-7f265ddd4000 r--p 00057000 ca:00 24695 /usr/lib/libncursesw.so.5.9
7f265ddd4000-7f265ddd5000 rw-p 0005b000 ca:00 24695 /usr/lib/libncursesw.so.5.9
7f265ddd5000-7f265ddd6000 rw-p 00000000 00:00 0
7f265ddd6000-7f265df6d000 r-xp 00000000 ca:00 82064 /lib/libc-2.15.so
7f265df6d000-7f265e16d000 ---p 00197000 ca:00 82064 /lib/libc-2.15.so
7f265e16d000-7f265e171000 r--p 00197000 ca:00 82064 /lib/libc-2.15.so
7f265e171000-7f265e173000 rw-p 0019b000 ca:00 82064 /lib/libc-2.15.so
7f265e173000-7f265e177000 rw-p 00000000 00:00 0
7f265e177000-7f265e2c7000 r-xp 00000000 ca:00 24759 /usr/lib/libxml2.so.2.7.8
7f265e2c7000-7f265e4c7000 ---p 00150000 ca:00 24759 /usr/lib/libxml2.so.2.7.8
7f265e4c7000-7f265e4cf000 r--p 00150000 ca:00 24759 /usr/lib/libxml2.so.2.7.8
7f265e4cf000-7f265e4d1000 rw-p 00158000 ca:00 24759 /usr/lib/libxml2.so.2.7.8
7f265e4d1000-7f265e4d2000 rw-p 00000000 00:00 0
7f265e4d2000-7f265e4d4000 r-xp 00000000 ca:00 82016 /lib/libdl-2.15.so
7f265e4d4000-7f265e6d4000 ---p 00002000 ca:00 82016 /lib/libdl-2.15.so
7f265e6d4000-7f265e6d5000 r--p 00002000 ca:00 82016 /lib/libdl-2.15.so
7f265e6d5000-7f265e6d6000 rw-p 00003000 ca:00 82016 /lib/libdl-2.15.so
7f265e6d6000-7f265e7c9000 r-xp 00000000 ca:00 82017 /lib/libm-2.15.so
7f265e7c9000-7f265e9c8000 ---p 000f3000 ca:00 82017 /lib/libm-2.15.so
7f265e9c8000-7f265e9c9000 r--p 000f2000 ca:00 82017 /lib/libm-2.15.so
7f265e9c9000-7f265e9ca000 rw-p 000f3000 ca:00 82017 /lib/libm-2.15.so
7f265e9ca000-7f265ea23000 r-xp 00000000 ca:00 24634 /usr/lib/libpcre.so.1.0.0
7f265ea23000-7f265ec22000 ---p 00059000 ca:00 24634 /usr/lib/libpcre.so.1.0.0
7f265ec22000-7f265ec23000 r--p 00058000 ca:00 24634 /usr/lib/libpcre.so.1.0.0
7f265ec23000-7f265ec24000 rw-p 00059000 ca:00 24634 /usr/lib/libpcre.so.1.0.0
7f265ec24000-7f265ec39000 r-xp 00000000 ca:00 25809 /usr/lib/libz.so.1.2.6
7f265ec39000-7f265ee38000 ---p 00015000 ca:00 25809 /usr/lib/libz.so.1.2.6
7f265ee38000-7f265ee39000 r--p 00014000 ca:00 25809 /usr/lib/libz.so.1.2.6
7f265ee39000-7f265ee3a000 rw-p 00015000 ca:00 25809 /usr/lib/libz.so.1.2.6
7f265ee3a000-7f265ee76000 r-xp 00000000 ca:00 82158 /lib/libreadline.so.6.2
7f265ee76000-7f265f076000 ---p 0003c000 ca:00 82158 /lib/libreadline.so.6.2
7f265f076000-7f265f078000 r--p 0003c000 ca:00 82158 /lib/libreadline.so.6.2
7f265f078000-7f265f07e000 rw-p 0003e000 ca:00 82158 /lib/libreadline.so.6.2
7f265f07e000-7f265f080000 rw-p 00000000 00:00 0
7f265f080000-7f265f093000 r-xp 00000000 ca:00 2183188 /lib/libresolv-2.15.so
7f265f093000-7f265f293000 ---p 00013000 ca:00 2183188 /lib/libresolv-2.15.so
7f265f293000-7f265f294000 r--p 00013000 ca:00 2183188 /lib/libresolv-2.15.so
7f265f294000-7f265f295000 rw-p 00014000 ca:00 2183188 /lib/libresolv-2.15.so
7f265f295000-7f265f297000 rw-p 00000000 00:00 0
7f265f297000-7f265f2b8000 r-xp 00000000 ca:00 2183172 /lib/ld-2.15.so
7f265f397000-7f265f469000 rw-p 00000000 00:00 0
7f265f4aa000-7f265f4b0000 rw-p 00000000 00:00 0
7f265f4b4000-7f265f4b5000 rw-p 00000000 00:00 0
7f265f4b5000-7f265f4b6000 r--p 00000000 00:00 0
7f265f4b6000-7f265f4b7000 rw-p 00000000 00:00 0
7f265f4b7000-7f265f4b8000 r--p 00020000 ca:00 2183172 /lib/ld-2.15.soAborted

This task depends upon

Closed by Evangelos Foutras (foutrelis)
Friday, 23 March 2012, 12:21 GMT
Reason for closing: Fixed

Comment by Evangelos Foutras (foutrelis) - Thursday, 22 March 2012, 00:40 GMT

Confirmed on x86_64. I will rebuild php-memcached (and the other package that links to libmemcached, collectd); this seems to solve the issue.

Also reported upstream: https://bugs.launchpad.net/libmemcached/+bug/961812.

Comment by Evangelos Foutras (foutrelis) - Thursday, 22 March 2012, 00:47 GMT

Please confirm that the issue doesn't exist in php-memcached-2.0.1-2.

Comment by Rasmus Abrahamsen (Ralle) - Thursday, 22 March 2012, 14:36 GMT

I can confirm that it works properly now. Thanks for the quick fix.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux