canary mismatch on efree() – heap overflow / script tried to increase memory

  • priitsalumaa

    (@priitsalumaa)


    13 years, 10 months ago

    Hi,

    I have a following problem:

    I’m trying out the WP 3.0RC2 (no additional plugins or themes) and the admin dashboard breaks. Namely, the following menu items display a blank page under wp-admin:
    * Links->Links
    * Links->Link Categories
    * Appearance->Menus
    * Users

    It seems to be caused by problems with heap overflow and WP increasing the memory above the limit set for PHP (it’s 64MB).

    Examples from Appache error log:

    [Fri Jun 11 13:11:49 2010] [error] [client 90.190.xxx.xxx] ALERT – script tried to increase memory_limit to 268435456 bytes which is above the allowed value (attacker ‘90.190.xxx.xxx’, file ‘/var/www/www.xxxxx.ee/wp-admin/admin.php’, line 96), referer: http://www.xxxxx.ee/wp-admin/
    [Fri Jun 11 13:11:49 2010] [error] [client 90.190.xxx.xxx] ALERT – canary mismatch on efree() – heap overflow detected (attacker ‘90.190.xxx.xxx’, file ‘/var/www/www.xxxxx.ee/wp-admin/includes/template.php’, line 3557), referer: http://www.xxxxx.ee/wp-admin/

    [Fri Jun 11 13:12:16 2010] [error] [client 90.190.xxx.xxx] ALERT – script tried to increase memory_limit to 268435456 bytes which is above the allowed value (attacker ‘90.190.xxx.xxx’, file ‘/var/www/www.xxxxx.ee/wp-admin/admin.php’, line 96), referer: http://www.xxxxx.ee/wp-admin/link-manager.php
    [Fri Jun 11 13:12:16 2010] [error] [client 90.190.xxx.xxx] ALERT – canary mismatch on efree() – heap overflow detected (attacker ‘90.190.xxx.xxx’, file ‘/var/www/www.xxxxx.ee/wp-admin/includes/template.php’, line 3557), referer: http://www.xxxxx.ee/wp-admin/link-manager.php

    [Fri Jun 11 13:12:23 2010] [error] [client 90.190.xxx.xxx] ALERT – script tried to increase memory_limit to 268435456 bytes which is above the allowed value (attacker ‘90.190.xxx.xxx’, file ‘/var/www/www.xxxxx.ee/wp-admin/admin.php’, line 96), referer: http://www.xxxxx.ee/wp-admin/index.php

    The same errors are reported when I use the nightly build.

    My questions hereby are:

    * Is there possibly a bug in WP 3.0 code causing memory corruption (read the: http://www.suspekt.org/2008/10/12/suhosin-canary-mismatch-on-efree-heap-overflow-detected/)

    * Is there any solution to this, which does not require increasing the memory limit of the server (configuration of the server, increasing memory limits is out of my authority and reach).

    Any suggestions or info are welcome.

    Cheers,
    Priit Salumaa

  • The topic ‘canary mismatch on efree() – heap overflow / script tried to increase memory’ is closed to new replies.