Created attachment 363130 [details] PHP script to reproduce the problem When selecting a moderate number of rows over ODBC, PHP commits suicide: $ php ssp-test.php Connected to database... *** stack smashing detected ***: php - terminated php: stack smashing attack in function <unknown> - terminated Report to http://bugs.gentoo.org/ Killed This appeared after a (simultaneous) upgrade to gcc-4.7.3-r1 and php-5.5.4. It also happens with php-5.5.5. To reproduce, you'll need a few things: 1) dev-db/unixODBC and dev-db/myodbc installed 2) dev-lang/php built with USE=odbc 3) A mysql database for testing 4) An entry in odbc.ini for the mysql database 5) A PHP script to pull some rows out of the database I can provide (3) through (5). The mysql database I'm using is called 'php_ssp_test', and it contains one table "drivers" and one column "driver". The data for this database can be found in php_ssp_test.sql, and you should be able to pipe it directly inti to mysql after you create the php_ssp_test database. The attached odbc.ini goes in /etc/unixODBC/odbc.ini and provides a DSN for the MySQL database. The script ssp-test.php will connect to that DSN as the MySQL "root" user with password "password" (all of this is easy to change). It will then select all records from the 'drivers' table and print them one at a time.
Created attachment 363132 [details] Sample odbc.ini configured for a local MySQL
Created attachment 363134 [details] mysqldump of the php_ssp_test database
I should mention a workaround: if you recompile php without SSP, it will work. So for example, # gcc-config -l [1] x86_64-pc-linux-gnu-4.7.3 * [2] x86_64-pc-linux-gnu-4.7.3-hardenednopie [3] x86_64-pc-linux-gnu-4.7.3-hardenednopiessp [4] x86_64-pc-linux-gnu-4.7.3-hardenednossp [5] x86_64-pc-linux-gnu-4.7.3-vanilla # gcc-config 4 # source /etc/profile
I'm updating my @system to gcc-4.7.3 to test this, stay tuned.
Fix the smashing attack insstead of disable ssp Recompile glibc with use debug then you should get note what function it happens. just turn ssp of is a only a short way to hide the problem for the code error may be expliteble.
The fix has been committed upstream and merged into the 5.4, 5.5, and 5.6 branches. Just waiting for a release now.
Ok, the fix is in 5.5.8 in the tree.