From nobody@FreeBSD.org  Thu Sep 14 16:11:26 2006
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9CE7C16A494
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 14 Sep 2006 16:11:26 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5027A43D79
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 14 Sep 2006 16:11:21 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id k8EGBHtJ065064
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 14 Sep 2006 16:11:18 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id k8EGBHEq065062;
	Thu, 14 Sep 2006 16:11:17 GMT
	(envelope-from nobody)
Message-Id: <200609141611.k8EGBHEq065062@www.freebsd.org>
Date: Thu, 14 Sep 2006 16:11:17 GMT
From: Stefan Esser <sesser@hardened-php.net>
To: freebsd-gnats-submit@FreeBSD.org
Subject: crash inside dlclose() on shared library unload
X-Send-Pr-Version: www-2.3

>Number:         103271
>Category:       kern
>Synopsis:       [libc] crash inside dlclose() on shared library unload
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Sep 14 16:20:20 GMT 2006
>Closed-Date:    Tue Apr 24 03:24:02 GMT 2007
>Last-Modified:  Tue Jan  1 11:50:00 UTC 2008
>Originator:     Stefan Esser
>Release:        FreeBSD 5.5/6.1 x86/amd64
>Organization:
Hardened-PHP Project
>Environment:
>Description:
There seems to be a problem in dlclose()
When the shared library from security/php-suhosin is loaded AFTER pspell.so
from lang/php5-extensions apache won't start because it will dlclose()
suhosin.so and crash inside _fini of suhosin.

This only happens when suhosin.so is loaded AFTER pspell.so. This only
happens on FreeBSD (not on linux) and it seems that only pspell.so is
affected. Because of this I suspect that this combination triggers a bug
inside the dynamic linker.


>How-To-Repeat:
Install lang/php5
Install lang/php5-extension  (only pspell extension)
Install security/php-suhosin
>Fix:
Load suhosin.so before pspell.so inside /usr/local/etc/php/extensions.ini
>Release-Note:
>Audit-Trail:

From: Kris Kennaway <kris@obsecurity.org>
To: Stefan Esser <sesser@hardened-php.net>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: misc/103271: crash inside dlclose() on shared library unload
Date: Thu, 14 Sep 2006 15:25:10 -0400

 --mxv5cy4qt+RJ9ypb
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable
 
 On Thu, Sep 14, 2006 at 04:11:17PM +0000, Stefan Esser wrote:
 
 > There seems to be a problem in dlclose()
 > When the shared library from security/php-suhosin is loaded AFTER pspell.=
 so from lang/php5-extensions apache won't start because it will dlclose() s=
 uhosin.so and crash inside _fini of suhosin.
 >=20
 > This only happens when suhosin.so is loaded AFTER pspell.so. This only ha=
 ppens on FreeBSD (not on linux) and it seems that only pspell.so is affecte=
 d. Because of this I suspect that this combination triggers a bug inside th=
 e dynamic linker.
 >=20
 >=20
 > >How-To-Repeat:
 > Install lang/php5
 > Install lang/php5-extension  (only pspell extension)
 > Install security/php-suhosin
 > >Fix:
 > Load suhosin.so before pspell.so inside /usr/local/etc/php/extensions.ini
 
 Can you try to obtain a traceback with debugging symbols?
 
 Kris
 
 --mxv5cy4qt+RJ9ypb
 Content-Type: application/pgp-signature
 Content-Disposition: inline
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.5 (FreeBSD)
 
 iD8DBQFFCayVWry0BWjoQKURAja0AJ9dUs954Kl6OR+UdGcrxg7VfAG0DgCgxLQL
 eltEWBmoIWmMILxb9HuFcKQ=
 =szdE
 -----END PGP SIGNATURE-----
 
 --mxv5cy4qt+RJ9ypb--
State-Changed-From-To: open->feedback 
State-Changed-By: linimon 
State-Changed-When: Mon Sep 25 09:08:40 UTC 2006 
State-Changed-Why:  
Note that feedback was asked for. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=103271 
State-Changed-From-To: feedback->closed 
State-Changed-By: linimon 
State-Changed-When: Tue Apr 24 03:23:34 UTC 2007 
State-Changed-Why:  
Feedback timeout (> 6 months). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=103271 

From: Alex Dupre <ale@FreeBSD.org>
To: bug-followup@FreeBSD.org, sesser@hardened-php.net
Cc:  
Subject: Re: kern/103271: [libc] crash inside dlclose() on shared library
 unload
Date: Tue, 01 Jan 2008 12:42:08 +0100

 I think it may be a gcc 3.4.6 bug. Compiling the ports with gcc 4.2.3
 snapshot doesn't trigger the issue.
 
 Anyway, this is the backtrace:
 
 #0  0x00000000 in ?? ()
 #1  0x287eeac4 in __do_global_dtors_aux () from
 /usr/local/lib/php/20060613-debug/suhosin.so
 #2  0x2880d87c in _fini () from /usr/local/lib/php/20060613-debug/suhosin.so
 #3  0x282b5160 in ?? () from /libexec/ld-elf.so.1
 #4  0x282b5018 in ?? () from /libexec/ld-elf.so.1
 #5  0xbfbfe558 in ?? ()
 #6  0x28293c00 in elf_hash () from /libexec/ld-elf.so.1
 #7  0x28293eb9 in elf_hash () from /libexec/ld-elf.so.1
 #8  0x285f52af in __cxa_finalize () from /lib/libc.so.6
 #9  0x285f4f0a in exit () from /lib/libc.so.6
 #10 0x0820666e in main (argc=2, argv=0xbfbfe7b0) at
 /usr/ports/lang/php5/work/php-5.2.5/sapi/cli/php_cli.c:1348
 
 --
 Ale
>Unformatted:
