Site icon Mostly Harmless

Beware the canary mismatch on efree monster

For traffic logs, I use Clicky Web Analytics and take a look from time to time. See that flat dark blue line? Around noon on December 3rd my blog stopped serving web pages and it was not until about 5 hours later that I noticed it. I don’t get a lot of traffic but I do like my blog to be working.

It wasn’t that my VPS went nuts, the CPU usage was fine. What was happening was that my PHP interpreter was tossing hundreds of these errors.

[Thu Dec 03 12:17:27 2009] [error] [client 66.249.71.233] ALERT - canary mismatch on efree() - heap overflow detected

Not cool and until I restarted Apache2, my blog was not serving anything. PHP just kept blowing up. This has been an ongoing problem for me that has been attributed to the Suhosin PHP security patch and I had not found the magic bullet to fix.

I’m not going to disable the hardened PHP. That’s like turning off the safety switch on an excercise treadmill. It’s juts not safe.

As a work around I have done the following: I activated the WP Super Cache plugin, removed the Xcache op cache I setup, and disabled the ssh2 PHP extension I installed.

The WP Super Cache created static HTML pages for your dynamic content.  It does cache expiration, garbage collection, etc. and limits the amount of time PHP needs to be run.

The XCache was a hold over from when I was running my blog on a Pentium II.  The VPS I use is very responsive and losing it does not hurt me.  Using the Pingdom tools I can see that I still get a good response from my web server.

Losing the ssh2 was easy; I only added it to my PHP to be able to answer a WordPress support forum questions. I never use it. I’ll look for any other PHP extensions that I added as a “what the hell” but so far so good. No more canary mismatch errors as yet.

Exit mobile version