severity 694473 grave reassign 694473 libapache2-mod-php5 retitle 694473 session extension causes endless recursion after graceful reload found 694473 5.4.4-10 thanks
This is an endless recursion resulting in a stack overflow: #0 0xb5be0283 in php_session_rfc1867_callback (event=<unknown type>, event_data=0x0, extra=0xbfd43a70) at /build/buildd-php5_5.4.4-10-i386- SZuNyZ/php5-5.4.4/ext/session/session.c:2388 ... #82550 0xb5be0283 in php_session_rfc1867_callback (event=<unknown type>, event_data=0x0, extra=0xbfd43a70) at /build/buildd-php5_5.4.4-10- i386-SZuNyZ/php5-5.4.4/ext/session/session.c:2388 ... It always happens after there has been an graceful reload (i.e. /etc/init.d/apache2 reload), so it will break after every logrotate (therefore bumping severity). The attached patch is a hack to workaround the issue, but it is not a complete fix: If there is another plugin setting php_rfc1867_callback and using the same logic, there will again be an endless recursion (but this time alternating between two functions). I am not familiar enough with php to know what the correct fix would be. Maybe it should just set a flag during the first time PHP_MINIT_FUNCTION(session) is called and do nothing the second time around. Or maybe mod_php should make sure that the static data is re-initialized again.
--- php5-5.4.4.orig/ext/session/session.c +++ php5-5.4.4/ext/session/session.c @@ -2192,8 +2192,10 @@ #ifdef HAVE_LIBMM PHP_MINIT(ps_mm) (INIT_FUNC_ARGS_PASSTHRU); #endif - php_session_rfc1867_orig_callback = php_rfc1867_callback; - php_rfc1867_callback = php_session_rfc1867_callback; + if (php_rfc1867_callback != php_session_rfc1867_callback) { + php_session_rfc1867_orig_callback = php_rfc1867_callback; + php_rfc1867_callback = php_session_rfc1867_callback; + } /* Register interface */ INIT_CLASS_ENTRY(ce, PS_IFACE_NAME, php_session_iface_functions);