Edit report at http://bugs.php.net/bug.php?id=51159&edit=1
ID: 51159 Comment by: info at das-peter dot ch Reported by: achristianson at yakabod dot com Summary: session_set_save_handler Memory Corruption Status: Open Type: Bug Package: Scripting Engine problem Operating System: CentOS 5.4 PHP Version: 5.3.1 New Comment: Hi there, can confirm this behavior with gc enabled/disabled. My current installation: php 5.3.2 for win x86 [API220090626,TS,VC6 ] Compiler VC6, thread safe Run under Apache 2.2 Cheers, Peter Previous Comments: ------------------------------------------------------------------------ [2010-03-01 12:46:00] achristianson at yakabod dot com We tried with GC off and we get the same result. ------------------------------------------------------------------------ [2010-02-28 16:52:02] j...@php.net Try turn garbage collection of so we know if it's that.. zend.enable_gc = off, IIRC. :) ------------------------------------------------------------------------ [2010-02-26 19:08:01] achristianson at yakabod dot com We tried this with Zend MM and garbage collection turned on and off. No change in result. ------------------------------------------------------------------------ [2010-02-26 18:49:11] achristianson at yakabod dot com Small typo: I put 5.2.1 and 5.2.3RC3 text along with my backtraces. I meant to type 5.3.1 and 5.3.2RC3 respectively. ------------------------------------------------------------------------ [2010-02-26 18:39:55] achristianson at yakabod dot com Description: ------------ Use of session_set_save_handler seems to cause memory corruption under certain conditions. Inside of _write, there is code that causes a fatal error. The corruption seems to not happen if this is removed. I get the problem in both 5.3.1 and 5.3.2RC3 Reproduce code: --------------- <?php session_set_save_handler('_open', '_close', '_read', '_write', '_destroy', '_gc'); session_start(); session_write_close(); function _write() { self::$x = null; } function _destroy() {} function _gc() {} function _open() {} function _close() {} function _read() {} for($i = 0; $i < 10000; $i++) { $exampleArray[] = new C(); } class C { } Expected result: ---------------- No segmentation fault Actual result: -------------- 5.2.1 backtrace: Program received signal SIGSEGV, Segmentation fault. 0x014899c0 in ZEND_ASSIGN_SPEC_CV_CONST_HANDLER (execute_data=0x9a6ee80) at /root/php-5.3.1/Zend/zend_execute.c:302 302 zval ***ptr = &CV_OF(node->u.var); (gdb) bt #0 0x014899c0 in ZEND_ASSIGN_SPEC_CV_CONST_HANDLER (execute_data=0x9a6ee80) at /root/php-5.3.1/Zend/zend_execute.c:302 #1 0x0142d55d in execute (op_array=0x9a0e260) at /root/php- 5.3.1/Zend/zend_vm_execute.h:104 #2 0x0140bd57 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/php-5.3.1/Zend/zend.c:1194 #3 0x013bbf4e in php_execute_script (primary_file=0xbfa7c8c0) at /root/php-5.3.1/main/main.c:2225 #4 0x0148ad2b in php_handler (r=0x9a56160) at /root/php- 5.3.1/sapi/apache2handler/sapi_apache2.c:648 #5 0x08077bf3 in ap_invoke_handler () #6 0x080868df in ap_process_request () #7 0x080839e8 in ?? () #8 0x09a56160 in ?? () #9 0x00000004 in ?? () #10 0x09a56160 in ?? () #11 0x0987c2f8 in ?? () #12 0x00000002 in ?? () #13 0x09a43be8 in ?? () #14 0xbfa7c9c8 in ?? () #15 0x0807ff45 in ap_process_connection () 5.2.3RC3 backtrace: Program received signal SIGSEGV, Segmentation fault. _zval_ptr_dtor (zval_ptr=0xbf900928) at /root/php- 5.3.2RC3/Zend/zend.h:385 385 return --pz->refcount__gc; (gdb) bt #0 _zval_ptr_dtor (zval_ptr=0xbf900928) at /root/php- 5.3.2RC3/Zend/zend.h:385 #1 0x014674fc in zend_do_fcall_common_helper_SPEC (execute_data=0x8558d30) at /root/php-5.3.2RC3/Zend/zend_execute.h:316 #2 0x01441b3d in execute (op_array=0x84f66d0) at /root/php- 5.3.2RC3/Zend/zend_vm_execute.h:104 #3 0x01420207 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/php-5.3.2RC3/Zend/zend.c:1194 #4 0x013cfe7e in php_execute_script (primary_file=0xbf902c10) at /root/php-5.3.2RC3/main/main.c:2260 #5 0x0149f22b in php_handler (r=0x853e5b8) at /root/php- 5.3.2RC3/sapi/apache2handler/sapi_apache2.c:655 #6 0x08077bf3 in ap_invoke_handler () #7 0x080868df in ap_process_request () #8 0x080839e8 in ?? () #9 0x0853e5b8 in ?? () #10 0x00000004 in ?? () #11 0x0853e5b8 in ?? () #12 0x08388758 in ?? () #13 0x00000002 in ?? () #14 0x0852c040 in ?? () #15 0xbf902d18 in ?? () #16 0x0807ff45 in ap_process_connection () ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=51159&edit=1