Bug #60634 [Ver->Asn]: Segmentation fault when trying to die() in SessionHandler::write()

Fri, 03 Feb 2012 02:29:55 -0800 

Edit report at https://bugs.php.net/bug.php?id=60634&edit=1

 ID:                 60634
 Updated by:         tony2...@php.net
 Reported by:        bobwei9 at hotmail dot com
 Summary:            Segmentation fault when trying to die() in
                     SessionHandler::write()
-Status:             Verified
+Status:             Assigned
 Type:               Bug
 Package:            Reproducible crash
 Operating System:   Mac OS X 10.7
 PHP Version:        trunk-SVN-2012-01-01 (SVN)
-Assigned To:        
+Assigned To:        iliaa
 Block user comment: N
 Private report:     N



Previous Comments:
------------------------------------------------------------------------
[2012-01-04 11:43:38] ar...@php.net

Automatic comment from SVN on behalf of arpad
Revision: http://svn.php.net/viewvc/?view=revision&revision=321758
Log: add more tests for #60634 (stems from #21306) and xfail them all for the 
moment

------------------------------------------------------------------------
[2012-01-03 21:47:26] ar...@php.net

This is present in 5.3 too using the old style session_set_save_handler(). 
Seems to be related to the zend_try in php_session_flush().

------------------------------------------------------------------------
[2012-01-03 21:46:51] ar...@php.net

Automatic comment from SVN on behalf of arpad
Revision: http://svn.php.net/viewvc/?view=revision&revision=321733
Log: add test for #60634

------------------------------------------------------------------------
[2012-01-01 19:32:18] bobwei9 at hotmail dot com

Description:
------------
The apache or the CLI reports an segmentation fault while trying to die() or to 
exit() a script in the write method of a class which extends the SessionHandler 
class.

Test script:
---------------
<?php
class session_handler extends SessionHandler
{
        function close () {return true;}
        function destroy ($a) {return true;}
        function open ($a,$b) {return true;}
        function gc ($a) {return true;}
        function read ($a) {return "";}
        function write ($a,$b) {die();}
}
session_set_save_handler(new session_handler);
session_start();
session_write_close(); # apache segfaults
print "never appears?";

Actual result:
--------------
Apache/cli segfaults

Backtrace:

#0  0x000000010261de30 in zval_delref_p [inlined] () at 
/Users/.../php-src-trunk-20120101/Zend/zend.h:82
#1  0x000000010261de30 in i_zval_ptr_dtor [inlined] () at 
/Users/.../php-src-trunk-20120101/Zend/zend_execute.h:82
#2  0x000000010261de30 in zend_vm_stack_clear_multiple [inlined] () at 
/Users/.../php-src-trunk-20120101/Zend/zend_execute.h:339
#3  0x000000010261de30 in zend_do_fcall_common_helper_SPEC 
(execute_data=0x109a170d8) at zend_execute.c:736
#4  0x000000010262720e in ZEND_DO_FCALL_SPEC_CONST_HANDLER 
(execute_data=0x109a170d8) at zend_vm_execute.h:2215
#5  0x000000010261aec2 in execute (op_array=0x109a51d98) at 
zend_vm_execute.h:410
#6  0x00000001025c731b in zend_execute_scripts (type=8, retval=0x0, 
file_count=3) at zend.c:1272
#7  0x0000000102509153 in php_execute_script (primary_file=0x7fff6198ab60) at 
main.c:2476
#8  0x000000010279d153 in do_cli (argc=2, argv=0x7fff6198ae18) at php_cli.c:983
#9  0x000000010279ee95 in main (argc=2, argv=0x7fff6198ae18) at php_cli.c:1356



------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=60634&edit=1

Reply via email to