#24739 [NEW]: php segfaults on non-initialized session variables

jullrich at euclidian dot com Mon, 21 Jul 2003 09:44:01 -0700

From:             jullrich at euclidian dot com
Operating system: Linux 2.4.21, Solaris
PHP version:      4.3.2
PHP Bug Type:     Reproducible crash
Bug description:  php segfaults on non-initialized session variables


Description:
------------
If a '$_SESSION' variable is used for a new session,
it will crash php. This bug has also been reported for
Solaris (bug ID 24592) and the recent RC version of php.
Happens with apache module or command line.

Reproduce code:
---------------
source code:

<?php
 
session_start();
 
$foo = $_SESSION['foo'];
$bar = $_SESSION['bar'];
 
$_SESSION['foo'] = $foo;
$_SESSION['bar'] = $bar;
 
?>


run: php -n filename.php


Expected result:
----------------
no output other than maybe session errors as this is executed from the
command line.

Actual result:
--------------
Segmentation Fault.

Warning: session_start(): Cannot send session cookie - headers already
sent in /home/jullrich/x2 on line 3
 
Warning: session_start(): Cannot send session cache limiter - headers
already sent (output started at /home/jullrich/x2:3) in /home/jullrich/x2
on line 3
Segmentation fault

Backtrace:

#0  0x0813f96b in _efree (ptr=0x81dda04)
    at /usr/local/src/php-4.3.2/Zend/zend_alloc.c:259
#1  0x080b33b1 in migrate_global (ht=0x822fb68, pos=0xbfffd378)
    at /usr/local/src/php-4.3.2/ext/session/session.c:640
#2  0x080b355f in php_session_save_current_state ()
    at /usr/local/src/php-4.3.2/ext/session/session.c:670
#3  0x080b5ba9 in php_session_flush ()
    at /usr/local/src/php-4.3.2/ext/session/session.c:1591
#4  0x080b5bbf in zm_deactivate_session (type=1, module_number=7)
    at /usr/local/src/php-4.3.2/ext/session/session.c:1605
#5  0x0814f71d in module_registry_cleanup (module=0x0)
    at /usr/local/src/php-4.3.2/Zend/zend_API.c:1167
#6  0x081516d5 in zend_hash_apply (ht=0x81ddd80,
    apply_func=0x814f6ec <module_registry_cleanup>)
    at /usr/local/src/php-4.3.2/Zend/zend_hash.c:688
#7  0x0814ceac in zend_deactivate_modules ()
    at /usr/local/src/php-4.3.2/Zend/zend.c:634
#8  0x08126a7e in php_request_shutdown (dummy=0x0)
    at /usr/local/src/php-4.3.2/main/main.c:971
#9  0x0815e488 in main (argc=3, argv=0xbfffdba4)
    at /usr/local/src/php-4.3.2/sapi/cli/php_cli.c:862
#10 0x420156a4 in __libc_start_main () from /lib/tls/libc.so.6


-- 
Edit bug report at http://bugs.php.net/?id=24739&edit=1
-- 
Try a CVS snapshot (php4):  http://bugs.php.net/fix.php?id=24739&r=trysnapshot4
Try a CVS snapshot (php5):  http://bugs.php.net/fix.php?id=24739&r=trysnapshot5
Fixed in CVS:               http://bugs.php.net/fix.php?id=24739&r=fixedcvs
Fixed in release:           http://bugs.php.net/fix.php?id=24739&r=alreadyfixed
Need backtrace:             http://bugs.php.net/fix.php?id=24739&r=needtrace
Try newer version:          http://bugs.php.net/fix.php?id=24739&r=oldversion
Not developer issue:        http://bugs.php.net/fix.php?id=24739&r=support
Expected behavior:          http://bugs.php.net/fix.php?id=24739&r=notwrong
Not enough info:            http://bugs.php.net/fix.php?id=24739&r=notenoughinfo
Submitted twice:            http://bugs.php.net/fix.php?id=24739&r=submittedtwice
register_globals:           http://bugs.php.net/fix.php?id=24739&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=24739&r=php3
Daylight Savings:           http://bugs.php.net/fix.php?id=24739&r=dst
IIS Stability:              http://bugs.php.net/fix.php?id=24739&r=isapi
Install GNU Sed:            http://bugs.php.net/fix.php?id=24739&r=gnused

#24739 [NEW]: php segfaults on non-initialized session variables

Reply via email to