ID: 27263 Updated by: [EMAIL PROTECTED] Reported By: davojan at mail dot ru Status: Feedback Bug Type: Session related Operating System: FreeBSD 4.7-RELEASE PHP Version: 5.0.0b4 (beta4) New Comment:
Nevermind, could reproduce. Only happens without --enable-debug! Here's the backtrace: _efree Zend/zend_alloc.c:257 257 CALCULATE_REAL_SIZE_AND_CACHE_INDEX(p->size); (gdb) bt #0 _efree (ptr=0x61775f5f) at Zend/zend_alloc.c:257 #1 0x4038b383 in _zval_dtor (zvalue=0x82b73c4) at Zend/zend_variables.c:45 #2 0x40384141 in _zval_ptr_dtor (zval_ptr=0xbfffcb00) at Zend/zend_execute_API.c:359 #3 0x4034a36b in php_var_unserialize (rval=0xbfffcb00, p=0xbfffcb04, max=0x82b630e "", var_hash=0xbfffcb08) at var_unserializer.re:293 #4 0x402b7f29 in ps_srlzr_decode_php (val=0x61775f5f <Address 0x61775f5f out of bounds>, vallen=50) at ext/session/session.c:502 #5 0x402b81dd in php_session_decode (val=0x82b62dc "foo|O:3:\"foo\":1:{s:3:\"bar\";O:3:\"bar\":0:{}}bar|r:2;", vallen=50) at ext/session/session.c:549 #6 0x402b8646 in php_session_initialize () at ext/session/session.c:730 #7 0x402b9a13 in php_session_start () at ext/session/session.c:1162 #8 0x402bb031 in zif_session_start (ht=0, return_value=0x82b6004, this_ptr=0x0, return_value_used=0) at ext/session/session.c:1601 #9 0x403a9c96 in zend_do_fcall_common_helper (execute_data=0xbfffced0, opline=0x82b5e14, op_array=0x82af144) at Zend/zend_execute.c:2642 #10 0x403a9dce in zend_do_fcall_handler (execute_data=0xbfffced0, opline=0x82b5e14, op_array=0x82af144) at Zend/zend_execute.c:2771 #11 0x403a68eb in execute (op_array=0x82af144) at Zend/zend_execute.c:1339 #12 0x4038cdfd in zend_execute_scripts (type=8, retval=0x0, file_count=3) at Zend/zend.c:1052 #13 0x4035ca96 in php_execute_script (primary_file=0xbffff220) at main/main.c:1647 #14 0x403afc2e in apache_php_module_main (r=0x832503c, display_source_mode=0) at sapi/apache/sapi_apache.c:54 #15 0x403b0629 in send_php (r=0x832503c, display_source_mode=0, filename=0x0) at sapi/apache/mod_php5.c:621 Previous Comments: ------------------------------------------------------------------------ [2004-02-16 21:12:59] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5-latest.tar.gz For Windows: http://snaps.php.net/win32/php5-win32-latest.zip I can not reproduce this crash with latest CVS.. ------------------------------------------------------------------------ [2004-02-16 17:38:33] davojan at mail dot ru Sorry, but when I add --enable-debug to my configure the bug "dissapeared", the example script worked fine. The crashe takes place only in the debugless version, it's backtrace hardly can help you: Program terminated with signal 10, Bus error. .//usr/local/lib/php/20020429/templates.so: No such file or directory. #0 0x2860f780 in ?? () from /usr/local/libexec/apache/libphp5.so (gdb) bt #0 0x2860f780 in ?? () from /usr/local/libexec/apache/libphp5.so #1 0x8050416 in ap_clear_pool () #2 0x8050478 in ap_destroy_pool () #3 0x80503eb in ap_clear_pool () #4 0x8050478 in ap_destroy_pool () #5 0x805b190 in clean_parent_exit () #6 0x805d84d in standalone_main () #7 0x805dcab in main () #8 0x804fc39 in _start () It is a bad sign, it may mean buffer overflow anywhere in the program, i suppose. It may be difficult to find the bug. I'm ready to provide any help in catching it... ------------------------------------------------------------------------ [2004-02-15 16:05:23] [EMAIL PROTECTED] Thank you for this bug report. To properly diagnose the problem, we need a backtrace to see what is happening behind the scenes. To find out how to generate a backtrace, please read http://bugs.php.net/bugs-generating-backtrace.php Once you have generated a backtrace, please submit it to this bug report and change the status back to "Open". Thank you for helping us make PHP better. ------------------------------------------------------------------------ [2004-02-15 13:31:17] davojan at mail dot ru Description: ------------ PHP crashes on session_start() if object "foo" references to object "bar" and both "foo" and "bar" are put into session explicitly each into it's element. The example below will work if we comment line: $_SESSION['bar'] = $bar; the only one "foo" is put to session explicitly and "bar" is also put, but as a member of "foo". Reproduce code: --------------- <? class foo { public $bar = NULL; } class bar {} //=============================[] $foo = new foo(); $bar = new bar(); $foo->bar = $bar; session_start(); $_SESSION['foo'] = $foo; $_SESSION['bar'] = $bar; // it will be all right, if we comment this session_write_close(); session_start(); // crashing here echo "OK"; ?> Expected result: ---------------- OK Actual result: -------------- In browser: "The page cannot be displayed" In /var/log/httpd-error.log: [Sun Feb 15 21:21:22 2004] [notice] child pid 230 exit signal Segmentation fault (11) ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=27263&edit=1