From: jibe at sdf dot lonestar dot org Operating system: FreeBSD 5.2.1 PHP version: 4.3.10 PHP Bug Type: Reproducible crash Bug description: Crash related to php_session_start and configuration
Description: ------------ hi gang, using the "session" extension was crashing apache here, making drupal and other software unusable. With session.save_handler set to "user" in php.ini, I can see that "save_path" arrives as 0x0 in "ps_open_user" in mod_user, and apache crashes. My fix for now is to hardcode this PS(save_path) = malloc(strlen("/tmp/") + 1); strcpy(PS(save_path), "/tmp/"); in session.c, and things work fine. Unfortunately I have no expertise to track this bug much more. Cheers! Reproduce code: --------------- Use drupal.. Expected result: ---------------- Apache crashes, and your dmesg is full of [...] pid 99709 (httpd), uid 80: exited on signal 11 [...] Actual result: -------------- Attaching httpd with gdb (session module compiled in debug mode): (gdb) (gdb) continue Continuing. Program received signal SIGSEGV, Segmentation fault. 0x2906b8bf in ps_open_user (mod_data=0xffffff00, save_path=0x0, session_name=0x85b12ac "POSTNUKESID") at /usr/ports/www/php4-session/work/php-4.3.10/ext/session/mod_user.c:95 95 SESS_ZVAL_STRING(save_path, args[0]); -- Edit bug report at http://bugs.php.net/?id=31212&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=31212&r=trysnapshot4 Try a CVS snapshot (php5.0): http://bugs.php.net/fix.php?id=31212&r=trysnapshot50 Try a CVS snapshot (php5.1): http://bugs.php.net/fix.php?id=31212&r=trysnapshot51 Fixed in CVS: http://bugs.php.net/fix.php?id=31212&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=31212&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=31212&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=31212&r=needscript Try newer version: http://bugs.php.net/fix.php?id=31212&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=31212&r=support Expected behavior: http://bugs.php.net/fix.php?id=31212&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=31212&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=31212&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=31212&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=31212&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=31212&r=dst IIS Stability: http://bugs.php.net/fix.php?id=31212&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=31212&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=31212&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=31212&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=31212&r=mysqlcfg