#24739 [Fbk->Opn]: php segfaults on non-initialized session variables

jullrich at euclidian dot com Mon, 21 Jul 2003 12:32:47 -0700

 ID:               24739
 User updated by:  jullrich at euclidian dot com
 Reported By:      jullrich at euclidian dot com
-Status:           Feedback
+Status:           Open
 Bug Type:         Reproducible crash
 Operating System: Linux 2.4.21, Solaris
 PHP Version:      4.3.2
 New Comment:


the most recent 'STABLE' version (php4-STABLE-200307211730)
did not solve the problem:

php4-STABLE-200307211730/sapi/cli/php -n x2
Segmentation fault

running it in gdb yields as a backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x08145c53 in _efree (ptr=0x81e5704)
    at /usr/local/src/php4-STABLE-200307211730/Zend/zend_alloc.c:259
259             REMOVE_POINTER_FROM_LIST(p);
(gdb) bt
#0  0x08145c53 in _efree (ptr=0x81e5704)
    at /usr/local/src/php4-STABLE-200307211730/Zend/zend_alloc.c:259
#1  0x080b7461 in migrate_global (ht=0x8236ed0, pos=0xbfffda38)
    at
/usr/local/src/php4-STABLE-200307211730/ext/session/session.c:640
#2  0x080b760f in php_session_save_current_state ()
    at
/usr/local/src/php4-STABLE-200307211730/ext/session/session.c:670
#3  0x080b9c71 in php_session_flush ()
    at
/usr/local/src/php4-STABLE-200307211730/ext/session/session.c:1593
#4  0x080b9c87 in zm_deactivate_session (type=1, module_number=7)
    at
/usr/local/src/php4-STABLE-200307211730/ext/session/session.c:1607
#5  0x08155a91 in module_registry_cleanup (module=0x0)
    at /usr/local/src/php4-STABLE-200307211730/Zend/zend_API.c:1167
#6  0x08157a49 in zend_hash_apply (ht=0x81e5a80,
    apply_func=0x8155a60 <module_registry_cleanup>)
    at /usr/local/src/php4-STABLE-200307211730/Zend/zend_hash.c:688
#7  0x08153220 in zend_deactivate_modules ()
    at /usr/local/src/php4-STABLE-200307211730/Zend/zend.c:650
#8  0x0812cb4e in php_request_shutdown (dummy=0x0)
    at /usr/local/src/php4-STABLE-200307211730/main/main.c:981
#9  0x081648b4 in main (argc=3, argv=0xbfffe264)
    at /usr/local/src/php4-STABLE-200307211730/sapi/cli/php_cli.c:874
#10 0x420156a4 in __libc_start_main () from /lib/tls/libc.so.6


Previous Comments:
------------------------------------------------------------------------

[2003-07-21 14:16:28] [EMAIL PROTECTED]

Please try using this CVS snapshot:

  http://snaps.php.net/php4-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-STABLE-latest.zip



------------------------------------------------------------------------

[2003-07-21 11:45:37] jullrich at euclidian dot com

Description:
------------
If a '$_SESSION' variable is used for a new session,
it will crash php. This bug has also been reported for
Solaris (bug ID 24592) and the recent RC version of php.
Happens with apache module or command line.

Reproduce code:
---------------
source code:

<?php
 
session_start();
 
$foo = $_SESSION['foo'];
$bar = $_SESSION['bar'];
 
$_SESSION['foo'] = $foo;
$_SESSION['bar'] = $bar;
 
?>


run: php -n filename.php


Expected result:
----------------
no output other than maybe session errors as this is executed from the
command line.

Actual result:
--------------
Segmentation Fault.

Warning: session_start(): Cannot send session cookie - headers already
sent in /home/jullrich/x2 on line 3
 
Warning: session_start(): Cannot send session cache limiter - headers
already sent (output started at /home/jullrich/x2:3) in
/home/jullrich/x2 on line 3
Segmentation fault

Backtrace:

#0  0x0813f96b in _efree (ptr=0x81dda04)
    at /usr/local/src/php-4.3.2/Zend/zend_alloc.c:259
#1  0x080b33b1 in migrate_global (ht=0x822fb68, pos=0xbfffd378)
    at /usr/local/src/php-4.3.2/ext/session/session.c:640
#2  0x080b355f in php_session_save_current_state ()
    at /usr/local/src/php-4.3.2/ext/session/session.c:670
#3  0x080b5ba9 in php_session_flush ()
    at /usr/local/src/php-4.3.2/ext/session/session.c:1591
#4  0x080b5bbf in zm_deactivate_session (type=1, module_number=7)
    at /usr/local/src/php-4.3.2/ext/session/session.c:1605
#5  0x0814f71d in module_registry_cleanup (module=0x0)
    at /usr/local/src/php-4.3.2/Zend/zend_API.c:1167
#6  0x081516d5 in zend_hash_apply (ht=0x81ddd80,
    apply_func=0x814f6ec <module_registry_cleanup>)
    at /usr/local/src/php-4.3.2/Zend/zend_hash.c:688
#7  0x0814ceac in zend_deactivate_modules ()
    at /usr/local/src/php-4.3.2/Zend/zend.c:634
#8  0x08126a7e in php_request_shutdown (dummy=0x0)
    at /usr/local/src/php-4.3.2/main/main.c:971
#9  0x0815e488 in main (argc=3, argv=0xbfffdba4)
    at /usr/local/src/php-4.3.2/sapi/cli/php_cli.c:862
#10 0x420156a4 in __libc_start_main () from /lib/tls/libc.so.6



------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=24739&edit=1

#24739 [Fbk->Opn]: php segfaults on non-initialized session variables

Reply via email to