ID: 27263
Updated by: [EMAIL PROTECTED]
Reported By: davojan at mail dot ru
-Status: Feedback
+Status: Verified
Bug Type: Session related
Operating System: FreeBSD 4.7-RELEASE
PHP Version: 5.0.0b4 (beta4)
Previous Comments:
------------------------------------------------------------------------
[2004-02-16 21:59:42] [EMAIL PROTECTED]
Nevermind, could reproduce. Only happens without --enable-debug! Here's
the backtrace:
_efree Zend/zend_alloc.c:257
257 CALCULATE_REAL_SIZE_AND_CACHE_INDEX(p->size);
(gdb) bt
#0 _efree (ptr=0x61775f5f) at Zend/zend_alloc.c:257
#1 0x4038b383 in _zval_dtor (zvalue=0x82b73c4) at
Zend/zend_variables.c:45
#2 0x40384141 in _zval_ptr_dtor (zval_ptr=0xbfffcb00) at
Zend/zend_execute_API.c:359
#3 0x4034a36b in php_var_unserialize (rval=0xbfffcb00, p=0xbfffcb04,
max=0x82b630e "", var_hash=0xbfffcb08)
at var_unserializer.re:293
#4 0x402b7f29 in ps_srlzr_decode_php (val=0x61775f5f <Address
0x61775f5f out of bounds>, vallen=50)
at ext/session/session.c:502
#5 0x402b81dd in php_session_decode (val=0x82b62dc
"foo|O:3:\"foo\":1:{s:3:\"bar\";O:3:\"bar\":0:{}}bar|r:2;",
vallen=50) at ext/session/session.c:549
#6 0x402b8646 in php_session_initialize () at
ext/session/session.c:730
#7 0x402b9a13 in php_session_start () at ext/session/session.c:1162
#8 0x402bb031 in zif_session_start (ht=0, return_value=0x82b6004,
this_ptr=0x0, return_value_used=0)
at ext/session/session.c:1601
#9 0x403a9c96 in zend_do_fcall_common_helper (execute_data=0xbfffced0,
opline=0x82b5e14, op_array=0x82af144)
at Zend/zend_execute.c:2642
#10 0x403a9dce in zend_do_fcall_handler (execute_data=0xbfffced0,
opline=0x82b5e14, op_array=0x82af144)
at Zend/zend_execute.c:2771
#11 0x403a68eb in execute (op_array=0x82af144) at
Zend/zend_execute.c:1339
#12 0x4038cdfd in zend_execute_scripts (type=8, retval=0x0,
file_count=3) at Zend/zend.c:1052
#13 0x4035ca96 in php_execute_script (primary_file=0xbffff220) at
main/main.c:1647
#14 0x403afc2e in apache_php_module_main (r=0x832503c,
display_source_mode=0)
at sapi/apache/sapi_apache.c:54
#15 0x403b0629 in send_php (r=0x832503c, display_source_mode=0,
filename=0x0)
at sapi/apache/mod_php5.c:621
------------------------------------------------------------------------
[2004-02-16 17:38:33] davojan at mail dot ru
Sorry, but when I add --enable-debug to my configure the bug
"dissapeared", the example script worked fine. The crashe takes place
only in the debugless version, it's backtrace hardly can help you:
Program terminated with signal 10, Bus error.
.//usr/local/lib/php/20020429/templates.so: No such file or directory.
#0 0x2860f780 in ?? () from /usr/local/libexec/apache/libphp5.so
(gdb) bt
#0 0x2860f780 in ?? () from /usr/local/libexec/apache/libphp5.so
#1 0x8050416 in ap_clear_pool ()
#2 0x8050478 in ap_destroy_pool ()
#3 0x80503eb in ap_clear_pool ()
#4 0x8050478 in ap_destroy_pool ()
#5 0x805b190 in clean_parent_exit ()
#6 0x805d84d in standalone_main ()
#7 0x805dcab in main ()
#8 0x804fc39 in _start ()
It is a bad sign, it may mean buffer overflow anywhere in the program,
i suppose. It may be difficult to find the bug. I'm ready to provide
any help in catching it...
------------------------------------------------------------------------
[2004-02-15 13:31:17] davojan at mail dot ru
Description:
------------
PHP crashes on session_start() if object "foo" references to object
"bar" and both "foo" and "bar" are put into session explicitly each
into it's element.
The example below will work if we comment line:
$_SESSION['bar'] = $bar;
the only one "foo" is put to session explicitly and "bar" is also put,
but as a member of "foo".
Reproduce code:
---------------
<?
class foo {
public $bar = NULL;
}
class bar {}
//=============================[]
$foo = new foo();
$bar = new bar();
$foo->bar = $bar;
session_start();
$_SESSION['foo'] = $foo;
$_SESSION['bar'] = $bar; // it will be all right, if we comment this
session_write_close();
session_start(); // crashing here
echo "OK";
?>
Expected result:
----------------
OK
Actual result:
--------------
In browser:
"The page cannot be displayed"
In /var/log/httpd-error.log:
[Sun Feb 15 21:21:22 2004] [notice] child pid 230 exit signal
Segmentation fault (11)
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=27263&edit=1
