#48922 [Opn->NoF]: session_set_save_handler() appears to cause all processing to stop

jani Tue, 28 Jul 2009 11:42:08 -0700

 ID:               48922
 Updated by:       j...@php.net
 Reported By:      bobby at indesignfirm dot com
-Status:           Open
+Status:           No Feedback
 Bug Type:         Session related
 Operating System: RedHat 2.6.9-42.0.8.EL #1
 PHP Version:      5.2.10
 New Comment:


Timj: Please don't hijack bugs. 


Previous Comments:
------------------------------------------------------------------------

[2009-07-18 22:04:39] t...@php.net

I *think* I have the same problem. Segfaults on various pages that
don't occur on 5.2.9. I have a session handler using PEAR HTTP_Session,
that saves via MDB2/mysqli to a MySQL database. The common factor seems
to be that they happen during session_save_state.

Here's 5.2.10: (crash in version_compare):

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff1ea4d3f in _zend_mm_free_int (heap=0x7ffff8396480,
p=0x7ffff8bb7010) at /usr/src/debug/php-5.2.10/Zend/zend_alloc.c:1978
1978            if (ZEND_MM_IS_FREE_BLOCK(next_block)) {
(gdb) bt
#0  0x00007ffff1ea4d3f in _zend_mm_free_int (heap=0x7ffff8396480,
p=0x7ffff8bb7010) at /usr/src/debug/php-5.2.10/Zend/zend_alloc.c:1978
#1  0x00007ffff1ea5af4 in _efree (ptr=0x7ffff8bb7010) at
/usr/src/debug/php-5.2.10/Zend/zend_alloc.c:2311
#2  0x00007ffff1e3f4ff in php_version_compare (orig_ver1=0x7ffff87b7538
"5.2.10", orig_ver2=0x7ffff8e41ac0 "5.0") at
/usr/src/debug/php-5.2.10/ext/standard/versioning.c:202
#3  0x00007ffff1e3f58b in zif_version_compare (ht=3,
return_value=0x7ffff87bc458, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=1) at
/usr/src/debug/php-5.2.10/ext/standard/versioning.c:222
#4  0x00007ffff1ef028d in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fffffffac00) at
/usr/src/debug/php-5.2.10/Zend/zend_vm_execute.h:200
#5  0x00007ffff1ef4235 in ZEND_DO_FCALL_SPEC_CONST_HANDLER
(execute_data=0x7fffffffac00) at
/usr/src/debug/php-5.2.10/Zend/zend_vm_execute.h:1739
#6  0x00007ffff1eefd6f in execute (op_array=0x7ffff8a028c0) at
/usr/src/debug/php-5.2.10/Zend/zend_vm_execute.h:92
#7  0x00007ffff1ef043e in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fffffffba00) at
/usr/src/debug/php-5.2.10/Zend/zend_vm_execute.h:234
#8  0x00007ffff1ef0984 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0x7fffffffba00) at
/usr/src/debug/php-5.2.10/Zend/zend_vm_execute.h:322
#9  0x00007ffff1eefd6f in execute (op_array=0x7ffff8b696e8) at
/usr/src/debug/php-5.2.10/Zend/zend_vm_execute.h:92
#10 0x00007ffff1ef043e in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fffffffbf60) at
/usr/src/debug/php-5.2.10/Zend/zend_vm_execute.h:234
#11 0x00007ffff1ef0984 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0x7fffffffbf60) at
/usr/src/debug/php-5.2.10/Zend/zend_vm_execute.h:322
#12 0x00007ffff1eefd6f in execute (op_array=0x7ffff8b69588) at
/usr/src/debug/php-5.2.10/Zend/zend_vm_execute.h:92
#13 0x00007ffff1ef043e in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fffffffc2d0) at
/usr/src/debug/php-5.2.10/Zend/zend_vm_execute.h:234
#14 0x00007ffff1ef0984 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0x7fffffffc2d0) at
/usr/src/debug/php-5.2.10/Zend/zend_vm_execute.h:322
#15 0x00007ffff1eefd6f in execute (op_array=0x7ffff8b6a728) at
/usr/src/debug/php-5.2.10/Zend/zend_vm_execute.h:92
#16 0x00007ffff1ef043e in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fffffffd1c0) at
/usr/src/debug/php-5.2.10/Zend/zend_vm_execute.h:234
#17 0x00007ffff1ef0984 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0x7fffffffd1c0) at
/usr/src/debug/php-5.2.10/Zend/zend_vm_execute.h:322
#18 0x00007ffff1eefd6f in execute (op_array=0x7ffff8e29300) at
/usr/src/debug/php-5.2.10/Zend/zend_vm_execute.h:92
#19 0x00007ffff1eb816b in zend_call_function (fci=0x7fffffffd440,
fci_cache=0x0) at
/usr/src/debug/php-5.2.10/Zend/zend_execute_API.c:1032
#20 0x00007ffff1eb66d4 in call_user_function_ex
(function_table=0x7ffff8396d20, object_pp=0x0,
function_name=0x7ffff8e3eea0, retval_ptr_ptr=0x7fffffffd4e8,
param_count=2, params=0x7ffff87b7670, no_separation=1, 
    symbol_table=0x0) at
/usr/src/debug/php-5.2.10/Zend/zend_execute_API.c:640
#21 0x00007ffff1eb65af in call_user_function
(function_table=0x7ffff8396d20, object_pp=0x0,
function_name=0x7ffff8e3eea0, retval_ptr=0x7ffff87b7c18, param_count=2,
params=0x7fffffffd590)
    at /usr/src/debug/php-5.2.10/Zend/zend_execute_API.c:613
#22 0x00007ffff1da4785 in ps_call_handler (func=0x7ffff8e3eea0, argc=2,
argv=0x7fffffffd590) at
/usr/src/debug/php-5.2.10/ext/session/mod_user.c:53
#23 0x00007ffff1da4c2d in ps_write_user (mod_data=0x7ffff221db60,
key=0x7ffff8e3f7c0 "59ufo7hqslet38p73jp9na8577", 
    val=0x7ffff8fb1e88
"__HTTP_Session2_Info|i:2;__HTTP_Session2_Idle|i:3600;__HTTP_Session2_Idle_TS|i:1247951369;user_id|s:1:\"6\";audit_user|N;",
vallen=119) at /usr/src/debug/php-5.2.10/ext/session/mod_user.c:141
#24 0x00007ffff1d9d8ba in php_session_save_current_state () at
/usr/src/debug/php-5.2.10/ext/session/session.c:556
#25 0x00007ffff1da0fbb in php_session_flush () at
/usr/src/debug/php-5.2.10/ext/session/session.c:1408
#26 0x00007ffff1da31cc in zm_deactivate_session (type=1,
module_number=17) at
/usr/src/debug/php-5.2.10/ext/session/session.c:2010
#27 0x00007ffff1ecd24b in module_registry_cleanup
(module=0x7ffff83c8550) at
/usr/src/debug/php-5.2.10/Zend/zend_API.c:1976
#28 0x00007ffff1ed2ba7 in zend_hash_reverse_apply (ht=0x7ffff2221e20,
apply_func=0x7ffff1ecd20c <module_registry_cleanup>) at
/usr/src/debug/php-5.2.10/Zend/zend_hash.c:755
#29 0x00007ffff1ec5628 in zend_deactivate_modules () at
/usr/src/debug/php-5.2.10/Zend/zend.c:838
#30 0x00007ffff1e6de29 in php_request_shutdown (dummy=0x0) at
/usr/src/debug/php-5.2.10/main/main.c:1468
#31 0x00007ffff1f475f9 in php_apache_request_dtor (r=0x7ffff87edb38) at
/usr/src/debug/php-5.2.10/sapi/apache2handler/sapi_apache2.c:472
#32 0x00007ffff1f47e6a in php_handler (r=0x7ffff87edb38) at
/usr/src/debug/php-5.2.10/sapi/apache2handler/sapi_apache2.c:644
#33 0x00007ffff7fd9600 in ap_run_handler (r=0x7ffff87edb38) at
/usr/src/debug/httpd-2.2.11/server/config.c:158
#34 0x00007ffff7fdce98 in ap_invoke_handler (r=0x7ffff87edb38) at
/usr/src/debug/httpd-2.2.11/server/config.c:372
#35 0x00007ffff7fe852e in ap_process_request (r=0x7ffff87edb38) at
/usr/src/debug/httpd-2.2.11/modules/http/http_request.c:282
#36 0x00007ffff7fe5328 in ap_process_http_connection (c=0x7ffff87e7cf8)
at /usr/src/debug/httpd-2.2.11/modules/http/http_core.c:190
#37 0x00007ffff7fe1048 in ap_run_process_connection (c=0x7ffff87e7cf8)
at /usr/src/debug/httpd-2.2.11/server/connection.c:43
#38 0x00007ffff7fecf78 in child_main (child_num_arg=<value optimized
out>) at /usr/src/debug/httpd-2.2.11/server/mpm/prefork/prefork.c:650
#39 0x00007ffff7fed1f6 in make_child (s=0x7ffff8212f90, slot=0) at
/usr/src/debug/httpd-2.2.11/server/mpm/prefork/prefork.c:690
#40 0x00007ffff7fed853 in ap_mpm_run (_pconf=<value optimized out>,
plog=<value optimized out>, s=<value optimized out>) at
/usr/src/debug/httpd-2.2.11/server/mpm/prefork/prefork.c:966
#41 0x00007ffff7fc56d0 in main (argc=14, argv=0x7fffffffe128) at
/usr/src/debug/httpd-2.2.11/server/main.c:740
(gdb) frame 2
#2  0x00007ffff1e3f4ff in php_version_compare (orig_ver1=0x7ffff87b7538
"5.2.10", orig_ver2=0x7ffff8e41ac0 "5.0") at
/usr/src/debug/php-5.2.10/ext/standard/versioning.c:202
202             efree(ver1);

The above call appears to have come via "version_compare(phpversion(),
"5.0", ">="))" in MDB2::classExists().

However, running exactly the same page with the 5.2 snapshot from
200907182030 results in apparently the same behaviour (segfault) but in
a completely different function:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff1ea373a in _zend_mm_alloc_int (heap=0x7ffff83964a0, size=12)
at /usr/src/debug/php5.2-200907182030/Zend/zend_alloc.c:1785
1785                            heap->cache[index] = best_fit->prev_free_block;
(gdb) bt
#0  0x00007ffff1ea373a in _zend_mm_alloc_int (heap=0x7ffff83964a0,
size=12) at /usr/src/debug/php5.2-200907182030/Zend/zend_alloc.c:1785
#1  0x00007ffff1ea4bbc in _emalloc (size=12) at
/usr/src/debug/php5.2-200907182030/Zend/zend_alloc.c:2300
#2  0x00007ffff1ea4d49 in _safe_emalloc (nmemb=3, size=4, offset=0) at
/usr/src/debug/php5.2-200907182030/Zend/zend_alloc.c:2391
#3  0x00007ffff1d3d24c in php_pcre_match_impl (pce=0x7ffff8bd8360,
subject=0x7ffff8b998a8
"__HTTP_Session2_Info|i:2;__HTTP_Session2_Idle|i:3600;__HTTP_Session2_Idle_TS|i:1247953764;user_id|s:1:\"6\";audit_user|N;",

    subject_len=119, return_value=0x7ffff87b99f0, subpats=0x0,
global=0, use_flags=0, flags=0, start_offset=0) at
/usr/src/debug/php5.2-200907182030/ext/pcre/php_pcre.c:603
#4  0x00007ffff1d3cfe8 in php_do_pcre_match (ht=2,
return_value=0x7ffff87b99f0, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=1, global=0) at
/usr/src/debug/php5.2-200907182030/ext/pcre/php_pcre.c:513
#5  0x00007ffff1d3db55 in zif_preg_match (ht=2,
return_value=0x7ffff87b99f0, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=1) at
/usr/src/debug/php5.2-200907182030/ext/pcre/php_pcre.c:762
#6  0x00007ffff1eef409 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fffffffbfe0) at
/usr/src/debug/php5.2-200907182030/Zend/zend_vm_execute.h:200
#7  0x00007ffff1ef33b1 in ZEND_DO_FCALL_SPEC_CONST_HANDLER
(execute_data=0x7fffffffbfe0) at
/usr/src/debug/php5.2-200907182030/Zend/zend_vm_execute.h:1739
#8  0x00007ffff1eeeeeb in execute (op_array=0x7ffff8ec85a0) at
/usr/src/debug/php5.2-200907182030/Zend/zend_vm_execute.h:92
#9  0x00007ffff1eef5ba in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fffffffc2d0) at
/usr/src/debug/php5.2-200907182030/Zend/zend_vm_execute.h:234
#10 0x00007ffff1eefb00 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0x7fffffffc2d0) at
/usr/src/debug/php5.2-200907182030/Zend/zend_vm_execute.h:322
#11 0x00007ffff1eeeeeb in execute (op_array=0x7ffff8b69d80) at
/usr/src/debug/php5.2-200907182030/Zend/zend_vm_execute.h:92
#12 0x00007ffff1eef5ba in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fffffffd1c0) at
/usr/src/debug/php5.2-200907182030/Zend/zend_vm_execute.h:234
#13 0x00007ffff1eefb00 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0x7fffffffd1c0) at
/usr/src/debug/php5.2-200907182030/Zend/zend_vm_execute.h:322
#14 0x00007ffff1eeeeeb in execute (op_array=0x7ffff8e29508) at
/usr/src/debug/php5.2-200907182030/Zend/zend_vm_execute.h:92
#15 0x00007ffff1eb727b in zend_call_function (fci=0x7fffffffd440,
fci_cache=0x0) at
/usr/src/debug/php5.2-200907182030/Zend/zend_execute_API.c:1032
#16 0x00007ffff1eb57e4 in call_user_function_ex
(function_table=0x7ffff8396d40, object_pp=0x0,
function_name=0x7ffff8e3f1f0, retval_ptr_ptr=0x7fffffffd4e8,
param_count=2, params=0x7ffff87b7850, no_separation=1, 
    symbol_table=0x0) at
/usr/src/debug/php5.2-200907182030/Zend/zend_execute_API.c:640
#17 0x00007ffff1eb56bf in call_user_function
(function_table=0x7ffff8396d40, object_pp=0x0,
function_name=0x7ffff8e3f1f0, retval_ptr=0x7ffff87b75f0, param_count=2,
params=0x7fffffffd590)
    at /usr/src/debug/php5.2-200907182030/Zend/zend_execute_API.c:613
#18 0x00007ffff1da385d in ps_call_handler (func=0x7ffff8e3f1f0, argc=2,
argv=0x7fffffffd590) at
/usr/src/debug/php5.2-200907182030/ext/session/mod_user.c:53
#19 0x00007ffff1da3d05 in ps_write_user (mod_data=0x7ffff221db20,
key=0x7ffff8d8e290 "l41av5sk36mub26qvgm1t61672", 
    val=0x7ffff8fb2470
"__HTTP_Session2_Info|i:2;__HTTP_Session2_Idle|i:3600;__HTTP_Session2_Idle_TS|i:1247953764;user_id|s:1:\"6\";audit_user|N;",
vallen=119) at
/usr/src/debug/php5.2-200907182030/ext/session/mod_user.c:141
#20 0x00007ffff1d9c98a in php_session_save_current_state () at
/usr/src/debug/php5.2-200907182030/ext/session/session.c:556
#21 0x00007ffff1da008b in php_session_flush () at
/usr/src/debug/php5.2-200907182030/ext/session/session.c:1408
#22 0x00007ffff1da229c in zm_deactivate_session (type=1,
module_number=17) at
/usr/src/debug/php5.2-200907182030/ext/session/session.c:2010
#23 0x00007ffff1ecc35b in module_registry_cleanup
(module=0x7ffff83c86f0) at
/usr/src/debug/php5.2-200907182030/Zend/zend_API.c:1976
#24 0x00007ffff1ed1cb7 in zend_hash_reverse_apply (ht=0x7ffff2221de0,
apply_func=0x7ffff1ecc31c <module_registry_cleanup>) at
/usr/src/debug/php5.2-200907182030/Zend/zend_hash.c:755
#25 0x00007ffff1ec4738 in zend_deactivate_modules () at
/usr/src/debug/php5.2-200907182030/Zend/zend.c:838
#26 0x00007ffff1e6cf1c in php_request_shutdown (dummy=0x0) at
/usr/src/debug/php5.2-200907182030/main/main.c:1463
#27 0x00007ffff1f46775 in php_apache_request_dtor (r=0x7ffff87edd18) at
/usr/src/debug/php5.2-200907182030/sapi/apache2handler/sapi_apache2.c:472
#28 0x00007ffff1f46fe6 in php_handler (r=0x7ffff87edd18) at
/usr/src/debug/php5.2-200907182030/sapi/apache2handler/sapi_apache2.c:644
#29 0x00007ffff7fd9600 in ap_run_handler (r=0x7ffff87edd18) at
/usr/src/debug/httpd-2.2.11/server/config.c:158
#30 0x00007ffff7fdce98 in ap_invoke_handler (r=0x7ffff87edd18) at
/usr/src/debug/httpd-2.2.11/server/config.c:372
#31 0x00007ffff7fe852e in ap_process_request (r=0x7ffff87edd18) at
/usr/src/debug/httpd-2.2.11/modules/http/http_request.c:282
#32 0x00007ffff7fe5328 in ap_process_http_connection (c=0x7ffff87e7ed8)
at /usr/src/debug/httpd-2.2.11/modules/http/http_core.c:190
#33 0x00007ffff7fe1048 in ap_run_process_connection (c=0x7ffff87e7ed8)
at /usr/src/debug/httpd-2.2.11/server/connection.c:43
#34 0x00007ffff7fecf78 in child_main (child_num_arg=<value optimized
out>) at /usr/src/debug/httpd-2.2.11/server/mpm/prefork/prefork.c:650
#35 0x00007ffff7fed1f6 in make_child (s=0x7ffff8212f90, slot=0) at
/usr/src/debug/httpd-2.2.11/server/mpm/prefork/prefork.c:690
#36 0x00007ffff7fed853 in ap_mpm_run (_pconf=<value optimized out>,
plog=<value optimized out>, s=<value optimized out>) at
/usr/src/debug/httpd-2.2.11/server/mpm/prefork/prefork.c:966
#37 0x00007ffff7fc56d0 in main (argc=14, argv=0x7fffffffe128) at
/usr/src/debug/httpd-2.2.11/server/main.c:740
(gdb) frame 3
#3  0x00007ffff1d3d24c in php_pcre_match_impl (pce=0x7ffff8bd8360,
subject=0x7ffff8b998a8
"__HTTP_Session2_Info|i:2;__HTTP_Session2_Idle|i:3600;__HTTP_Session2_Idle_TS|i:1247953764;user_id|s:1:\"6\";audit_user|N;",

    subject_len=119, return_value=0x7ffff87b99f0, subpats=0x0,
global=0, use_flags=0, flags=0, start_offset=0) at
/usr/src/debug/php5.2-200907182030/ext/pcre/php_pcre.c:603
603             offsets = (int *)safe_emalloc(size_offsets, sizeof(int), 0);


------------------------------------------------------------------------

The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
    http://bugs.php.net/48922

-- 
Edit this bug report at http://bugs.php.net/?id=48922&edit=1

#48922 [Opn->NoF]: session_set_save_handler() appears to cause all processing to stop

Reply via email to