PHP :: Bug #25780 :: Apache crash in ext/standard/datetime.c

Bug #25780	Apache crash in ext/standard/datetime.c
Submitted:	2003-10-07 14:56 UTC	Modified:	2003-10-08 06:23 UTC
From:	marrtins at hackers dot lv	Assigned:
Status:	Closed	Package:	Session related
PHP Version:	4.3.3	OS:	w2k sp4
Private report:	No	CVE-ID:	None

View Developer Edit

[2003-10-07 14:56 UTC] marrtins at hackers dot lv

Description:
------------
I got a Apache(Server version: Apache/1.3.27 (Win32) / Server built: Oct  6 2003 13:10:44) crash when use my own session handling functions and session gets created first time.

Application popup: Apache.exe - Application Error : The instruction at "0x1004d6ba" referenced memory at "0x00000000". The memory could not be "read".

Click on OK to terminate the program
Click on CANCEL to debug the program 


Reproduce code:
---------------
1. class.SessionHandler.php
------------------------
<?
...
  function sess_read($sess_id) {
    global $db;

    $sess = $this->get_sess($sess_id);
    if(!count($sess))
      return ""; // <- crash when returning *anything*
...
?>

2. inc.session.php
---------------
<?
ini_set('session.save_handler', 'user');
ini_set('session.use_cookies', true);
ini_set('session.name', 'sid');
ini_set('session.gc_maxlifetime', time() + 31536000); // 1 year
ini_set('session.cookie_lifetime', time() + 31536000); // 1 year
ini_set('session.serialize_handler', 'php');
ini_set('session.gc_probability', 1);

$sess_handler = new SessionHandler();
session_set_save_handler(
  array(&$sess_handler, "sess_open"), 
  array(&$sess_handler, "sess_close"),
  array(&$sess_handler, "sess_read"),
  array(&$sess_handler, "sess_write"),
  array(&$sess_handler, "sess_destroy"),
  array(&$sess_handler, "sess_gc")
);

session_start();
?>

3. ext/standard/dattime.c
for some reasons 'php_gmtime_r' returns NULL
----------------------
...
tm1 = php_gmtime_r(&t, &tmbuf);
...
  } else if(tm1) {
    snprintf(str, 80, "%s, %02d-%s-%02d %02d:%02d:%02d GMT",
        day_short_names[tm1->tm_wday],
        tm1->tm_mday,
        mon_short_names[tm1->tm_mon],
        ((tm1->tm_year)%100),
        tm1->tm_hour, tm1->tm_min, tm1->tm_sec);
  }

cahnge to:
...
  } else if(tm1) {
...

---------------
Now works fine.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-10-07 19:31 UTC] sniper@php.net

And btw. read this page about the correct way to set the
session ini settings: http://www.php.net/session

session.gc_maxlifetime (you're now making this time() + time () + one year)
session.cookie_lifetime (you're now making this time() + time () + one year)

[2003-10-08 04:48 UTC] marrtins at hackers dot lv

<?php
ini_set('session.use_cookies', true);
ini_set('session.name', 'sid');
ini_set('session.auto_start', false);
ini_set('session.gc_maxlifetime', time() + 31536000); // 1 year
ini_set('session.cookie_lifetime', time() + 31536000); // 1 year
ini_set('session.serialize_handler', 'php');
ini_set('session.gc_probability', 1);

session_start();
?>

crash!
without time() + year forks fine.

[2003-10-08 06:23 UTC] sniper@php.net

This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Feb 21 02:01:30 2025 UTC