php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #39602 Invalid session.save_handler crashes PHP
Submitted: 2006-11-23 08:01 UTC Modified: 2006-11-23 08:07 UTC
From: dmitry@php.net Assigned: dmitry (profile)
Status: Closed Package: Reproducible crash
PHP Version: 5CVS-2006-11-23 (CVS) OS: *
Private report: No CVE-ID: None
 [2006-11-23 08:01 UTC] dmitry@php.net
Description:
------------
PHP may crash if php.ini contains invalid setting for "session.save_handler" directive.

Reproduce code:
---------------
<?php
ini_set("session.save_handler","files");
$x = new stdClass();
?>

Expected result:
----------------
no crach

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
0x0832cd57 in zend_objects_store_mark_destructed (objects=0x84697b8)
    at /home/dmitry/php/php5.2/Zend/zend_objects_API.c:70
70                      if (objects->object_buckets[i].valid) {
(gdb) p objects->object_buckets
$2 = (zend_object_store_bucket *) 0x0
(gdb) bt
#0  0x0832cd57 in zend_objects_store_mark_destructed (objects=0x84697b8)
    at /home/dmitry/php/php5.2/Zend/zend_objects_API.c:70
#1  0x082b9af7 in php_error_cb (type=1, error_filename=0x8434bcb "Unknown",
    error_lineno=0, format=0x8419663 "%s", args=0xbf801c58 "??\224\b")
    at /home/dmitry/php/php5.2/main/main.c:838
#2  0x0012c265 in soap_error_handler (error_num=1,
    error_filename=0x8434bcb "Unknown", error_lineno=0, format=0x8419663 "%s",
    args=0xbf801c58 "??\224\b") at /home/dmitry/php/php5.2/ext/soap/soap.c:2022
#3  0x0830bac3 in zend_error (type=1, format=0x8419663 "%s")
    at /home/dmitry/php/php5.2/Zend/zend.c:946
#4  0x082b921f in php_verror (docref=0x0, params=0x84190b1 "", type=1,
    format=0x83f45eb "Cannot find save handler %s",
    args=0xbf801d3c "@\226\206\b(?\224\b\224>\224\bh\035\200?S?.\b")
    at /home/dmitry/php/php5.2/main/main.c:584
#5  0x082b9289 in php_error_docref0 (docref=0x0, type=1,
    format=0x83f45eb "Cannot find save handler %s")
    at /home/dmitry/php/php5.2/main/main.c:596
#6  0x0819d614 in OnUpdateSaveHandler (entry=0x88c6c10,
    new_value=0x8869640 "qwerty", new_value_length=6, mh_arg1=0x0,
    mh_arg2=0x0, mh_arg3=0x0, stage=8)
    at /home/dmitry/php/php5.2/ext/session/session.c:107
#7  0x08320e95 in zend_restore_ini_entry_cb (ini_entry=0x88c6c10, stage=8)
    at /home/dmitry/php/php5.2/Zend/zend_ini.c:55
#8  0x08320f2c in zend_restore_ini_entry_wrapper (ini_entry=0x894eb88)
    at /home/dmitry/php/php5.2/Zend/zend_ini.c:70
#9  0x08317f53 in zend_hash_apply (ht=0x894e458,
    apply_func=0x8320f11 <zend_restore_ini_entry_wrapper>)
    at /home/dmitry/php/php5.2/Zend/zend_hash.c:668
#10 0x08321031 in zend_ini_deactivate ()
    at /home/dmitry/php/php5.2/Zend/zend_ini.c:109
#11 0x0830b8b7 in zend_deactivate () at /home/dmitry/php/php5.2/Zend/zend.c:850
#12 0x082ba99a in php_request_shutdown (dummy=0x0)
    at /home/dmitry/php/php5.2/main/main.c:1300
#13 0x0838631e in main (argc=4, argv=0xbf804304)
    at /home/dmitry/php/php5.2/sapi/cgi/cgi_main.c:1792


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-11-23 08:07 UTC] dmitry@php.net
Fixed in CVS HEAD and PHP_5_2.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 09:01:32 2024 UTC