PHP :: Bug #38405 :: Segmentation fault on using invalid save handler

Bug #38405	Segmentation fault on using invalid save handler
Submitted:	2006-08-09 23:32 UTC	Modified:	2006-08-10 21:53 UTC
From:	archer at priorityonline dot net	Assigned:
Status:	Closed	Package:	Reproducible crash
PHP Version:	5.1.4	OS:	Debian-AMD64
Private report:	No	CVE-ID:	None

View Developer Edit

[2006-08-09 23:32 UTC] archer at priorityonline dot net

Description:
------------
PHP Seems to crash (Segmentation Fault) when you provide it with an invalid save_handler in PHP.ini.

I've attached a backtrace below.



Reproduce code:
---------------
Setting the save_handler value in php.ini to an invalid value
eg.
session.save_handler = file



Expected result:
----------------
PHP Fatal error:  Unknown: Cannot find save handler file in Unknown on line 0


Actual result:
--------------
(gdb) bt
#0  0x000000000067a493 in zend_objects_store_mark_destructed (objects=0xaa00f8) at /root/php-5.1.4/Zend/zend_objects_API.c:70
#1  0x0000000000624132 in php_error_cb (type=0, error_filename=0x86911d "Unknown", error_lineno=0, format=<value optimized out>, args=<value optimized out>) at /root/php-5.1.4/main/main.c:827
#2  0x0000000000661174 in zend_error (type=1, format=0x86f486 "%s") at /root/php-5.1.4/Zend/zend.c:967
#3  0x000000000062383d in php_verror (docref=0x0, params=<value optimized out>, type=1, format=<value optimized out>, args=0xe88138) at /root/php-5.1.4/main/main.c:572
#4  0x0000000000623bcb in php_error_docref0 (docref=0xaa00f8 "", type=16, format=0x1 <Address 0x1 out of bounds>) at /root/php-5.1.4/main/main.c:592
#5  0x0000000000559e74 in OnUpdateSaveHandler (entry=<value optimized out>, new_value=0xab0340 "file", new_value_length=<value optimized out>, mh_arg1=<value optimized out>, 
    mh_arg2=<value optimized out>, mh_arg3=<value optimized out>, stage=8) at /root/php-5.1.4/ext/session/session.c:102
#6  0x000000000067190b in zend_restore_ini_entry_cb (ini_entry=0xbc91b0, stage=8) at /root/php-5.1.4/Zend/zend_ini.c:55
#7  0x000000000066a6bb in zend_hash_apply_with_argument (ht=0xaa6250, apply_func=0x671830 <zend_restore_ini_entry_cb>, argument=0x8) at /root/php-5.1.4/Zend/zend_hash.c:685
#8  0x00000000006719da in zend_ini_deactivate () at /root/php-5.1.4/Zend/zend_ini.c:101
#9  0x0000000000660c26 in zend_deactivate () at /root/php-5.1.4/Zend/zend.c:863
#10 0x0000000000624e2c in php_request_shutdown (dummy=<value optimized out>) at /root/php-5.1.4/main/main.c:1287
#11 0x00000000006ecf8a in main (argc=3, argv=0x7fffa1fa11a8) at /root/php-5.1.4/sapi/cgi/cgi_main.c:1666

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-08-09 23:37 UTC] archer at priorityonline dot net

Extra Information missing from backtrace ->

#0  0x000000000067a493 in zend_objects_store_mark_destructed (objects=0xaa00f8) at /root/php-5.1.4/Zend/zend_objects_API.c:70
70                      if (objects->object_buckets[i].valid) {

[2006-08-10 07:49 UTC] tony2001@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip

[2006-08-10 14:45 UTC] archer at priorityonline dot net

Nope, happens every time i try to run phpmyadmin through php  if that helps. I've no idea which line actually causes it to seg tho, trying to figure that one out :/

Core was generated by `php-fcgi -c /root/php.break.ini index.php'.
Program terminated with signal 11, Segmentation fault.
#0  0x0000000000795c4c in zend_objects_store_mark_destructed (objects=0xbe6900) at /root/php5.2-200608101230/Zend/zend_objects_API.c:70
70                      if (objects->object_buckets[i].valid) {

#0  0x0000000000795c4c in zend_objects_store_mark_destructed (objects=0xbe6900) at /root/php5.2-200608101230/Zend/zend_objects_API.c:70
#1  0x000000000071874d in php_error_cb (type=1, error_filename=0xa1f27b "Unknown", error_lineno=0, format=0xa01f39 "%s", args=0x7ffff029b620) at /root/php5.2-200608101230/main/main.c:836
#2  0x00000000007714cb in zend_error (type=1, format=0xa01f39 "%s") at /root/php5.2-200608101230/Zend/zend.c:944
#3  0x0000000000717a6f in php_verror (docref=0x0, params=0xa01a41 "", type=1, format=0x9d63b7 "Cannot find save handler %s", args=0x7ffff029b860) at /root/php5.2-200608101230/main/main.c:574
#4  0x0000000000717cb5 in php_error_docref0 (docref=0x0, type=1, format=0x9d63b7 "Cannot find save handler %s") at /root/php5.2-200608101230/main/main.c:594
#5  0x00000000005e758c in OnUpdateSaveHandler (entry=0xd20720, new_value=0xbf83c0 "file", new_value_length=4, mh_arg1=0x0, mh_arg2=0x0, mh_arg3=0x0, stage=8)
    at /root/php5.2-200608101230/ext/session/session.c:103
#6  0x0000000000788d7e in zend_restore_ini_entry_cb (ini_entry=0xd20720, stage=8) at /root/php5.2-200608101230/Zend/zend_ini.c:55
#7  0x0000000000788e27 in zend_restore_ini_entry_wrapper (ini_entry=0x2ba7bf365d88) at /root/php5.2-200608101230/Zend/zend_ini.c:70
#8  0x000000000077f661 in zend_hash_apply (ht=0x2ba7bcf46388, apply_func=0x788e0a <zend_restore_ini_entry_wrapper>) at /root/php5.2-200608101230/Zend/zend_hash.c:666
#9  0x0000000000788f18 in zend_ini_deactivate () at /root/php5.2-200608101230/Zend/zend_ini.c:109
#10 0x000000000077117f in zend_deactivate () at /root/php5.2-200608101230/Zend/zend.c:848
#11 0x000000000071966e in php_request_shutdown (dummy=0x0) at /root/php5.2-200608101230/main/main.c:1300
#12 0x00000000007f5bbb in main (argc=4, argv=0x7ffff029e0e8) at /root/php5.2-200608101230/sapi/cgi/cgi_main.c:1667

[2006-08-10 14:48 UTC] tony2001@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.

[2006-08-10 14:52 UTC] archer at priorityonline dot net

Curious tho , as it displays the output of the page .. and then promptly crashes rather than exiting cleanly.

eg: 
<page html>
    PHP Fatal error:  Unknown: Cannot find save handler file in Unknown on line 0
Segmentation fault (core dumped)

[2006-08-10 14:59 UTC] tony2001@php.net

We still need a short reproduce case.

[2006-08-10 21:53 UTC] archer at priorityonline dot net

I'm gonna go scour the phpmyadmin code

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Mon Jul 14 16:01:34 2025 UTC