php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #11022 session_encode() crashes when there's data to encode
Submitted: 2001-05-22 12:46 UTC Modified: 2001-06-08 13:45 UTC
From: oyvindmo at initio dot no Assigned:
Status: Closed Package: Session related
PHP Version: 4.0.5 OS: FreeBSD, Linux, ...
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2001-05-22 12:46 UTC] oyvindmo at initio dot no 
I'm testing some user session handling now, and have found a reproducible crash.  The following page causes a crash:

<?php
include('dummysessionhandlers.inc.php');
session_register('foo');
session_encode();
?>

While the following code does _not_ crash:

<?php
inlude('dummysessionhandlers.inc.php');
session_encode();
session_register('foo');
?>


Relevant info from php.ini:
session.save_handler      = user
session.serialize_handler = php
session.use_cookies       = 1
session.use_trans_sid     = 1

The "dummysessionhandlers" are all functions that just return true.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-05-22 13:48 UTC] oyvindmo at initio dot no 
Here's a backtrace.  Hoppefully this submit form doesn't mess it up beyond repair.


Program received signal SIGSEGV, Segmentation fault.
0x28257637 in php_get_session_var (name=0x8187624 "fnokk", namelen=5, 
    state_var=0xbfbfe40c) at session.c:249
249                     ht = Z_ARRVAL_P(PS(http_session_vars));
(gdb) bt
#0  0x28257637 in php_get_session_var (name=0x8187624 "fnokk", namelen=5, 
    state_var=0xbfbfe40c) at session.c:249
#1  0x28257b6f in ps_srlzr_encode_php (newstr=0xbfbfe670, newlen=0xbfbfe6a0)
    at session.c:350
#2  0x2825810a in php_session_encode (newlen=0xbfbfe6a0) at session.c:516
#3  0x2825a3db in php_if_session_encode (ht=0, return_value=0x819bde4, this_ptr=0x0, 
    return_value_used=1) at session.c:1322
#4  0x282084a7 in execute (op_array=0x8178aa4) at ./zend_execute.c:1519
#5  0x28216c9d in zend_execute_scripts (type=8, file_count=3) at zend.c:729
#6  0x282291a4 in php_execute_script (primary_file=0xbfbff8d0) at main.c:1221
#7  0x28225856 in apache_php_module_main (r=0x8182034, display_source_mode=0)
    at sapi_apache.c:89
#8  0x2822623c in send_php (r=0x8182034, display_source_mode=0, filename=0x0)
    at mod_php4.c:516
#9  0x28226276 in send_parsed_php (r=0x8182034) at mod_php4.c:527
#10 0x80520dc in ap_invoke_handler ()
#11 0x8060cfd in process_request_internal ()
#12 0x8060d5c in ap_process_request ()
#13 0x805a6ae in child_main ()
#14 0x805a820 in make_child ()
#15 0x805a93d in startup_children ()
#16 0x805ae0c in standalone_main ()
#17 0x805b4b3 in main ()
#18 0x804ea11 in _start ()
 [2001-05-22 15:08 UTC] oyvindmo at initio dot no 
After glancing at ext/session/session.c and testing some more:  Things work fine if I set register_globals on.  Pretty obviously a workaround I'd like to avoid.
 [2001-05-23 13:16 UTC] oyvindmo at initio dot no 
After glancing at ext/session/session.c and testing some more:  Things work fine if I set register_globals on.  Pretty obviously a workaround I'd like to avoid.
 [2001-06-08 13:45 UTC] sas@php.net 
I've added a check for this. Thanks for your report.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 22:01:28 2024 UTC