php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #9115 unserialization segfaults
Submitted: 2001-02-05 10:55 UTC Modified: 2001-04-10 09:53 UTC
From: david at deus dot dk Assigned:
Status: Closed Package: Session related
PHP Version: 4.0.4pl1 OS: RH 6.2/Linux
Private report: No CVE-ID: None
 [2001-02-05 10:55 UTC] david at deus dot dk
I get this consquently with 4.0.4+ (tried latest on snaps.php.net)

This happens while unserializing, but seems to be caused by a bad serialization -- this has been tested by serializing with 4.0.1pl2 and unserializing with 4.0.4pl1 -- no problems. The other way around ofcourse crashes.

Here's the bt from the segfault

(gdb) run -X
Starting program: /home/httpd/bin/httpd -X
(no debugging symbols found)...
Program received signal SIGSEGV, Segmentation fault.
0x81135cd in _zval_ptr_dtor ()
(gdb) bt
#0  0x81135cd in _zval_ptr_dtor ()
#1  0x811c9f9 in zend_hash_destroy ()
#2  0x8119158 in _zval_dtor ()
#3  0x81135e2 in _zval_ptr_dtor ()
#4  0x80fe2e9 in php_var_unserialize ()
#5  0x80ceb61 in ps_srlzr_decode_php ()
#6  0x80cf004 in ps_srlzr_decode_wddx ()
#7  0x80cf1f0 in ps_srlzr_decode_wddx ()
#8  0x80cfc14 in ps_srlzr_decode_wddx ()
#9  0x80d0c90 in php_if_session_start ()
#10 0x81464a1 in execute ()
#11 0x814c28d in execute ()
#12 0x8119fc8 in zend_execute_scripts ()
#13 0x808b788 in php_execute_script ()
#14 0x812521e in apache_php_module_main ()
#15 0x8089356 in send_php ()
#16 0x8089388 in send_parsed_php ()
#17 0x8153db3 in ap_invoke_handler ()
#18 0x81675e9 in ap_some_auth_required ()
#19 0x816764c in ap_process_request ()
#20 0x815eece in ap_child_terminate ()
#21 0x815f05c in ap_child_terminate ()
#22 0x815f1b9 in ap_child_terminate ()
#23 0x815f7e6 in ap_child_terminate ()
#24 0x815ff73 in main ()
#25 0x407669cb in __libc_start_main (main=0x815fc2c <main>, argc=2, argv=0xbffffa54, 
    init=0x806f58c <_init>, fini=0x81d4a2c <_fini>, rtld_fini=0x4000ae60 <_dl_fini>, 
    stack_end=0xbffffa4c) at ../sysdeps/generic/libc-start.c:92

Here's a working serialization:
!cust_id|session|O:7:"session":9:{s:16:"boolAuthenticate";b:1;s:9:"strSessID";s:0:"";s:9:"intUserID";s:1:"1";s:12:"strUserLogin";s:5:"david";s:15:"strUserPassword";s:7:"xxxx";s:11:"arrUserInfo";a:26:{i:0;s:1:"1";s:7:"cust_id";s:1:"1";i:1;s:1:"2";s:9:"cust_type";s:1:"2";i:2;s:5:"David";s:9:"cust_name";s:5:"David";i:3;s:7:"Hjorts?";s:12:"cust_surname";s:7:"Hjorts?";i:4;s:13:"david@deus.dk";s:10:"cust_email";s:13:"david@deus.dk";i:5;s:12:"+45 33179292";s:14:"cust_telephone";s:12:"+45 33179292";i:6;s:12:"+45 33179299";s:8:"cust_fax";s:12:"+45 33179299";i:7;s:27:"Frederiksberggade 26, 4 Sal";s:13:"cust_address1";s:27:"Frederiksberggade 26, 4 Sal";i:8;s:0:"";s:13:"cust_address2";s:0:"";i:9;s:12:"Copenhagen K";s:9:"cust_city";s:12:"Copenhagen K";i:10;s:7:"Dk-1459";s:11:"cust_postal";s:7:"Dk-1459";i:11;s:3:"050";s:12:"cust_country";s:3:"050";i:12;s:15:"Deus ex Machina";s:12:"cust_company";s:15:"Deus ex Machina";}s:11:"intUserType";i:2;s:13:"intUserStatus";i:0;s:9:"boolLogin";b:1;}create|O:10:"createtest":5:{s:7:"arrTest";b:0;s:11:"arrSections";a:1:{i:0;a:2:{s:10:"section_id";i:1;s:12:"section_name";s:29:"Skriv navnet p? sektionen her";}}s:8:"arrPages";a:21:{s:10:"test_title";s:0:"";s:15:"test_short_desc";s:0:"";s:9:"test_type";s:1:"b";s:14:"test_responses";s:0:"";s:10:"test_start";s:0:"";s:8:"test_end";s:0:"";s:7:"test_fc";s:6:"Yellow";s:7:"test_bc";s:6:"Yellow";s:9:"test_desc";s:0:"";s:9:"test_link";s:0:"";s:14:"qsInternetHome";N;s:16:"qsInternetAccess";N;s:15:"qsInternetUsage";N;s:8:"qsLiving";N;s:7:"qsCivil";N;s:8:"qsGender";N;s:7:"EndYear";s:0:"";s:8:"EndMonth";s:1:"1";s:10:"StartMonth";s:1:"1";s:9:"StartYear";s:0:"";s:7:"private";N;}s:11:"intLastPage";s:1:"6";s:11:"intNrPeople";N;}arrSections|a:1:{i:0;a:2:{s:10:"section_id";i:1;s:12:"section_name";s:29:"Skriv navnet p? sektionen her";}}R:39;arrQuestions|N;arrQuestions|a:1:{i:0;s:0:"";}

And here is the segfaulting one:
!cust_id|session|O:7:"session":9:{s:16:"boolAuthenticate";b:1;s:9:"strSessID";s:0:"";s:9:"intUserID";s:1:"1";s:12:"strUserLogin";s:5:"david";s:15:"strUserPassword";s:7:"xxxx";s:11:"arrUserInfo";a:26:{i:0;s:1:"1";s:7:"cust_id";s:1:"1";i:1;s:1:"2";s:9:"cust_type";s:1:"2";i:2;s:5:"David";s:9:"cust_name";s:5:"David";i:3;s:7:"Hjorts?";s:12:"cust_surname";s:7:"Hjorts?";i:4;s:13:"david@deus.dk";s:10:"cust_email";s:13:"david@deus.dk";i:5;s:12:"+45 33179292";s:14:"cust_telephone";s:12:"+45 33179292";i:6;s:12:"+45 33179299";s:8:"cust_fax";s:12:"+45 33179299";i:7;s:27:"Frederiksberggade 26, 4 Sal";s:13:"cust_address1";s:27:"Frederiksberggade 26, 4 Sal";i:8;s:0:"";s:13:"cust_address2";s:0:"";i:9;s:12:"Copenhagen K";s:9:"cust_city";s:12:"Copenhagen K";i:10;s:7:"Dk-1459";s:11:"cust_postal";s:7:"Dk-1459";i:11;s:3:"050";s:12:"cust_country";s:3:"050";i:12;s:15:"Deus ex Machina";s:12:"cust_company";s:15:"Deus ex Machina";}s:11:"intUserType";i:2;s:13:"intUserStatus";i:0;s:9:"boolLogin";b:1;}create|O:10:"createtest":5:{s:7:"arrTest";b:0;s:11:"arrSections";a:1:{i:0;a:2:{s:10:"section_id";i:1;s:12:"section_name";s:29:"Skriv navnet p? sektionen her";}}s:8:"arrPages";a:21:{s:10:"test_title";s:0:"";s:15:"test_short_desc";s:0:"";s:9:"test_type";s:1:"b";s:14:"test_responses";s:0:"";s:10:"test_start";s:0:"";s:8:"test_end";s:0:"";s:7:"test_fc";s:7:"#FDBE2C";s:7:"test_bc";s:7:"#FF6500";s:9:"test_desc";s:0:"";s:9:"test_link";s:0:"";s:14:"qsInternetHome";N;s:16:"qsInternetAccess";N;s:15:"qsInternetUsage";N;s:8:"qsLiving";N;s:7:"qsCivil";N;s:8:"qsGender";N;s:7:"EndYear";s:0:"";s:8:"EndMonth";s:1:"1";s:10:"StartMonth";s:1:"1";s:9:"StartYear";s:0:"";s:7:"private";N;}s:11:"intLastPage";s:1:"6";s:11:"intNrPeople";N;}arrSections|R:39;arrQuestions|N;

These are done at the exact same time in the "app".

Kind regards,
 David.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-02-05 11:06 UTC] david at deus dot dk
Clarification:

I am not trying to load a session between versions of PHP!

The bug happens when using PHP 4.0.4pl1, and the backtrace is generated from that.

I have however -- to test that it was the serialization that was buggy under 4.0.4pl1 -- created the same session in 4.0.1pl2 and tried to load it inder 4.0.4pl1, succesfully.

So whenever I use 4.0.4pl1 in apache it segfaults at that point in then application
 [2001-02-20 13:55 UTC] sas@php.net
Please send the session file which causes the segfault to sas@php.net (MIME preferred).  The bug db inserts white-space, so I cannot use the posted data. Thanks.
 [2001-04-10 09:53 UTC] sniper@php.net
No feedback. If this happens also with soon to be released PHP 4.0.5, reopen this bug report.

--Jani

 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 10:01:26 2024 UTC