PHP :: Bug #5338 :: Apache/mod_php segv's in php_rshutdown_session

Bug #5338	Apache/mod_php segv's in php_rshutdown_session_globals()
Submitted:	2000-07-03 12:33 UTC	Modified:	2000-08-21 20:33 UTC
From:	bharat at menalto dot com	Assigned:
Status:	Closed	Package:	Reproducible Crash
PHP Version:	4.0.1pl2	OS:	FreeBSD 4.0-STABLE
Private report:	No	CVE-ID:	None

View Developer Edit

[2000-07-03 12:33 UTC] bharat at menalto dot com

mod_php segv's when it tries to clean up a session.  It
appears to be triggered by changing the location of the
session path with a command like this in .htaccess:

php_value session.save_path ./sessions

The stack trace is below. 

--------------------------

(gdb) run -X -d /usr/local/apache
Starting program: /usr/local/apache/bin/httpd -X -d /usr/local/apache
Program received signal SIGSEGV, Segmentation fault.
0x283664ad in _efree (ptr=0x80fc080) at zend_alloc.c:205
205                     REMOVE_POINTER_FROM_LIST(p);
(gdb) w
Ambiguous command "w": watch, whatis, where, while, while-stepping, ws.
(gdb) where
#0  0x283664ad in _efree (ptr=0x80fc080) at zend_alloc.c:205
#1  0x283c200f in php_rshutdown_session_globals () at session.c:1282
#2  0x283c20d4 in php_rshutdown_session (type=1, module_number=3) at session.c:1319
#3  0x2837db58 in module_registry_cleanup (module=0x8293380) at zend_API.c:858
#4  0x2838099b in zend_hash_apply (ht=0x284530e0, apply_func=0x2837db1c <module_registry_cleanup>) at zend_hash.c:672
#5  0x2837d0d7 in zend_deactivate_modules () at zend.c:503
#6  0x2838bc3b in php_request_shutdown (dummy=0x0) at main.c:659
#7  0x28389a2a in php_apache_request_shutdown (dummy=0x0) at mod_php4.c:301
#8  0x8051271 in run_cleanups ()
#9  0x804f907 in ap_clear_pool ()
#10 0x804f987 in ap_destroy_pool ()
#11 0x805fece in child_main ()
#12 0x8060051 in make_child ()
#13 0x80601ca in startup_children ()
#14 0x80607d8 in standalone_main ()
#15 0x8061008 in main ()
#16 0x804f189 in _start ()
(gdb) up
#1  0x283c200f in php_rshutdown_session_globals () at session.c:1282
1282            efree(PS(save_path));
(gdb) list
1277                    PS(mod)->close(&PS(mod_data));
1278            if (PS(id)) 
1279                    efree(PS(id));
1280            efree(PS(entropy_file));
1281            efree(PS(extern_referer_chk));
1282            efree(PS(save_path));
1283            efree(PS(session_name));
1284            efree(PS(cache_limiter));
1285            efree(PS(cookie_path));
1286            efree(PS(cookie_domain));

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2000-07-03 12:37 UTC] bharat at menalto dot com

A tiny tarball that reproduces the problem is at:

http://www.menalto.com/php/bug_5338.tar.gz

[2000-07-27 20:28 UTC] waldschrott@php.net

Please verify that it?s still happening using the latest version from CVS or snaps.php.net.

[2000-08-20 02:44 UTC] sniper@php.net

No feedback from user.

--Jani

[2000-08-21 15:11 UTC] sniper@php.net

User doesn't have easy access to any machine where to 
try a newer version..so I'll try that code:

http://www.menalto.com/php/bug_5338.tar.gz

on my install..

(Could someone using Freebsd 4.0-stable could try it too ?)

--jani

[2000-08-21 20:33 UTC] sniper@php.net

I can not reproduce this with latest CVS.
Please upgrade your PHP to 4.0.2 when it is released and reopen
if this problem still persists.

--Jani

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sun Nov 02 17:00:02 2025 UTC