PHP :: Bug #14834 :: SegFault when passing HTTP_SESSION

Bug #14834

SegFault when passing HTTP_SESSION_VARS

Submitted:

2002-01-03 18:07 UTC

Modified:

2002-09-17 20:46 UTC

Votes:	7
Avg. Score:	4.4 ± 0.7
Reproduced:	6 of 6 (100.0%)
Same Version:	2 (33.3%)
Same OS:	3 (50.0%)

From:

Keith dot Watkins at developonline dot com

Assigned:

Status:

Closed

Package:

Session related

PHP Version:

4.1.0

OS:

Debian 3.0 (Woody)

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	Keith dot Watkins at developonline dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2002-01-03 18:07 UTC] Keith dot Watkins at developonline dot com

The following script always produces a segmentation fault on verison 4.1.0:  

<?
session_start();
$bar = foo($HTTP_SESSION_VARS);

function foo() {
        global $HTTP_SESSION_VARS;
        return true;
}
?>
<h1>Test is complete</h1>

The problem goes away if you remove the session array as a parameter to the foo() function (which is not expecting any parameters anyway).  The problem also goes away if you remove the "global" declaration inside the foo() function.  No errors or warning are generated when the function call occurs.  

Granted, this code snippet looks very odd (why would anyone want to pass HTTP_SESSION_VARS, for example), but was the quickest (least lines of code) way to set up the conditions that will always force the error.  The problem also occurs if you try to pass the new _SESSION array and still reference the older HTTP_SESSION_VARS in the function.

Reigster_globals is off.  Error_level is set to E_ALL.  Apache version is 1.3.22-5.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-01-06 22:30 UTC] yohgaki@php.net

Confirmed with 4.2.0-dev (2002/1/7). It does segfault with my linux also.

[2002-01-16 12:41 UTC] milen_a_radev at yahoo dot com

Confirmed with CVS snapshot php4-200201160300 (compiled as CGI), Linux 2.4.12.

PHP configuration is:
./configure --enable-debug



And another test case:

<?
session_register("test");
$HTTP_SESSION_VARS=$test;
?>


And the backtrace:


#0  0x8114b7e in _zend_is_inconsistent (ht=0x5a5a5a5a, file=0x8161e04 "zend_hash.c", line=975) at zend_hash.c:84
#1  0x8117116 in zend_hash_internal_pointer_reset_ex (ht=0x5a5a5a5a, pos=0xbffff320) at zend_hash.c:975
#2  0x808c5e2 in php_session_save_current_state () at session.c:577
#3  0x808ecb5 in php_session_flush () at session.c:1450
#4  0x808ece6 in zm_deactivate_session (type=1, module_number=3) at session.c:1467
#5  0x8113dbc in module_registry_cleanup (module=0x81ab508) at zend_API.c:1166
#6  0x811664c in zend_hash_apply (ht=0x818b920, apply_func=0x8113d84 <module_registry_cleanup>) at zend_hash.c:669
#7  0x8110d57 in zend_deactivate_modules () at zend.c:581
#8  0x806126e in php_request_shutdown (dummy=0x0) at main.c:722
#9  0x805fe14 in main (argc=2, argv=0xbffff9f4) at cgi_main.c:798
#10 0x400a5577 in __libc_start_main () from /lib/libc.so.6


The backtrace is the same as the one generated by the previous test case.

[2002-02-13 22:39 UTC] yohgaki@php.net

Will be fixed soon

[2002-03-05 03:43 UTC] yohgaki@php.net

Zeev was tried to fix (the idea was the same as mine when I update this report)

There are issue about wrong reference to $_SESSION and $HTTP_SESSION_VARS even with the patch. Therefore, I 
didn't committed. Problem is solved partially, there is a _serious_
problem for $_SESSION/$HTTP_SESSION_VARS.

This will be fixed by 4.2.0

[2002-03-05 18:35 UTC] yohgaki@php.net

This bug has been fixed in CVS.

It's probably fixed in CVS. Please reopen if there is the problem.

[2002-03-06 20:22 UTC] yohgaki@php.net

There is problem still

[2002-05-25 10:55 UTC] milen_a_radev at yahoo dot com

I just installed (compiled) PHP 4.2.1 and made the same tests. Now there are NO segfaults in the log. I suppose the bug IS fixed. Anyone to confirm that?

[2002-09-17 20:46 UTC] iliaa@php.net

Thank you for your bug report. This issue has already been fixed
in the latest released version of PHP, which you can download at 
http://www.php.net/downloads.php

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Mon Jun 10 21:01:31 2024 UTC