PHP :: Bug #16082 :: libmm 1.1.3 session save handler = crash

Bug #16082	libmm 1.1.3 session save handler = crash
Submitted:	2002-03-14 15:09 UTC	Modified:	2002-04-10 19:13 UTC
From:	wboring at qualys dot com	Assigned:
Status:	Closed	Package:	Session related
PHP Version:	4.1.2	OS:	Linux Redhat 7.1
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	wboring at qualys dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2002-03-14 15:09 UTC] wboring at qualys dot com

I am trying to get php 4.1.2 working with mm support (libmm 1.1.3) to act as my session save handler.  I have a 100% reproducable segfault w/ apache 1.3.23.  I have been able to
reproduce this on Redhat 7.1 and Mandrake 8.1, with 2 different machines.  This happens with and w/o the Zend Optimizer.  The gdb stack dump here shows that I was running the Optimizer at the time.

My php configure line is as follows:
./configure \
--with-mm=/usr/local \
--with-apxs=/usr/local/apache/bin/apxs \
--disable-debug

(normally, I have a bunch of other items in the configure line, but I wanted to narrow the crash down to the least amount of variables)


The php script is very simple:

<?php

session_start();

if ( !isset($_SESSION["foo"]) ) {
  $_SESSION["foo"] = 100;
} else {
  $_SESSION["foo"]++;
}


var_dump( $_SESSION );
?>

Here is the gdb output: 

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (LWP 28561)]
0x402ae4f9 in ps_srlzr_decode_php (val=0x81066ec "", vallen=135269900)
    at session.c:394
394                             if (++q >= endptr) goto break_outer_loop;
(gdb) bt
#0  0x402ae4f9 in ps_srlzr_decode_php (val=0x81066ec "", vallen=135269900)
    at session.c:394
#1  0x402ae8b1 in php_session_decode (val=0x81066ec "", vallen=135269900)
    at session.c:457
#2  0x402aeb03 in php_session_initialize () at session.c:524
#3  0x402afbb2 in php_session_start () at session.c:890
#4  0x402b0e55 in zif_session_start (ht=0, return_value=0x8100dec,
    this_ptr=0x0, return_value_used=0) at session.c:1264
#5  0x443ef70b in zend_assign_to_variable_reference ()
   from /usr/local/Zend/lib/ZendOptimizer.so
#6  0x443f9325 in zend_oe () from /usr/local/Zend/lib/ZendOptimizer.so
#7  0x402752e4 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at zend.c:814
#8  0x40282b85 in php_execute_script (primary_file=0xbffff440) at main.c:1307
#9  0x4027ecf2 in apache_php_module_main (r=0x80f9a74, display_source_mode=0)
    at sapi_apache.c:90
#10 0x4027f7ce in send_php (r=0x80f9a74, display_source_mode=0, filename=0x0)
    at mod_php4.c:575
#11 0x4027f822 in send_parsed_php (r=0x80f9a74) at mod_php4.c:590
#12 0x080727b7 in ap_invoke_handler ()
#13 0x080869ff in process_request_internal ()
#14 0x08086a60 in ap_process_request ()
#15 0x0807de6d in child_main ()
#16 0x0807e0db in make_child ()
#17 0x0807e18c in startup_children ()
#18 0x0807e808 in standalone_main ()
#19 0x0807f067 in main ()
#20 0x40111627 in __libc_start_main (main=0x807ecc8 <main>, argc=1,
    ubp_av=0xbffff884, init=0x804e760 <_init>, fini=0x809c0c0 <_fini>,
    rtld_fini=0x4000dcc4 <_dl_fini>, stack_end=0xbffff87c)
    at ../sysdeps/generic/libc-start.c:129

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-04-10 19:13 UTC] sniper@php.net

This bug has been fixed in CVS.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Thu Dec 04 23:00:01 2025 UTC