PHP :: Bug #16278 :: reference to $_SESSION causes seg-fault

Bug #16278	reference to $_SESSION causes seg-fault
Submitted:	2002-03-26 00:02 UTC	Modified:	2002-03-26 03:25 UTC
From:	bhlyons at mail dot com	Assigned:
Status:	Not a bug	Package:	Reproducible crash
PHP Version:	4.1.2	OS:	Linux 2.2.16 (redhat 7.0)
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	bhlyons at mail dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2002-03-26 00:02 UTC] bhlyons at mail dot com

Configuration:
./configure --with-apxs --enable-debug
php.ini = php.ini-recommended
Apache 1.3.12

I have been using a procedure to create nicely-formatted tables of arrays and their contents for a long time.  It works very well under 4.1.2 (and previous 4.* verions) for displaying $GLOBALS if session_start has not been called.  If session_start has been called, it causes a seg-fault when the $HTTP_SESSION_VARS and/or $_SESSION is processed.

My normal script is much more elaborate, but I've stripped it to the bare minimum to make the bugs more obvious.  There are four 'fix' comments in the code - implementing any one will make the problem go away, but none should be necessary.

I have compiled 4.2.0rc1 with the same ./configure options and used the 4.2.0rc1-supplied php.ini-recommended file as part of a further test.  The output is the same, but the seg-fault is not reported to the error log with 4.2.0rc1.

------------ index.php -------------------

<?PHP

# fix 1 is to pass the array by value
function CVTT (&$array, $depth=0) {
  if($depth==0) {
    print "<PRE>\n";
  }
  while(list($key,$value)=each($array)) {
# fix 2 is to skip both instances of the session variables array
### If this session-skipping block is enabled, there are no problems
#    if($key=="_SESSION" || $key=="HTTP_SESSION_VARS") {
#      print "skipping $key\n";
#      continue;
#    }
### End of session-skipping block
    for($c=0;$c<$depth*5;$c++) {
      print " ";
    }
    print "$key=";
    if(is_array($value)) {
      $valuestring="Array";
    } elseif(is_object($value)) {
      $valuestring="Object";
    } elseif(is_bool($value)) {
      if($value) {
        $valuestring="Boolean True";
      } else {
        $valuestring="Boolean False";
      }
    } else {
      $valuestring=$value;
    }
    print "$valuestring\n";
    if(is_array($array[$key])) {
# fix 3 is to pass $value instead of $array[$key]
      CVTT($array[$key], $depth+1);
    }
  }
  if($depth==0) {
    print "</PRE>\n";
  }
}

# fix 4 is to eliminate the session_start
session_start();

$_SESSION['one']="two";

?>
<HTML>
<HEAD>
</HEAD>
<BODY>

<?PHP

CVTT($GLOBALS)

?>

</BODY>
</HTML>

---------------end of index.php -------------

I was not able to get a backtrace by following the instructions in the php documentation.  I'd be happy to try again with more-detailed instructions.

If there is any further testing you would like, please let me know.

Sincerely,
Bryan

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-03-26 03:20 UTC] sniper@php.net

So you're saying that with PHP 4.2.0RC1 it works?

[2002-03-26 03:25 UTC] tal@php.net

According to you, it wroks fine with 4.2.0rc1. So that doesn't really matter.

[2002-03-26 09:43 UTC] bhlyons at mail dot com

NO, I am saying that it does NOT work in PHP >= 4.1.0, including 4.2.0rc1.

What I meant by the 'output is the same' is that the stream sent to the browser gets prematurely truncated (when PHP dies) at roughly the same point in 4.1.2 and 4.2.0rc1.  With 4.1.2, the seg-fault gets reported to the error log.  With 4.2.0rc1, the seg-fault does not get reported to the error log, but it has definitely died prematurely.

This is a simple function that has worked for a long time, and works great now if session_start isn't called.  There is something peculiar about HTTP_SESSION_VARS and _SESSION when sessions are active that is causing the problem.  The SERVER/POST/GET vars, in both HTTP_ and _var forms are fine.  As a matter of fact, if session_start is not called, you can even create HTTP_SESSION_VARS and _SESSION arrays and they'll work fine, too, so it isn't just the name.

session_start does something to HTTP_SESSION_VARS and _SESSION and cause PHP to die under this code.  Paste my sample code into a file and see it for yourself.  Look carefully, the truncation is right near the end.  To make it more obvious, add a "<P>DONE</P>" just before </BODY> - you'll never see that text in the output.

Sincerely,
Bryan

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Mon Dec 22 12:00:01 2025 UTC