php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #37111 Apache crashes when strftime is called inside user defined session write func
Submitted: 2006-04-17 19:21 UTC Modified: 2010-10-27 13:30 UTC
Votes:11
Avg. Score:4.5 ± 0.8
Reproduced:10 of 11 (90.9%)
Same Version:3 (30.0%)
Same OS:4 (40.0%)
From: haakonsk at gmail dot com Assigned:
Status: No Feedback Package: Date/time related
PHP Version: 5.*, 6CVS (2008-11-11) OS: *
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: haakonsk at gmail dot com
New email:
PHP Version: OS:

 

 [2006-04-17 19:21 UTC] haakonsk at gmail dot com 
Description:
------------
Apache crashes when strftime is called inside a user-defined session write function. It doesn't seem to be a problem for the other user-defined session functions (at least not open, close or read).

Reproduce code:
---------------
session_set_save_handler('sess_open',
                         'sess_close',
                         'sess_read',
                         'sess_write',
                         'sess_destroy',
                         'sess_gc');

function sess_write($id, $sess_data)
{
  $time = strftime("%d %b %Y %H:%M:%S");
  return true;
}

Expected result:
----------------
No crash

Actual result:
--------------
Apache crashes.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-04-17 19:53 UTC] haakonsk at gmail dot com 
Apache also crashes when getdate or date is called instead of strftime. However, the "time" function does not cause Apache to crash.
 [2006-05-04 07:02 UTC] haakonsk at gmail dot com 
I haven't been able to generate the backtrace (need help/directions).

This problem is also present with PHP5.1.3.

Complete code example (result: apache crashes):
<?php

session_set_save_handler('sess_open',
                         'sess_close',
                         'sess_read',
                         'sess_write',
                         'sess_destroy',
                         'sess_gc');

session_start();
print_r($_SESSION);

$_SESSION['test'] = 2;

function sess_open($sess_path, $sess_name)
{
  return true;
}

function sess_close()
{
  return true;
}

function sess_read($id)
{
  return true;
}

function sess_write($id, $sess_data)
{
  $year = strftime("%Y");
  return true;
}

function sess_destroy($id)
{
  return true;
}

function sess_gc($max_lifetime)
{
  return true;
}

?>
 [2006-05-04 19:48 UTC] haakonsk at gmail dot com 
Apache version is 1.3.33
 [2006-07-17 14:32 UTC] bate@php.net 
I can verify this bug. This happens too with latest of everything. (apache, php)

This is also related to the pear::HTTP_Session2 package, because if you use this package you will get too an segfault under FreeBSD. I will provide a .core or backtrace later today. For both. WinXP and FreeBSD. (have to install MSVC)
 [2006-07-27 01:57 UTC] sniper@php.net 
And I can not reproduce this with latest of everything on Linux. Bate: Provide the backtrace please.
 [2006-07-27 06:32 UTC] tony2001@php.net 
AFAIK I told Derick what should be the reason: ext/date shutdowns and frees all resources before ext/session, so strftime() will access already freed timezonedb and other ext/date resources.
I'd say this is more ext/date related, as I suppose it's mshutdown handler should be run at the very end.
 [2006-07-27 09:27 UTC] derick@php.net 
But as we can't just run it at the end... I would say there is a more fundamental problem here...
 [2008-02-15 00:11 UTC] jani@php.net 
Why can't this be fixed by making ext/date the last extension to be unloaded? ie. simply rename config.m4 to config9.m4 :) (dunno how to do it for the windows build..does it have the same method of simple rename?)
 [2008-11-02 12:35 UTC] jani@php.net 
Derick, would you mind responding to my comment above?
 [2009-11-28 01:23 UTC] jani@php.net 
Antony, since you could reproduce this (?), can you try this patch:

  http://pecl.php.net/~jani/patches/bug37111.patch
 [2010-03-06 22:43 UTC] felipe@php.net
-Status: Assigned +Status: Feedback
 [2010-03-06 22:43 UTC] felipe@php.net 
Please try using this snapshot:

  http://snaps.php.net/php5.3-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/
 [2010-10-27 13:30 UTC] tony2001@php.net
-Status: Feedback +Status: No Feedback -Assigned To: tony2001 +Assigned To:
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 18:01:29 2024 UTC