PHP :: Bug #16082 :: libmm 1.1.3 session save handler = crash

Bug #16082	libmm 1.1.3 session save handler = crash
Submitted:	2002-03-14 15:09 UTC	Modified:	2002-04-10 19:13 UTC
From:	wboring at qualys dot com	Assigned:
Status:	Closed	Package:	Session related
PHP Version:	4.1.2	OS:	Linux Redhat 7.1
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	wboring at qualys dot com
New email:
PHP Version:		OS:

New Comment:

[2002-03-14 15:09 UTC] wboring at qualys dot com

I am trying to get php 4.1.2 working with mm support (libmm 1.1.3) to act as my session save handler.  I have a 100% reproducable segfault w/ apache 1.3.23.  I have been able to
reproduce this on Redhat 7.1 and Mandrake 8.1, with 2 different machines.  This happens with and w/o the Zend Optimizer.  The gdb stack dump here shows that I was running the Optimizer at the time.

My php configure line is as follows:
./configure \
--with-mm=/usr/local \
--with-apxs=/usr/local/apache/bin/apxs \
--disable-debug

(normally, I have a bunch of other items in the configure line, but I wanted to narrow the crash down to the least amount of variables)


The php script is very simple:

<?php

session_start();

if ( !isset($_SESSION["foo"]) ) {
  $_SESSION["foo"] = 100;
} else {
  $_SESSION["foo"]++;
}


var_dump( $_SESSION );
?>

Here is the gdb output: 

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (LWP 28561)]
0x402ae4f9 in ps_srlzr_decode_php (val=0x81066ec "", vallen=135269900)
    at session.c:394
394                             if (++q >= endptr) goto break_outer_loop;
(gdb) bt
#0  0x402ae4f9 in ps_srlzr_decode_php (val=0x81066ec "", vallen=135269900)
    at session.c:394
#1  0x402ae8b1 in php_session_decode (val=0x81066ec "", vallen=135269900)
    at session.c:457
#2  0x402aeb03 in php_session_initialize () at session.c:524
#3  0x402afbb2 in php_session_start () at session.c:890
#4  0x402b0e55 in zif_session_start (ht=0, return_value=0x8100dec,
    this_ptr=0x0, return_value_used=0) at session.c:1264
#5  0x443ef70b in zend_assign_to_variable_reference ()
   from /usr/local/Zend/lib/ZendOptimizer.so
#6  0x443f9325 in zend_oe () from /usr/local/Zend/lib/ZendOptimizer.so
#7  0x402752e4 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at zend.c:814
#8  0x40282b85 in php_execute_script (primary_file=0xbffff440) at main.c:1307
#9  0x4027ecf2 in apache_php_module_main (r=0x80f9a74, display_source_mode=0)
    at sapi_apache.c:90
#10 0x4027f7ce in send_php (r=0x80f9a74, display_source_mode=0, filename=0x0)
    at mod_php4.c:575
#11 0x4027f822 in send_parsed_php (r=0x80f9a74) at mod_php4.c:590
#12 0x080727b7 in ap_invoke_handler ()
#13 0x080869ff in process_request_internal ()
#14 0x08086a60 in ap_process_request ()
#15 0x0807de6d in child_main ()
#16 0x0807e0db in make_child ()
#17 0x0807e18c in startup_children ()
#18 0x0807e808 in standalone_main ()
#19 0x0807f067 in main ()
#20 0x40111627 in __libc_start_main (main=0x807ecc8 <main>, argc=1,
    ubp_av=0xbffff884, init=0x804e760 <_init>, fini=0x809c0c0 <_fini>,
    rtld_fini=0x4000dcc4 <_dl_fini>, stack_end=0xbffff87c)
    at ../sysdeps/generic/libc-start.c:129

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-04-10 19:13 UTC] sniper@php.net

This bug has been fixed in CVS.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Thu Dec 04 23:00:01 2025 UTC