PHP :: Bug #16646 :: segfault reading from session

Bug #16646

segfault reading from session

Submitted:

2002-04-16 19:35 UTC

Modified:

2002-05-25 00:00 UTC

Votes:	2
Avg. Score:	5.0 ± 0.0
Reproduced:	2 of 2 (100.0%)
Same Version:	1 (50.0%)
Same OS:	1 (50.0%)

From:

romans at void dot lv

Assigned:

Status:

No Feedback

Package:

Session related

PHP Version:

4.2.0

OS:

linux

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	romans at void dot lv
New email:
PHP Version:		OS:

New Comment:

[2002-04-16 19:35 UTC] romans at void dot lv

I sent bugreport earler about problems wish 
session_register. Now seems that the problem is even 
worse. 
 
when the session date grows large (over 6k), there is 
segfault in php code. 
 
here is a strace  
<snip> 
read(42, "<?\n// Foo_portal \"tab-c\" compati"..., 8192) = 
8192 
brk(0x822b000)                          = 0x822b000 
brk(0x822f000)                          = 0x822f000 
brk(0x8233000)                          = 0x8233000 
brk(0x8243000)                          = 0x8243000 
read(42, "f=\"f_\".$gi.\"_other\";\n     global"..., 8192) 
= 8192 
brk(0x8253000)                          = 0x8253000 
old_mmap(NULL, 249856, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40590000 
mremap(0x40590000, 249856, 69632, MREMAP_MAYMOVE) = 
0x40590000 
brk(0x8263000)                          = 0x8263000 
read(42, "me][$gi][\'fkey\']=array(\n\t\t\t\t\t   "..., 
8192) = 8192 
old_mmap(NULL, 249856, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x405a1000 
mremap(0x405a1000, 249856, 86016, MREMAP_MAYMOVE) = 
0x405a1000 
read(42, "   }else{\n     $this->display_fo"..., 8192) = 
4726 
read(42, "", 4096)                      = 0 
read(42, "", 8192)                      = 0 
ioctl(42, TCGETS, 0xbfffb628)           = -1 ENOTTY 
(Inappropriate ioctl for device) 
close(42)                               = 0 
munmap(0x40017000, 4096)                = 0 
lstat64(0xbfff9b4c, 0xbfffab94)         = 0 
lstat64(0xbfff9b4c, 0xbfffab94)         = 0 
open("/tmp/sess_dabfee3e9012da897012f24db5f753d0", O_RDWR) 
= 42 
flock(42, LOCK_EX)                      = 0 
fstat64(0x2a, 0xbfffcc5c)               = 0 
pread(42, "tab|O:13:\"dynamic_table\":11:{s:6"..., 6133, 
0) = 6133 
--- SIGSEGV (Segmentation fault) --- 
chdir("/usr")                           = 0 
rt_sigaction(SIGSEGV, {SIG_DFL}, {SIG_DFL}, 8) = 0 
getpid()                                = 27838 
kill(27838, SIGSEGV)                    = 0 
sigreturn()                             = ? (mask now []) 
--- SIGSEGV (Segmentation fault) --- 
 
Session file seems ok. Here is [session] section from 
php.ini 
 
 [Session] 
session.save_handler    = files 
session.save_path       = /tmp 
session.use_cookies     = 1 
session.name            = SID 
session.auto_start      = 0 
session.cookie_lifetime = 0 
session.cookie_path     = / 
session.cookie_domain   = 
session.serialize_handler = php 
session.gc_probability  = 1 
session.gc_maxlifetime  = 5440 
session.referer_check   = 
session.entropy_length  = 0 
session.entropy_file    = 
; session.entropy_length    = 16 
; session.entropy_file      = /dev/urandom 
session.cache_limiter   = nocache 
session.cache_expire    = 380 
session.use_trans_sid   = 1 
url_rewriter.tags       = 
"a=href,area=href,frame=src,input=src,form=fakeentry" 
 
yesterday i noticed that server returns zero sized entry, 
so i updated form 4.1.2/apache.1.3.20 to 
php4.2.0rc4/apach2.0.35 but the problem remains. 4.1.2 
worked fine before, i don't know what happened. 
 
romans

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-04-17 00:41 UTC] sniper@php.net

To properly diagnose this bug, we need a backtrace to see what is
happening behind the scenes. To find out how to generate a backtrace,
please read http://bugs.php.net/bugs-generating-backtrace.php

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open".

[2002-05-25 00:00 UTC] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Mon Dec 30 18:01:27 2024 UTC