php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #27487 yet another session_decode crash
Submitted: 2004-03-04 01:58 UTC Modified: 2004-03-06 14:04 UTC
From: xuefer at 21cn dot com Assigned:
Status: Closed Package: Session related
PHP Version: 4.3.5RC3 OS: winxp/linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: xuefer at 21cn dot com
New email:
PHP Version: OS:

 

 [2004-03-04 01:58 UTC] xuefer at 21cn dot com 
Description:
------------
tested on php4.3.4 and 4.3.5RC3
the data is produced by session_decode() but corrupted
the corrupted-data is base64 encoded in script, just for easy download


Reproduce code:
---------------
http://www.our-sky.com/misc/session.phps (will be removed when bug closed)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-03-04 03:36 UTC] derick@php.net 
I fail to see how I can reproduce it. Can you tell me how you did get this corrupted data? As it looks to me that there is a bug in serializing here, not deserializing. I think it has to do with the binary stuff inside the _cached_html part though and Windows ;-) Can you provide the variable before serialization (use var_export($_SESSION) to obtain it).
 [2004-03-04 04:02 UTC] xuefer at 21cn dot com 
can you reproduce the crash?

i used sql as session save handler
corrupted data may not bug of sedssion_encode(), it's bug of GBK mysql( http://bugs.mysql.com/bug.php?id=369 ), as when i use file, no crash

but it IS bug of session_decode(), it shouldn't crash on corrupted data.
e.g.: saving session data but crashed by other thread, data is corrupted. when page load again, session_decode crash.
and anyone who use vhost, can write a simple script to make php crash
the server admin can hardly track who and what make the crash.


and if possible, pls make session_encode() do base64_encode, because may ppl use his own sql-save-handler
e.g.: session_use_text_encode(true);
 [2004-03-04 09:46 UTC] kennyt@php.net 
That's some nasty session data.

It crashes 4.3.2 and 5.0 CVS with a Segmentation Fault, which occurs *after* script execution (probably when PHP attempts to write the session to a file).
 [2004-03-06 14:04 UTC] iliaa@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri Sep 19 05:00:01 2025 UTC