php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #37111 Apache crashes when strftime is called inside user defined session write func
Submitted: 2006-04-17 19:21 UTC Modified: 2010-10-27 13:30 UTC
Votes:11
Avg. Score:4.5 ± 0.8
Reproduced:10 of 11 (90.9%)
Same Version:3 (30.0%)
Same OS:4 (40.0%)
From: haakonsk at gmail dot com Assigned:
Status: No Feedback Package: Date/time related
PHP Version: 5.*, 6CVS (2008-11-11) OS: *
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: haakonsk at gmail dot com
New email:
PHP Version: OS:

 

 [2006-04-17 19:21 UTC] haakonsk at gmail dot com 
Description:
------------
Apache crashes when strftime is called inside a user-defined session write function. It doesn't seem to be a problem for the other user-defined session functions (at least not open, close or read).

Reproduce code:
---------------
session_set_save_handler('sess_open',
                         'sess_close',
                         'sess_read',
                         'sess_write',
                         'sess_destroy',
                         'sess_gc');

function sess_write($id, $sess_data)
{
  $time = strftime("%d %b %Y %H:%M:%S");
  return true;
}

Expected result:
----------------
No crash

Actual result:
--------------
Apache crashes.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-04-17 19:53 UTC] haakonsk at gmail dot com 
Apache also crashes when getdate or date is called instead of strftime. However, the "time" function does not cause Apache to crash.
 [2006-05-04 07:02 UTC] haakonsk at gmail dot com 
I haven't been able to generate the backtrace (need help/directions).

This problem is also present with PHP5.1.3.

Complete code example (result: apache crashes):
<?php

session_set_save_handler('sess_open',
                         'sess_close',
                         'sess_read',
                         'sess_write',
                         'sess_destroy',
                         'sess_gc');

session_start();
print_r($_SESSION);

$_SESSION['test'] = 2;

function sess_open($sess_path, $sess_name)
{
  return true;
}

function sess_close()
{
  return true;
}

function sess_read($id)
{
  return true;
}

function sess_write($id, $sess_data)
{
  $year = strftime("%Y");
  return true;
}

function sess_destroy($id)
{
  return true;
}

function sess_gc($max_lifetime)
{
  return true;
}

?>
 [2006-05-04 19:48 UTC] haakonsk at gmail dot com 
Apache version is 1.3.33
 [2006-07-17 14:32 UTC] bate@php.net 
I can verify this bug. This happens too with latest of everything. (apache, php)

This is also related to the pear::HTTP_Session2 package, because if you use this package you will get too an segfault under FreeBSD. I will provide a .core or backtrace later today. For both. WinXP and FreeBSD. (have to install MSVC)
 [2006-07-27 01:57 UTC] sniper@php.net 
And I can not reproduce this with latest of everything on Linux. Bate: Provide the backtrace please.
 [2006-07-27 06:32 UTC] tony2001@php.net 
AFAIK I told Derick what should be the reason: ext/date shutdowns and frees all resources before ext/session, so strftime() will access already freed timezonedb and other ext/date resources.
I'd say this is more ext/date related, as I suppose it's mshutdown handler should be run at the very end.
 [2006-07-27 09:27 UTC] derick@php.net 
But as we can't just run it at the end... I would say there is a more fundamental problem here...
 [2008-02-15 00:11 UTC] jani@php.net 
Why can't this be fixed by making ext/date the last extension to be unloaded? ie. simply rename config.m4 to config9.m4 :) (dunno how to do it for the windows build..does it have the same method of simple rename?)
 [2008-11-02 12:35 UTC] jani@php.net 
Derick, would you mind responding to my comment above?
 [2009-11-28 01:23 UTC] jani@php.net 
Antony, since you could reproduce this (?), can you try this patch:

  http://pecl.php.net/~jani/patches/bug37111.patch
 [2010-03-06 22:43 UTC] felipe@php.net
-Status: Assigned +Status: Feedback
 [2010-03-06 22:43 UTC] felipe@php.net 
Please try using this snapshot:

  http://snaps.php.net/php5.3-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/
 [2010-10-27 13:30 UTC] tony2001@php.net
-Status: Feedback +Status: No Feedback -Assigned To: tony2001 +Assigned To:
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sun Nov 24 02:01:28 2024 UTC