PHP :: Bug #38405 :: Segmentation fault on using invalid save handler

Bug #38405	Segmentation fault on using invalid save handler
Submitted:	2006-08-09 23:32 UTC	Modified:	2006-08-10 21:53 UTC
From:	archer at priorityonline dot net	Assigned:
Status:	Closed	Package:	Reproducible crash
PHP Version:	5.1.4	OS:	Debian-AMD64
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	archer at priorityonline dot net
New email:
PHP Version:		OS:

New Comment:

[2006-08-09 23:32 UTC] archer at priorityonline dot net

Description:
------------
PHP Seems to crash (Segmentation Fault) when you provide it with an invalid save_handler in PHP.ini.

I've attached a backtrace below.



Reproduce code:
---------------
Setting the save_handler value in php.ini to an invalid value
eg.
session.save_handler = file



Expected result:
----------------
PHP Fatal error:  Unknown: Cannot find save handler file in Unknown on line 0


Actual result:
--------------
(gdb) bt
#0  0x000000000067a493 in zend_objects_store_mark_destructed (objects=0xaa00f8) at /root/php-5.1.4/Zend/zend_objects_API.c:70
#1  0x0000000000624132 in php_error_cb (type=0, error_filename=0x86911d "Unknown", error_lineno=0, format=<value optimized out>, args=<value optimized out>) at /root/php-5.1.4/main/main.c:827
#2  0x0000000000661174 in zend_error (type=1, format=0x86f486 "%s") at /root/php-5.1.4/Zend/zend.c:967
#3  0x000000000062383d in php_verror (docref=0x0, params=<value optimized out>, type=1, format=<value optimized out>, args=0xe88138) at /root/php-5.1.4/main/main.c:572
#4  0x0000000000623bcb in php_error_docref0 (docref=0xaa00f8 "", type=16, format=0x1 <Address 0x1 out of bounds>) at /root/php-5.1.4/main/main.c:592
#5  0x0000000000559e74 in OnUpdateSaveHandler (entry=<value optimized out>, new_value=0xab0340 "file", new_value_length=<value optimized out>, mh_arg1=<value optimized out>, 
    mh_arg2=<value optimized out>, mh_arg3=<value optimized out>, stage=8) at /root/php-5.1.4/ext/session/session.c:102
#6  0x000000000067190b in zend_restore_ini_entry_cb (ini_entry=0xbc91b0, stage=8) at /root/php-5.1.4/Zend/zend_ini.c:55
#7  0x000000000066a6bb in zend_hash_apply_with_argument (ht=0xaa6250, apply_func=0x671830 <zend_restore_ini_entry_cb>, argument=0x8) at /root/php-5.1.4/Zend/zend_hash.c:685
#8  0x00000000006719da in zend_ini_deactivate () at /root/php-5.1.4/Zend/zend_ini.c:101
#9  0x0000000000660c26 in zend_deactivate () at /root/php-5.1.4/Zend/zend.c:863
#10 0x0000000000624e2c in php_request_shutdown (dummy=<value optimized out>) at /root/php-5.1.4/main/main.c:1287
#11 0x00000000006ecf8a in main (argc=3, argv=0x7fffa1fa11a8) at /root/php-5.1.4/sapi/cgi/cgi_main.c:1666

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-08-09 23:37 UTC] archer at priorityonline dot net

Extra Information missing from backtrace ->

#0  0x000000000067a493 in zend_objects_store_mark_destructed (objects=0xaa00f8) at /root/php-5.1.4/Zend/zend_objects_API.c:70
70                      if (objects->object_buckets[i].valid) {

[2006-08-10 07:49 UTC] tony2001@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip

[2006-08-10 14:45 UTC] archer at priorityonline dot net

Nope, happens every time i try to run phpmyadmin through php  if that helps. I've no idea which line actually causes it to seg tho, trying to figure that one out :/

Core was generated by `php-fcgi -c /root/php.break.ini index.php'.
Program terminated with signal 11, Segmentation fault.
#0  0x0000000000795c4c in zend_objects_store_mark_destructed (objects=0xbe6900) at /root/php5.2-200608101230/Zend/zend_objects_API.c:70
70                      if (objects->object_buckets[i].valid) {

#0  0x0000000000795c4c in zend_objects_store_mark_destructed (objects=0xbe6900) at /root/php5.2-200608101230/Zend/zend_objects_API.c:70
#1  0x000000000071874d in php_error_cb (type=1, error_filename=0xa1f27b "Unknown", error_lineno=0, format=0xa01f39 "%s", args=0x7ffff029b620) at /root/php5.2-200608101230/main/main.c:836
#2  0x00000000007714cb in zend_error (type=1, format=0xa01f39 "%s") at /root/php5.2-200608101230/Zend/zend.c:944
#3  0x0000000000717a6f in php_verror (docref=0x0, params=0xa01a41 "", type=1, format=0x9d63b7 "Cannot find save handler %s", args=0x7ffff029b860) at /root/php5.2-200608101230/main/main.c:574
#4  0x0000000000717cb5 in php_error_docref0 (docref=0x0, type=1, format=0x9d63b7 "Cannot find save handler %s") at /root/php5.2-200608101230/main/main.c:594
#5  0x00000000005e758c in OnUpdateSaveHandler (entry=0xd20720, new_value=0xbf83c0 "file", new_value_length=4, mh_arg1=0x0, mh_arg2=0x0, mh_arg3=0x0, stage=8)
    at /root/php5.2-200608101230/ext/session/session.c:103
#6  0x0000000000788d7e in zend_restore_ini_entry_cb (ini_entry=0xd20720, stage=8) at /root/php5.2-200608101230/Zend/zend_ini.c:55
#7  0x0000000000788e27 in zend_restore_ini_entry_wrapper (ini_entry=0x2ba7bf365d88) at /root/php5.2-200608101230/Zend/zend_ini.c:70
#8  0x000000000077f661 in zend_hash_apply (ht=0x2ba7bcf46388, apply_func=0x788e0a <zend_restore_ini_entry_wrapper>) at /root/php5.2-200608101230/Zend/zend_hash.c:666
#9  0x0000000000788f18 in zend_ini_deactivate () at /root/php5.2-200608101230/Zend/zend_ini.c:109
#10 0x000000000077117f in zend_deactivate () at /root/php5.2-200608101230/Zend/zend.c:848
#11 0x000000000071966e in php_request_shutdown (dummy=0x0) at /root/php5.2-200608101230/main/main.c:1300
#12 0x00000000007f5bbb in main (argc=4, argv=0x7ffff029e0e8) at /root/php5.2-200608101230/sapi/cgi/cgi_main.c:1667

[2006-08-10 14:48 UTC] tony2001@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.

[2006-08-10 14:52 UTC] archer at priorityonline dot net

Curious tho , as it displays the output of the page .. and then promptly crashes rather than exiting cleanly.

eg: 
<page html>
    PHP Fatal error:  Unknown: Cannot find save handler file in Unknown on line 0
Segmentation fault (core dumped)

[2006-08-10 14:59 UTC] tony2001@php.net

We still need a short reproduce case.

[2006-08-10 21:53 UTC] archer at priorityonline dot net

I'm gonna go scour the phpmyadmin code

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Mon Jul 14 22:01:35 2025 UTC