PHP :: Bug #39602 :: Invalid session.save

Bug #39602	Invalid session.save_handler crashes PHP
Submitted:	2006-11-23 08:01 UTC	Modified:	2006-11-23 08:07 UTC
From:	dmitry@php.net	Assigned:	dmitry (profile)
Status:	Closed	Package:	Reproducible crash
PHP Version:	5CVS-2006-11-23 (CVS)	OS:	*
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	dmitry@php.net
New email:
PHP Version:		OS:

New Comment:

[2006-11-23 08:01 UTC] dmitry@php.net

Description:
------------
PHP may crash if php.ini contains invalid setting for "session.save_handler" directive.

Reproduce code:
---------------
<?php
ini_set("session.save_handler","files");
$x = new stdClass();
?>

Expected result:
----------------
no crach

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
0x0832cd57 in zend_objects_store_mark_destructed (objects=0x84697b8)
    at /home/dmitry/php/php5.2/Zend/zend_objects_API.c:70
70                      if (objects->object_buckets[i].valid) {
(gdb) p objects->object_buckets
$2 = (zend_object_store_bucket *) 0x0
(gdb) bt
#0  0x0832cd57 in zend_objects_store_mark_destructed (objects=0x84697b8)
    at /home/dmitry/php/php5.2/Zend/zend_objects_API.c:70
#1  0x082b9af7 in php_error_cb (type=1, error_filename=0x8434bcb "Unknown",
    error_lineno=0, format=0x8419663 "%s", args=0xbf801c58 "??\224\b")
    at /home/dmitry/php/php5.2/main/main.c:838
#2  0x0012c265 in soap_error_handler (error_num=1,
    error_filename=0x8434bcb "Unknown", error_lineno=0, format=0x8419663 "%s",
    args=0xbf801c58 "??\224\b") at /home/dmitry/php/php5.2/ext/soap/soap.c:2022
#3  0x0830bac3 in zend_error (type=1, format=0x8419663 "%s")
    at /home/dmitry/php/php5.2/Zend/zend.c:946
#4  0x082b921f in php_verror (docref=0x0, params=0x84190b1 "", type=1,
    format=0x83f45eb "Cannot find save handler %s",
    args=0xbf801d3c "@\226\206\b(?\224\b\224>\224\bh\035\200?S?.\b")
    at /home/dmitry/php/php5.2/main/main.c:584
#5  0x082b9289 in php_error_docref0 (docref=0x0, type=1,
    format=0x83f45eb "Cannot find save handler %s")
    at /home/dmitry/php/php5.2/main/main.c:596
#6  0x0819d614 in OnUpdateSaveHandler (entry=0x88c6c10,
    new_value=0x8869640 "qwerty", new_value_length=6, mh_arg1=0x0,
    mh_arg2=0x0, mh_arg3=0x0, stage=8)
    at /home/dmitry/php/php5.2/ext/session/session.c:107
#7  0x08320e95 in zend_restore_ini_entry_cb (ini_entry=0x88c6c10, stage=8)
    at /home/dmitry/php/php5.2/Zend/zend_ini.c:55
#8  0x08320f2c in zend_restore_ini_entry_wrapper (ini_entry=0x894eb88)
    at /home/dmitry/php/php5.2/Zend/zend_ini.c:70
#9  0x08317f53 in zend_hash_apply (ht=0x894e458,
    apply_func=0x8320f11 <zend_restore_ini_entry_wrapper>)
    at /home/dmitry/php/php5.2/Zend/zend_hash.c:668
#10 0x08321031 in zend_ini_deactivate ()
    at /home/dmitry/php/php5.2/Zend/zend_ini.c:109
#11 0x0830b8b7 in zend_deactivate () at /home/dmitry/php/php5.2/Zend/zend.c:850
#12 0x082ba99a in php_request_shutdown (dummy=0x0)
    at /home/dmitry/php/php5.2/main/main.c:1300
#13 0x0838631e in main (argc=4, argv=0xbf804304)
    at /home/dmitry/php/php5.2/sapi/cgi/cgi_main.c:1792

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-11-23 08:07 UTC] dmitry@php.net

Fixed in CVS HEAD and PHP_5_2.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 15:01:30 2024 UTC