PHP :: Bug #53295 :: if bailout is called on rshutdown, session segfault on next request

Bug #53295	if bailout is called on rshutdown, session segfault on next request
Submitted:	2010-11-11 15:50 UTC	Modified:	2015-02-02 09:20 UTC
From:	yoram dot b at zend dot com	Assigned:	yohgaki (profile)
Status:	Closed	Package:	Session related
PHP Version:	5.3.3	OS:	All
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	yoram dot b at zend dot com
New email:
PHP Version:		OS:

New Comment:

[2010-11-11 15:50 UTC] yoram dot b at zend dot com

Description:
------------
session sets it's handlers to NULL at rshutdown.
in case of bailout in rshutdown (by other extension), this cleanup will not happen and next request will segfault.

setting to NULL at RINIT works around the problem.

Test script:
---------------
<?php
function open($save_path, $session_name)
{
  global $sess_save_path;

  $sess_save_path = $save_path;
  return(true);
}

function close()
{
  return(true);
}

function read($id)
{
  global $sess_save_path;

  $sess_file = "$sess_save_path/sess_$id";
  return (string) @file_get_contents($sess_file);
}

function write($id, $sess_data)
{
  global $sess_save_path;

  $sess_file = "$sess_save_path/sess_$id";
  if ($fp = @fopen($sess_file, "w")) {
    $return = fwrite($fp, $sess_data);
    fclose($fp);
    return $return;
  } else {
    return(false);
  }

}

function destroy($id)
{
  global $sess_save_path;

  $sess_file = "$sess_save_path/sess_$id";
  return(@unlink($sess_file));
}

function gc($maxlifetime)
{
  global $sess_save_path;

  foreach (glob("$sess_save_path/sess_*") as $filename) {
    if (filemtime($filename) + $maxlifetime < time()) {
      @unlink($filename);
    }
  }
  return true;
}

session_set_save_handler("open", "close", "read", "write", "destroy", "gc");

session_start();

// proceed to use sessions normally

?>

Patches

session5.3.3.diff (last revision 2010-11-11 14:51 UTC by yoram dot b at zend dot com)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2010-11-12 00:13 UTC] felipe@php.net

-Summary: if bailout is called on rshutdown, session segfualt on next request +Summary: if bailout is called on rshutdown, session segfault on next request

[2014-07-13 02:56 UTC] yohgaki@php.net

-Package: Scripting Engine problem +Package: Session related -Assigned To: +Assigned To: yohgaki

[2015-02-02 09:20 UTC] yohgaki@php.net

-Status: Assigned +Status: Closed

[2015-02-02 09:20 UTC] yohgaki@php.net

I think this is already fixed in released versions.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Jul 16 23:01:33 2025 UTC