|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2016-03-10 07:03 UTC] laruence@php.net
[2016-03-10 07:03 UTC] laruence@php.net
-Status: Open
+Status: Closed
[2016-03-11 23:43 UTC] yohgaki@php.net
[2016-03-14 14:59 UTC] ab@php.net
[2016-07-20 11:33 UTC] davey@php.net
[2016-07-20 11:33 UTC] davey@php.net
|
|||||||||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu Nov 21 20:01:29 2024 UTC |
Description: ------------ The included trivial 2-line-script crashed php-cgi with the following backtrace: (gdb) run bugtest2.php Starting program: /usr/bin/php-cgi7.0 bugtest2.php [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Program received signal SIGSEGV, Segmentation fault. zend_hash_str_find (ht=0x0, str=str@entry=0xd33ece "REQUEST_URI", len=len@entry=11) at /var/tmp/portage/dev-lang/php-7.0.4/work/sapis-build/cgi/Zend/zend_hash.c:1959 1959 /var/tmp/portage/dev-lang/php-7.0.4/work/sapis-build/cgi/Zend/zend_hash.c: No such file or directory. (gdb) bt #0 zend_hash_str_find (ht=0x0, str=str@entry=0xd33ece "REQUEST_URI", len=len@entry=11) at /var/tmp/portage/dev-lang/php-7.0.4/work/sapis-build/cgi/Zend/zend_hash.c:1959 #1 0x0000000000640aeb in php_session_start () at /var/tmp/portage/dev-lang/php-7.0.4/work/sapis-build/cgi/ext/session/session.c:1613 #2 0x0000000000641cd5 in zif_session_start (execute_data=<optimized out>, return_value=0x7ffff0612090) at /var/tmp/portage/dev-lang/php-7.0.4/work/sapis-build/cgi/ext/session/session.c:2312 #3 0x000000000083c39e in ZEND_DO_ICALL_SPEC_HANDLER () at /var/tmp/portage/dev-lang/php-7.0.4/work/sapis-build/cgi/Zend/zend_vm_execute.h:586 #4 0x000000000082c83b in execute_ex (ex=<optimized out>) at /var/tmp/portage/dev-lang/php-7.0.4/work/sapis-build/cgi/Zend/zend_vm_execute.h:414 #5 0x0000000000888689 in zend_execute (op_array=<optimized out>, return_value=<optimized out>) at /var/tmp/portage/dev-lang/php-7.0.4/work/sapis-build/cgi/Zend/zend_vm_execute.h:458 #6 0x00000000007e9537 in zend_execute_scripts (type=type@entry=8, retval=retval@entry=0x0, file_count=file_count@entry=3) at /var/tmp/portage/dev-lang/php-7.0.4/work/sapis-build/cgi/Zend/zend.c:1427 #7 0x000000000077c0a8 in php_execute_script ( primary_file=primary_file@entry=0x7fffffffd390) at /var/tmp/portage/dev-lang/php-7.0.4/work/sapis-build/cgi/main/main.c:2484 #8 0x000000000048d5f7 in main (argc=2, argv=0x7fffffffd818) at /var/tmp/portage/dev-lang/php-7.0.4/work/sapis-build/cgi/sapi/cgi/cgi_main.c:2453 Test script: --------------- <?php ini_set("session.use_only_cookies","0"); session_start(); ?> Expected result: ---------------- Just an empty page, because while the script does start a session it does nothing else. Instead I get an 500 internal server error, because the cgi process was aborted with a segfault. I'm fileing this seperate bug in addition zu #71599, because nobody seems to care that the transparend session id feature is broken. I hope this trivial triggereble segfault gets some attention. The cause seems to be the following commit: https://github.com/php/php-src/commit/f248df900300c5b2201d4cf634d58d413399e2eb Please revert this commit because of the following reasons: * Its description ("Behavior is unchanged.") is plain wrong: The change causes PHPSESSID parameters added to all URLs even if the user has cookies enabled. That is a behavior change. * Its contains bugs, because on multiple occasions I have seen it adding multiple PHPSESSID parameters. * It removes a validation check (Z_ISUNDEF(PG(http_globals)[TRACK_VARS_SERVER])) and because of that the option session.use_only_cookie=0 now triggers a segfault when calling session_start(). (At least when using the cgi variant of php.)