php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #12180 ob_start() + session_start() + die() == SIGSEGV
Submitted: 2001-07-15 19:51 UTC Modified: 2001-08-03 16:17 UTC
From: tduffey at homeboyz dot com Assigned:
Status: Closed Package: Session related
PHP Version: 4.0.6 OS: FreeBSD 4.3
Private report: No CVE-ID: None
 [2001-07-15 19:51 UTC] tduffey at homeboyz dot com
PHP segfaults when output buffering and sessions are enabled and a script is terminated using exit() or die() before flushing or cleaning the contents of the output buffer.  The problem has been reproduced on two unique servers both running Apache 1.3.20 and PHP 4.0.6.  The following short script reproduces the segfault:

<?php

ob_start();
//ob_start('ob_gzhandler', 4096);

session_start();

function redirect($url)
{
        //ob_end_clean();
        die();
}

if (empty($infoMsg))
        redirect("$PHP_SELF?infoMsg=hello+world");
else
        echo $infoMsg;

ob_end_flush();

?>

Note that the problem goes away when any one of the following changes are made the the script:

1) Use ob_gzhandler callback in ob_start()
2) Do not start session
3) Flush or clean the output buffer before terminating script

And the backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x283997e4 in url_adapt_ext_ex (src=0x811400c "", srclen=0, name=0x283cc470 "PHPSESSID", 
    value=0x810a2cc "9d8daa9e6ea942bbd3a0a05d834ee01a", newlen=0xbfbff88c) at url_scanner_ex.c:670
670             smart_str_0(&ctx->result);
(gdb) bt
#0  0x283997e4 in url_adapt_ext_ex (src=0x811400c "", srclen=0, name=0x283cc470 "PHPSESSID", 
    value=0x810a2cc "9d8daa9e6ea942bbd3a0a05d834ee01a", newlen=0xbfbff88c) at url_scanner_ex.c:670
#1  0x2835305c in session_adapt_uris (src=0x811400c "", srclen=0, new=0xbfbff888, newlen=0xbfbff88c) at session.c:1299
#2  0x28394c3f in php_ub_body_write_no_header (str=0x811400c "", str_length=0) at output.c:430
#3  0x28394d0b in php_ub_body_write (str=0x811400c "", str_length=0) at output.c:472
#4  0x28394895 in php_end_ob_buffer (send_buffer=1 '\001', just_flush=0 '\000') at output.c:227
#5  0x2839493f in php_end_ob_buffers (send_buffer=1) at output.c:256
#6  0x283225a2 in apache_php_module_main (r=0x8102038, display_source_mode=0) at sapi_apache.c:95
#7  0x28322f5a in send_php (r=0x8102038, display_source_mode=0, filename=0x0) at mod_php4.c:536
#8  0x28322f96 in send_parsed_php (r=0x8102038) at mod_php4.c:547
#9  0x805374c in ap_invoke_handler ()
#10 0x806279d in process_request_internal ()
#11 0x80627fc in ap_process_request ()
#12 0x805c0ae in child_main ()
#13 0x805c240 in make_child ()
#14 0x805c35d in startup_children ()
#15 0x805c82c in standalone_main ()
#16 0x805cee7 in main ()
#17 0x804fc55 in _start ()

PHP configured like:

'./configure' '--with-apxs=/usr/local/sbin/apxs' '--enable-bcmath' '--with-ftp' '--with-gd=/usr/local' '--with-gettext' '--with-ttf' '--with-mysql=/usr/local' '--enable-trans-sid' '--with-regex=system' '--with-xml' '--with-config-file-path=/usr/local/etc' '--enable-libgcc' '--with-zlib' '--with-debug'

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-08-03 16:17 UTC] sniper@php.net
This should be fixed in CVS. Please try the latest snapshot
from http://snaps.php.net/ 


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Dec 27 19:01:28 2024 UTC