php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #16646 segfault reading from session
Submitted: 2002-04-16 19:35 UTC Modified: 2002-05-25 00:00 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:1 (50.0%)
From: romans at void dot lv Assigned:
Status: No Feedback Package: Session related
PHP Version: 4.2.0 OS: linux
Private report: No CVE-ID: None
 [2002-04-16 19:35 UTC] romans at void dot lv
I sent bugreport earler about problems wish 
session_register. Now seems that the problem is even 
worse. 
 
when the session date grows large (over 6k), there is 
segfault in php code. 
 
here is a strace  
<snip> 
read(42, "<?\n// Foo_portal \"tab-c\" compati"..., 8192) = 
8192 
brk(0x822b000)                          = 0x822b000 
brk(0x822f000)                          = 0x822f000 
brk(0x8233000)                          = 0x8233000 
brk(0x8243000)                          = 0x8243000 
read(42, "f=\"f_\".$gi.\"_other\";\n     global"..., 8192) 
= 8192 
brk(0x8253000)                          = 0x8253000 
old_mmap(NULL, 249856, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40590000 
mremap(0x40590000, 249856, 69632, MREMAP_MAYMOVE) = 
0x40590000 
brk(0x8263000)                          = 0x8263000 
read(42, "me][$gi][\'fkey\']=array(\n\t\t\t\t\t   "..., 
8192) = 8192 
old_mmap(NULL, 249856, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x405a1000 
mremap(0x405a1000, 249856, 86016, MREMAP_MAYMOVE) = 
0x405a1000 
read(42, "   }else{\n     $this->display_fo"..., 8192) = 
4726 
read(42, "", 4096)                      = 0 
read(42, "", 8192)                      = 0 
ioctl(42, TCGETS, 0xbfffb628)           = -1 ENOTTY 
(Inappropriate ioctl for device) 
close(42)                               = 0 
munmap(0x40017000, 4096)                = 0 
lstat64(0xbfff9b4c, 0xbfffab94)         = 0 
lstat64(0xbfff9b4c, 0xbfffab94)         = 0 
open("/tmp/sess_dabfee3e9012da897012f24db5f753d0", O_RDWR) 
= 42 
flock(42, LOCK_EX)                      = 0 
fstat64(0x2a, 0xbfffcc5c)               = 0 
pread(42, "tab|O:13:\"dynamic_table\":11:{s:6"..., 6133, 
0) = 6133 
--- SIGSEGV (Segmentation fault) --- 
chdir("/usr")                           = 0 
rt_sigaction(SIGSEGV, {SIG_DFL}, {SIG_DFL}, 8) = 0 
getpid()                                = 27838 
kill(27838, SIGSEGV)                    = 0 
sigreturn()                             = ? (mask now []) 
--- SIGSEGV (Segmentation fault) --- 
 
Session file seems ok. Here is [session] section from 
php.ini 
 
 [Session] 
session.save_handler    = files 
session.save_path       = /tmp 
session.use_cookies     = 1 
session.name            = SID 
session.auto_start      = 0 
session.cookie_lifetime = 0 
session.cookie_path     = / 
session.cookie_domain   = 
session.serialize_handler = php 
session.gc_probability  = 1 
session.gc_maxlifetime  = 5440 
session.referer_check   = 
session.entropy_length  = 0 
session.entropy_file    = 
; session.entropy_length    = 16 
; session.entropy_file      = /dev/urandom 
session.cache_limiter   = nocache 
session.cache_expire    = 380 
session.use_trans_sid   = 1 
url_rewriter.tags       = 
"a=href,area=href,frame=src,input=src,form=fakeentry" 
 
yesterday i noticed that server returns zero sized entry, 
so i updated form 4.1.2/apache.1.3.20 to 
php4.2.0rc4/apach2.0.35 but the problem remains. 4.1.2 
worked fine before, i don't know what happened. 
 
romans 

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-04-17 00:41 UTC] sniper@php.net
To properly diagnose this bug, we need a backtrace to see what is
happening behind the scenes. To find out how to generate a backtrace,
please read http://bugs.php.net/bugs-generating-backtrace.php

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open".
 [2002-05-25 00:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 02 11:01:28 2024 UTC