|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #16995 reallocating memory causes segfaults
Submitted: 2002-05-03 11:57 UTC Modified: 2002-09-29 10:33 UTC
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: tcrhak at suse dot cz Assigned:
Status: Closed Package: Session related
PHP Version: 4.2.0 OS: Linux
Private report: No CVE-ID:
 [2002-05-03 11:57 UTC] tcrhak at suse dot cz
    session_register( "_SESSION" );
    $_SESSION = "kk";


#0  0x08189910 in zend_hash_get_current_key_ex (ht=0x82d5654, 
    str_index=0xbfffe984, str_length=0xbfffe980, num_index=0xbfffe97c, 
    duplicate=0 '\000', pos=0xbfffe988) at zend_hash.c:1035

#1  0x080fed0e in php_session_save_current_state ()
#2  0x08101855 in php_session_flush ()
#3  0x08101895 in zm_deactivate_session ()
#4  0x08186aee in module_registry_cleanup (module=0x8285ed0) at zend_API.c:1169
#5  0x08188f0a in zend_hash_apply (ht=0x82349a0, 
    apply_func=0x8186aa6 <module_registry_cleanup>) at zend_hash.c:669
#6  0x08183e14 in zend_deactivate_modules () at zend.c:581
#7  0x08077658 in php_request_shutdown ()
#8  0x08075997 in main ()
#9  0x4037a4f2 in __libc_start_main () from /lib/

The problem however appears earlier.
It seems that the zval structure ps_globals.http_session_vars points at is freed and allocated elsewhere, but ps_globals.http_session_vars
points to the old location, so when it comes to php_session_save_current_state (#1),
Z_ARRVAL_P(PS(http_session_vars)) holds some meaningless value.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2002-05-03 11:59 UTC] tcrhak at suse dot cz
This appeared first in 4.1.0, 4.0.6 is ok.
 [2002-05-03 23:57 UTC]
Another form of $_SESSION related crash.
 [2002-09-29 10:33 UTC]
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at
In case this was a documentation problem, the fix will show up soon at

In case this was a website problem, the change will show
up on the site and on the mirror sites in short time.
Thank you for the report, and for helping us make PHP better.

PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Sat Nov 28 16:01:31 2015 UTC