php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #16995 reallocating memory causes segfaults
Submitted: 2002-05-03 11:57 UTC Modified: 2002-09-29 10:33 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: tcrhak at suse dot cz Assigned:
Status: Closed Package: Session related
PHP Version: 4.2.0 OS: Linux
Private report: No CVE-ID:
 [2002-05-03 11:57 UTC] tcrhak at suse dot cz
<?php
    session_register( "_SESSION" );
    $_SESSION = "kk";
?>

backtrace:

#0  0x08189910 in zend_hash_get_current_key_ex (ht=0x82d5654, 
    str_index=0xbfffe984, str_length=0xbfffe980, num_index=0xbfffe97c, 
    duplicate=0 '\000', pos=0xbfffe988) at zend_hash.c:1035

#1  0x080fed0e in php_session_save_current_state ()
#2  0x08101855 in php_session_flush ()
#3  0x08101895 in zm_deactivate_session ()
#4  0x08186aee in module_registry_cleanup (module=0x8285ed0) at zend_API.c:1169
#5  0x08188f0a in zend_hash_apply (ht=0x82349a0, 
    apply_func=0x8186aa6 <module_registry_cleanup>) at zend_hash.c:669
#6  0x08183e14 in zend_deactivate_modules () at zend.c:581
#7  0x08077658 in php_request_shutdown ()
#8  0x08075997 in main ()
#9  0x4037a4f2 in __libc_start_main () from /lib/libc.so.6

The problem however appears earlier.
It seems that the zval structure ps_globals.http_session_vars points at is freed and allocated elsewhere, but ps_globals.http_session_vars
points to the old location, so when it comes to php_session_save_current_state (#1),
Z_ARRVAL_P(PS(http_session_vars)) holds some meaningless value.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-05-03 11:59 UTC] tcrhak at suse dot cz
This appeared first in 4.1.0, 4.0.6 is ok.
 [2002-05-03 23:57 UTC] yohgaki@php.net
Another form of $_SESSION related crash.
 [2002-09-29 10:33 UTC] iliaa@php.net
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 24 19:01:53 2014 UTC