|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #23275 serialize(), $_SESSION, seg fault
Submitted: 2003-04-18 16:18 UTC Modified: 2003-06-30 18:49 UTC
Avg. Score:4.6 ± 0.7
Reproduced:5 of 5 (100.0%)
Same Version:2 (40.0%)
Same OS:2 (40.0%)
From: moxley at moxleydata dot com Assigned:
Status: No Feedback Package: Session related
PHP Version: 4.3.2-RC OS: Linux 4.2
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2003-04-18 16:18 UTC] moxley at moxleydata dot com
PHP apparently crashes under these contidions:
1. Use of serialize() on the $_SESSION variable
2. $_SESSION contains an object
3. object's class is not defined within the context of the serialize() call

Please contact me for gdb backtrace, php.ini, or other information if you cannot reproduce the problem with the script below.

Code that breaks:

	if( isset($_GET['serialize']) )
		$serialized = serialize($_SESSION); // Causes seg fault
		print "Did not crash";
		class Simple {}
		$_SESSION['simpleObj'] = new Simple();
		print '<a href="' . $_SERVER['PHP_SELF'] . '?serialize">serialize</a>';

Apache 1.3.27 error log:
[Fri Apr 18 14:04:05 2003] [notice] child pid 15705 exit signal Segmentation fault (11)
[Fri Apr 18 14:04:05 2003] [notice] child pid 15697 exit signal Segmentation fault (11)
[Fri Apr 18 14:04:05 2003] [notice] child pid 15693 exit signal Segmentation fault (11)


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2003-04-21 10:03 UTC]
I get this with latest STABLE CVS:

Fatal error: Allowed memory size of 8388608 bytes exhausted (tried to allocate 136337046 bytes) in Unknown on line 0
 [2003-05-15 13:27 UTC]
Please try using this CVS snapshot:
For Windows:

And if it still crashes, add the backtrace here.

 [2003-05-20 19:50 UTC] moxley at moxleydata dot com
I've installed the release and the problem still exists. Addtionally, there is another problem with the new release, related to sessions, which I haven't had the time to investigate. Please give me more time to check out the new problem. Thanks
 [2003-06-26 12:35 UTC]
What's the status?

 [2003-06-30 14:08 UTC] moxley at moxleydata dot com
Sorry, I'm not going to have the time and the available server to test this. I have a work-around, which I will be using. Thanks.
 [2003-06-30 18:49 UTC]

PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Jul 20 21:01:29 2024 UTC