PHP :: Bug #23760 :: bizarre session variable behavior only in RC4

Bug #23760

bizarre session variable behavior only in RC4

Submitted:

2003-05-22 15:56 UTC

Modified:

2003-06-10 12:36 UTC

Votes:	2
Avg. Score:	5.0 ± 0.0
Reproduced:	2 of 2 (100.0%)
Same Version:	1 (50.0%)
Same OS:	2 (100.0%)

From:

php-general at pennysaverusa dot net

Assigned:

Status:

Not a bug

Package:

Apache related

PHP Version:

4.3.2RC4

OS:

RedHat 7.3

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	php-general at pennysaverusa dot net
New email:
PHP Version:		OS:

New/Additional Comment:

[2003-05-22 15:56 UTC] php-general at pennysaverusa dot net

After making a mistake (forgetting to set a session variable), one of my pages started crashing apache ("child pid 7413 exit signal Segmentation fault (11)" in apache error log).

After a lot of hair-pulling, it turns out that changing a virtual() statement to an include() statement fixes the segfaulting. There is no PHP code in the included file, only html & client-side JS.

This is the error that _should_ display if it doesn't segfault:
Notice: Undefined index: product in /var/www/html/mercury/order_review.php on line 122

line 122:
<?=$_SESSION["product"];?>

I tried using DBG, but it still segfaults!

This happens in 4.3.2RC4 and RC3

Configure command:
./configure --with-mysql --with-gd --with-zlib-dir=/usr/lib --with-apxs=/usr/sbin/apxs --with-config-file-path=/etc --enable-sockets

mysql is version 4.0.12 (mysql  Ver 12.18 Distrib 4.0.12, for pc-linux (i686))

I tried following the backtrace instructions, but I am unable to get a core dump, and running inside of gdb doesn't seem to let me hit the webserver.

Server is SMP (Dual P4 Xeon).

Apache is
apache-1.3.27-2 from RedHat's RPM.

/usr/sbin/httpd -DHAVE_ACCESS -DHAVE_PROXY -DHAVE_AUTH_ANON -DHAVE_ACTIONS -DHAVE_ALIAS -DHAVE_ASIS -DHAVE_AUTH -DHAVE_AUTOINDEX -DHAVE_AUTH_DB -DHAVE_AUTH_DBM -DHAVE_PHP4 -DHAVE_CERN_META -DHAVE_CGI -DHAVE_DIGEST -DHAVE_DIR -DHAVE_ENV -DHAVE_EXAMPLE -DHAVE_EXPIRES -DHAVE_HEADERS -DHAVE_IMAP -DHAVE_INCLUDE -DHAVE_INFO -DHAVE_LOG_AGENT -DHAVE_LOG_CONFIG -DHAVE_LOG_REFERER -DHAVE_MIME -DHAVE_MIME_MAGIC -DHAVE_MMAP_STATIC -DHAVE_NEGOTIATION -DHAVE_REWRITE -DHAVE_SETENVIF -DHAVE_SPELING -DHAVE_STATUS -DHAVE_UNIQUE_ID -DHAVE_USERDIR -DHAVE_USERTRACK -DHAVE_VHOST_ALIAS -DHAVE_SSL

Thanks,
Barry Gould

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-05-22 16:18 UTC] sniper@php.net

Please provide a complete, self-contained script(s) so we can try and reproduce this ourselves.

[2003-05-23 20:38 UTC] php-general at pennysaverusa dot net

OK.

To reproduce this,
please download:
http://www2.pennysaverusa.com/barry/virtual_php_crash.tgz

Tested on RC3 and RC4 and php4-STABLE-200305222330
all segfault.

Notes:
1 unset session variable is _not_ enough to trigger the crash. 2 variables seems to be sufficient on my server.

The head and footer files are plain html. I named them with .php out of habit. With .txt, it does not crash.
I know php won't (or at least shouldn't) parse them as php when using virtual, so I see no reasonable excuse for it to crash.

As I mentioned before, with DBG enabled or disabled, it still segfaults.

Thanks,
Barry Gould

[2003-05-23 20:53 UTC] sniper@php.net

FYI: Using virtual() for this is absolutely useless, you really should be using include(). And as manual says:

"virtual() cannot be used to include a document which is itself a PHP file."

As otherwise the results are unpredictable..
(I didn't get any crash anyway)

[2003-05-27 13:43 UTC] php-general at pennysaverusa dot net

I am aware of that.

However, this was not a PHP file. It is merely an html file with a .php extension.

There is no good reason for it to segfault.

If the policy is that .php files will not be loaded with virtual, then DON'T LOAD IT. GIVE AN ERROR. DON'T RANDOMLY CRASH.

Random crashes are inexcusable. At least try to make the software idiot-proof. Give the idiot an error or warning message.

At least, the documentation for virtual should mention this problem if it's not going to be fixed.

Thank you,
Barry Gould

[2003-06-07 05:04 UTC] goba@php.net

What sniper says is not in line with the current manual. The current manual says that as of PHP 4.0.6 virtual() can be used on PHP files. So the manual is not correct I assume. Changing this to be a doc problem.

[2003-06-07 09:21 UTC] philip@php.net

virtual() works fine on PHP files, as documented (although I can't test old versions), so I believe sniper was just mistaken and don't see anything here to document.

Barry, are you sure you set the ulimit before the backtrace?  That's extremely important.  I'm unable to reproduce and changing back to Apache related.

[2003-06-09 19:57 UTC] php-general at pennysaverusa dot net

Someone changed the online docs VERY recently, however I'm sure there is a problem here.

I did "ulimit -c unlimited", and then ran apache manually (with all the -DHAVEs) but no core file was produced.

Thanks,
Barry

[2003-06-09 20:00 UTC] barrygould at pennysaverusa dot net

Philip, did you try the test files I linked?

Thanks,
Barry

[2003-06-09 23:39 UTC] sniper@php.net

First of all, your example stuff is totally bogus. 
. There is no session_start() anywhere
. You include pure html as php using virtual when you should be using include()

Second, it never crashes, of course you don't get any core files.

Third, there are easier ways to shoot yourself in leg too,
but we still don't suggest you should do it.

Fourth, as long as you can't provide us any example that actually has any far possibility on working and uses some
sane ways on doing things, this is bogus.

Phillip: virtual() might work for including php files, but the result is still unpredictable..

[2003-06-10 12:36 UTC] php-general at pennysaverusa dot net

Hi Sniper, 

I have session_auto_start ON.

I didn't think that the extension was that meaningful (as is usually the case in UNIX). I made it .php for security (so no one can list the file in a browser). The docs did not seem to indicate that this would be a problem.

Also, the docs now say you can use virtual with php.

It does crash... "child pid 7413 exit signal Segmentation
fault (11)" in apache error log.

If it won't/can't be fixed, I suggest:
1. improve the documentation to say what not to do.
2. have the virtual function give a warning or error if the user does something bad.

Thank you,
Barry

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue May 14 12:01:32 2024 UTC