php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #24394 Serializing xref'd objects segfaults.
Submitted: 2003-06-29 19:37 UTC Modified: 2003-11-04 11:08 UTC
Votes:7
Avg. Score:4.4 ± 1.4
Reproduced:2 of 3 (66.7%)
Same Version:1 (50.0%)
Same OS:1 (50.0%)
From: hoesh at dorsum dot hu Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: 5.0.0 Beta 2 OS: *
Private report: No CVE-ID:
 [2003-06-29 19:37 UTC] hoesh at dorsum dot hu
Description:
------------
On request shutdown session file is created, but stay locked with zero size. CPU have no load, and nothing happens. No crash. I've tried older 5CVS bins, and it seems to be an older bug. Serialization and anything else works well for me. 5.0.0-Beta1 also contains this bug. Leaving out session_start & session_register. :)

Reproduce code:
---------------
<?
session_start();
if (!isset($HTTP_SESSION_VARS["count"]))
{
    session_register("count");
    $count = &$HTTP_SESSION_VARS["count"];
    $count = 1;
} else
    $count = &$HTTP_SESSION_VARS["count"];
echo $count++;
?>


Expected result:
----------------
1, 2, 3... by refreshing the page.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-07-06 06:56 UTC] hos dot endre at axelero dot hu
Okay: The subjected problem was solved by un-double-quoting the session.save_path and remove the backslash from the end of line. Anyway, until this the engine was able to create the file. After that I had to get familiar with the new php_dom exension, which I think is great, but not documented yet. So then comes a serialization problem: objects in my project held reference to each other, and the last-time-workin-good serialization crashed on this extra. Right now I solved the problem by unbuilding theese references before serialization, and rebuilding them on wakeup. Now I can test the ZE2 editions new features, thank you for the help!

Also, here is a sample script that doesn't work for me:

<?

class a
{
	var $b;

	function a()
	{
		$this->b = new b;
	}

	function setupb()
	{
		$this->b->setupa($this);
	}
}

class b
{
	var $a;

	function setupa($a)
	{
		$this->a = $a;
	}
}

$a = new a;
$a->setupb();
echo "<pre>This workx!\r\n";
echo serialize($a);

?>
 [2003-07-07 08:24 UTC] sniper@php.net
Works 'fine' in PHP_4_3 branch, segfaults with PHP 5:

#0  0x813de25 in fast_call_user_function (function_table=0x81c3338, object_pp=0x4029b688, function_name=0xbfe021a8, 
    retval_ptr_ptr=0xbfe02178, param_count=0, params=0x0, no_separation=1, symbol_table=0x0, 
    function_pointer=0xbfe020b4) at /usr/src/web/php/php5/Zend/zend_execute_API.c:477
#1  0x813de10 in call_user_function_ex (function_table=0x81c3338, object_pp=0x4029b688, function_name=0xbfe021a8, 
    retval_ptr_ptr=0xbfe02178, param_count=0, params=0x0, no_separation=1, symbol_table=0x0)
    at /usr/src/web/php/php5/Zend/zend_execute_API.c:476
#2  0x80fdd63 in php_var_serialize_intern (buf=0xbfffd024, struc=0x4029b688, var_hash=0xbfffd030)
    at /usr/src/web/php/php5/ext/standard/var.c:555
#3  0x80fe90e in php_var_serialize_intern (buf=0xbfffd024, struc=0x4029b5a0, var_hash=0xbfffd030)
    at /usr/src/web/php/php5/ext/standard/var.c:620
#4  0x80fe90e in php_var_serialize_intern (buf=0xbfffd024, struc=0x4029b688, var_hash=0xbfffd030)
    at /usr/src/web/php/php5/ext/standard/var.c:620
#5  0x80fe90e in php_var_serialize_intern (buf=0xbfffd024, struc=0x4029b5a0, var_hash=0xbfffd030)
    at /usr/src/web/php/php5/ext/standard/var.c:620
#6  0x80fe90e in php_var_serialize_intern (buf=0xbfffd024, struc=0x4029b688, var_hash=0xbfffd030)
    at /usr/src/web/php/php5/ext/standard/var.c:620
.
.
.
.
Frame #6 is repeated couple of thousand times.. :)

 [2003-11-03 18:35 UTC] sniper@php.net
In addition to the crash, when the serialize call is commented out, these leaks are reported:

/usr/src/web/php/php5/Zend/zend_hash.c(236) :  Freeing 0x40E46D10 (37 bytes), script=t.php
Last leak repeated 1 time
/usr/src/web/php/php5/Zend/zend_execute.c(3098) :  Freeing 0x40E46CAC (44 bytes), script=t.php
/usr/src/web/php/php5/Zend/zend_API.c(713) : Actual location (location was relayed)
Last leak repeated 1 time
/usr/src/web/php/php5/Zend/zend_objects.c(106) :  Freeing 0x40E46C68 (12 bytes), script=t.php
Last leak repeated 1 time
/usr/src/web/php/php5/Zend/zend_execute.c(3097) :  Freeing 0x40E46C24 (16 bytes), script=t.php
Last leak repeated 1 time
/usr/src/web/php/php5/Zend/zend_API.c(714) :  Freeing 0x40E469B8 (32 bytes), script=t.php
/usr/src/web/php/php5/Zend/zend_hash.c(157) : Actual location (location was relayed)
Last leak repeated 1 time

 [2003-11-04 09:42 UTC] moriyoshi@php.net
The leaks have nothing to do with the serialization function. That's due to circular references between two objects.

 [2003-11-04 11:08 UTC] moriyoshi@php.net
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 16 04:02:11 2014 UTC