php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #25780 Apache crash in ext/standard/datetime.c
Submitted: 2003-10-07 14:56 UTC Modified: 2003-10-08 06:23 UTC
From: marrtins at hackers dot lv Assigned:
Status: Closed Package: Session related
PHP Version: 4.3.3 OS: w2k sp4
Private report: No CVE-ID:
 [2003-10-07 14:56 UTC] marrtins at hackers dot lv
Description:
------------
I got a Apache(Server version: Apache/1.3.27 (Win32) / Server built: Oct  6 2003 13:10:44) crash when use my own session handling functions and session gets created first time.

Application popup: Apache.exe - Application Error : The instruction at "0x1004d6ba" referenced memory at "0x00000000". The memory could not be "read".

Click on OK to terminate the program
Click on CANCEL to debug the program 


Reproduce code:
---------------
1. class.SessionHandler.php
------------------------
<?
...
  function sess_read($sess_id) {
    global $db;

    $sess = $this->get_sess($sess_id);
    if(!count($sess))
      return ""; // <- crash when returning *anything*
...
?>

2. inc.session.php
---------------
<?
ini_set('session.save_handler', 'user');
ini_set('session.use_cookies', true);
ini_set('session.name', 'sid');
ini_set('session.gc_maxlifetime', time() + 31536000); // 1 year
ini_set('session.cookie_lifetime', time() + 31536000); // 1 year
ini_set('session.serialize_handler', 'php');
ini_set('session.gc_probability', 1);

$sess_handler = new SessionHandler();
session_set_save_handler(
  array(&$sess_handler, "sess_open"), 
  array(&$sess_handler, "sess_close"),
  array(&$sess_handler, "sess_read"),
  array(&$sess_handler, "sess_write"),
  array(&$sess_handler, "sess_destroy"),
  array(&$sess_handler, "sess_gc")
);

session_start();
?>

3. ext/standard/dattime.c
for some reasons 'php_gmtime_r' returns NULL
----------------------
...
tm1 = php_gmtime_r(&t, &tmbuf);
...
  } else if(tm1) {
    snprintf(str, 80, "%s, %02d-%s-%02d %02d:%02d:%02d GMT",
        day_short_names[tm1->tm_wday],
        tm1->tm_mday,
        mon_short_names[tm1->tm_mon],
        ((tm1->tm_year)%100),
        tm1->tm_hour, tm1->tm_min, tm1->tm_sec);
  }

cahnge to:
...
  } else if(tm1) {
...

---------------
Now works fine.



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-10-07 19:31 UTC] sniper@php.net
And btw. read this page about the correct way to set the
session ini settings: http://www.php.net/session

session.gc_maxlifetime (you're now making this time() + time () + one year)
session.cookie_lifetime (you're now making this time() + time () + one year)

 [2003-10-08 04:48 UTC] marrtins at hackers dot lv
<?php
ini_set('session.use_cookies', true);
ini_set('session.name', 'sid');
ini_set('session.auto_start', false);
ini_set('session.gc_maxlifetime', time() + 31536000); // 1 year
ini_set('session.cookie_lifetime', time() + 31536000); // 1 year
ini_set('session.serialize_handler', 'php');
ini_set('session.gc_probability', 1);

session_start();
?>

crash!
without time() + year forks fine.
 [2003-10-08 06:23 UTC] sniper@php.net
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Mon Apr 21 07:02:06 2014 UTC