php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #30050 php_shutdown_config() [php_ini.c] misses to clean up some pointers
Submitted: 2004-09-10 14:44 UTC Modified: 2004-09-17 04:49 UTC
From: nw at softwarekombinat dot de Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 5.0.1 OS: windows XP
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: nw at softwarekombinat dot de
New email:
PHP Version: OS:

 

 [2004-09-10 14:44 UTC] nw at softwarekombinat dot de
Description:
------------
Hi there,

executing the following sequence of function calls results
in a segfault in the last php_module_startup(...) call:

	tsrm_startup(1, 1, 0, NULL);
	sapi_startup(&mf_sapi_module);
	php_module_startup(&mf_sapi_module, NULL, 0)

	php_module_shutdown( TSRMLS_C );
	sapi_shutdown();
	tsrm_shutdown();

	tsrm_startup(1, 1, 0, NULL);
	sapi_startup(&mf_sapi_module);
	php_module_startup(&mf_sapi_module, NULL, 0)

I debugged and saw that php_shutdown_config() does not reset global pointers back to  NULL after free()'ing them. This results in another free()-attempt during next startup.

Here is a modified php_shutdown_config() which solves the problem:


int php_shutdown_config(void)
{
	zend_hash_destroy(&configuration_hash);
	if (php_ini_opened_path) {
		free(php_ini_opened_path);
                php_ini_opened_path = NULL; /* BUGFIX */
	}
	if (php_ini_scanned_files) {
		free(php_ini_scanned_files);
                php_ini_scanned_files = NULL; /* BUGFIX */
	}
	return SUCCESS;
}


Sorry that I don't submit a patch myself - no time, currently....

Regards,
Norbert




Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-09-17 04:49 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 09:01:28 2024 UTC