php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #34635 Crash in serialize() or session shutdown
Submitted: 2005-09-25 22:54 UTC Modified: 2005-09-26 16:16 UTC
From: php at fiddaman dot net Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 5.0.5 OS: Solaris 9
Private report: No CVE-ID: None
 [2005-09-25 22:54 UTC] php at fiddaman dot net
Description:
------------
PHP 5.0.5 crashes in serialize() or on session shutdown when used as an Apache module. 5.0.4 was fine.

Reproduce code:
---------------
class test { var $fred; };
$a = new test();
$b = serialize($a);


Expected result:
----------------
No crash.

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
0xffffffff7af00f20 in seg4 ()
   from /usr/platform/SUNW,UltraAX-i2/lib/sparcv9/libc_psr.so.1
(gdb) where
#0  0xffffffff7af00f20 in seg4 ()
   from /usr/platform/SUNW,UltraAX-i2/lib/sparcv9/libc_psr.so.1
#1  0xffffffff7af00724 in blalign ()
   from /usr/platform/SUNW,UltraAX-i2/lib/sparcv9/libc_psr.so.1
#2  0x00000001001cd44c in php_var_serialize_intern (buf=0xffffffff7fffeb00,
    struc=0x1007adcb0, var_hash=0xffffffff7fffeb20)
    at /spool/src/build/php-5.0.5/ext/standard/var.c:519
#3  0x00000001001cfc64 in php_var_serialize (buf=0xffffffff7fffeb00,
    struc=0x1007adcb0, var_hash=0xffffffff7fffeb20)
    at /spool/src/build/php-5.0.5/ext/standard/var.c:773
#4  0x00000001001cfcf8 in zif_serialize (ht=2147478304,
    return_value=0x1007bd5e8, this_ptr=0x0, return_value_used=1)
    at /spool/src/build/php-5.0.5/ext/standard/var.c:796
#5  0x0000000100266da8 in zend_do_fcall_common_helper (
    execute_data=0xffffffff7fffef90, opline=0x1007c4bf8, op_array=0x1007c0518)
    at /spool/src/build/php-5.0.5/Zend/zend_execute.c:2760
#6  0x00000001002671f0 in zend_do_fcall_handler (
    execute_data=0xffffffff7fffef90, opline=0x1007c4bf8, op_array=0x1007c0518)
    at /spool/src/build/php-5.0.5/Zend/zend_execute.c:2894
#7  0x00000001002592e8 in execute (op_array=0x1007c0518)
    at /spool/src/build/php-5.0.5/Zend/zend_execute.c:1437
#8  0x00000001002337d8 in zend_execute_scripts (type=8, retval=0x0,
    file_count=3) at /spool/src/build/php-5.0.5/Zend/zend.c:1064
#9  0x00000001001f2784 in php_execute_script (primary_file=0xffffffff7ffffa90)
    at /spool/src/build/php-5.0.5/main/main.c:1643
#10 0x0000000100271a10 in main (argc=2, argv=0xffffffff7ffffb98)
    at /spool/src/build/php-5.0.5/sapi/cli/php_cli.c:946


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-09-25 23:01 UTC] sniper@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip


 [2005-09-26 14:56 UTC] php at fiddaman dot net
The latest snapshot doesn't exhibit this problem.
 [2005-09-26 16:16 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sat Feb 16 19:01:26 2019 UTC