php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #46133 session_start() causes reproducible seg fault
Submitted: 2008-09-20 02:10 UTC Modified: 2008-09-20 03:23 UTC
From: darkroom dot dave at gmail dot com Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 5.2.6 OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: darkroom dot dave at gmail dot com
New email:
PHP Version: OS:

 

 [2008-09-20 02:10 UTC] darkroom dot dave at gmail dot com
Description:
------------
When a browser, lynx or wget connects to a page with a session_start() in the first line of code for php the apache2 child segfaults.

If I move the start_session after another statement the segfault is no longer always reproducible, but I believe they still happen occasionally.  sleep(1) before the start_session() does not help but any other operation seems to.


Reproduce code:
---------------
This Segfaults

<?php
        session_start();


// define our application directory
define('VISWAR_DIR', dirname(__FILE__).'/');


This Does not ALWAYS Segfault.

$session_start=true;
if ($session_start=true) {
        session_start();
        }


// define our application directory
define('VISWAR_DIR', dirname(__FILE__).'/');


Expected result:
----------------
I would expect it to never Segfault

Actual result:
--------------
Core was generated by `/usr/sbin/apache2 -k start'.
Program terminated with signal 11, Segmentation fault.
[New process 10430]
#0  _zend_mm_free_int (heap=0x85b0f18, p=0x86093e0)
    at /home/ddula/usr/src/build2/5.2.6-2/php5-5.2.6/Zend/zend_alloc.c:881
881                             ZEND_MM_CHECK_TREE(mm_block);
(gdb) backtrace
#0  _zend_mm_free_int (heap=0x85b0f18, p=0x86093e0)
    at /home/ddula/usr/src/build2/5.2.6-2/php5-5.2.6/Zend/zend_alloc.c:881
#1  0xb73559da in zend_hash_destroy (ht=0x88aef18)
    at /home/ddula/usr/src/build2/5.2.6-2/php5-5.2.6/Zend/zend_hash.c:722
#2  0xb734a31d in _zval_dtor_func (zvalue=0x88af50c)
    at /home/ddula/usr/src/build2/5.2.6-2/php5-5.2.6/Zend/zend_variables.c:43
#3  0xb733cff8 in _zval_ptr_dtor (zval_ptr=0x88afb58)
    at /home/ddula/usr/src/build2/5.2.6-2/php5-5.2.6/Zend/zend_variables.h:35
#4  0xb73559b4 in zend_hash_destroy (ht=0x88b0b48)
    at /home/ddula/usr/src/build2/5.2.6-2/php5-5.2.6/Zend/zend_hash.c:717
#5  0xb7366773 in zend_object_std_dtor (object=0x860d308)
    at /home/ddula/usr/src/build2/5.2.6-2/php5-5.2.6/Zend/zend_objects.c:45
#6  0xb73667b2 in zend_objects_free_object_storage (object=0x860d308)
    at /home/ddula/usr/src/build2/5.2.6-2/php5-5.2.6/Zend/zend_objects.c:122
#7  0xb7369ad0 in zend_objects_store_free_object_storage (objects=0xb75dbc88)
    at /home/ddula/usr/src/build2/5.2.6-2/php5-5.2.6/Zend/zend_objects_API.c:89
#8  0xb733d543 in shutdown_executor ()
    at /home/ddula/usr/src/build2/5.2.6-2/php5-5.2.6/Zend/zend_execute_API.c:299
#9  0xb734a99f in zend_deactivate ()
    at /home/ddula/usr/src/build2/5.2.6-2/php5-5.2.6/Zend/zend.c:941
#10 0xb7300b2a in php_request_shutdown (dummy=0x0)
    at /home/ddula/usr/src/build2/5.2.6-2/php5-5.2.6/main/main.c:1492
#11 0xb73d2887 in php_handler (r=0x868ed48)
    at /home/ddula/usr/src/build2/5.2.6-2/php5-5.2.6/sapi/apache2handler/sapi_apache2.c:486
#12 0x080794a9 in ap_run_handler ()
#13 0x0807c8b7 in ap_invoke_handler ()
#14 0x08089d7a in ap_internal_redirect ()
#15 0xb7087c60 in ?? () from /usr/lib/apache2/modules/mod_rewrite.so
#16 0x080794a9 in ap_run_handler ()
#17 0x0807c8b7 in ap_invoke_handler ()
#18 0x08089f00 in ap_process_request ()
#19 0x0808720b in ?? ()
#20 0x08080aa9 in ap_run_process_connection ()
#21 0x0808e339 in ?? ()
#22 0x0808e677 in ?? ()
#23 0x0808f067 in ap_mpm_run ()
#24 0x08066dd5 in main ()


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-09-20 02:30 UTC] darkroom dot dave at gmail dot com
This also was happening in 5.2.4 upgraded to 5.2.6 to try to reproduce for a bug report.
 [2008-09-20 03:23 UTC] darkroom dot dave at gmail dot com
After searching my stack trace I think my solution is to change

$var = & new class($var1,$var2);

to

$var = new class($var1,$var2);

I must of been creating a loop or some memory corruption.  Why moving the session start around makes it go away who knows.

Thanks
Closed
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved.
Last updated: Wed Jul 02 13:01:34 2025 UTC