PHP :: Bug #4886 :: Using wddx as session serialize handler leads to segfault

Bug #4886	Using wddx as session serialize handler leads to segfault
Submitted:	2000-06-08 09:33 UTC	Modified:	2000-06-09 02:36 UTC
From:	tobias at phpwizard dot net	Assigned:
Status:	Closed	Package:	Reproducible Crash
PHP Version:	4.0 Latest CVS (08/06/2000)	OS:	Suse Linux 6.1
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	tobias at phpwizard dot net
New email:
PHP Version:		OS:

New/Additional Comment:

[2000-06-08 09:33 UTC] tobias at phpwizard dot net

The following simple session test script leads to a Apache segfault, when wddx is used as serialize handler (instead of php). Under Windows 2k, PHP crashes too.

Apache 1.3.12, PHP 4.0-vcs, Suse Linux 6.1.

session_start();
printf('Current session data is: <pre>%s</pre>', session_encode());
printf('$foo is %s<br>', isset($foo) ? $foo : 'undefined');
$foo = isset($foo) ? $foo+1 : 1;
session_register("foo");

This is the backtrace:
(gdb) run -X -f /home/www3/conf/httpd.conf
Starting program: /home/www3/bin/httpd -X -f /home/www3/conf/httpd.conf

Program received signal SIGSEGV, Segmentation fault.
zend_hash_internal_pointer_reset_ex (ht=0x636e655f, pos=0x0) at zend_hash.c:903
903                     ht->pInternalPointer = ht->pListHead;
(gdb) bt
#0  zend_hash_internal_pointer_reset_ex (ht=0x636e655f, pos=0x0)
    at zend_hash.c:903
#1  0x401f030e in _ps_srlzr_decode_wddx (val=0x80e2bcc "foo|i:12;", vallen=9)
    at session.c:346
#2  0x401f06d4 in _php_session_decode (val=0x80e2bcc "foo|i:12;", vallen=9)
    at session.c:403
#3  0x401f08ff in _php_session_initialize () at session.c:459
#4  0x401f1839 in _php_session_start () at session.c:841
#5  0x401f2c49 in php_if_session_start (ht=0, return_value=0x810e4d4,
    this_ptr=0x0, return_value_used=0) at session.c:1199
#6  0x401a65d6 in execute (op_array=0x810d464) at ./zend_execute.c:1574
#7  0x4018e67d in php_execute_script (primary_file=0xbffff7a8) at main.c:1201
#8  0x401c0af9 in apache_php_module_main (r=0x810983c, fd=19,
    display_source_mode=0) at sapi_apache.c:93
#9  0x401c14d4 in send_php (r=0x810983c, display_source_mode=0,
    filename=0x810a254 "/home/www/htdocs/test.php3") at mod_php4.c:512
#10 0x401c151d in send_parsed_php (r=0x810983c) at mod_php4.c:524
#11 0x8054b83 in ap_invoke_handler ()
#12 0x806aa19 in process_request_internal ()
#13 0x806aa7c in ap_process_request ()
#14 0x8061279 in child_main ()
#15 0x8061438 in make_child ()
#16 0x80615c3 in startup_children ()
---Type <return> to continue, or q <return> to quit---
#17 0x8061c64 in standalone_main ()
#18 0x80624d3 in main ()

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2000-06-09 02:36 UTC] sas at cvs dot php dot net

Fixed in CVS. Note that this can only be caused by a broken session file (i.e. creating a session using the php serializer and then switching to wddx). PHP recovers now properly from that situation.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Apr 25 22:01:29 2024 UTC