PHP :: Bug #4886 :: Using wddx as session serialize handler leads to segfault

Bug #4886	Using wddx as session serialize handler leads to segfault
Submitted:	2000-06-08 09:33 UTC	Modified:	2000-06-09 02:36 UTC
From:	tobias at phpwizard dot net	Assigned:
Status:	Closed	Package:	Reproducible Crash
PHP Version:	4.0 Latest CVS (08/06/2000)	OS:	Suse Linux 6.1
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	tobias at phpwizard dot net
New email:
PHP Version:		OS:

New Comment:

[2000-06-08 09:33 UTC] tobias at phpwizard dot net

The following simple session test script leads to a Apache segfault, when wddx is used as serialize handler (instead of php). Under Windows 2k, PHP crashes too.

Apache 1.3.12, PHP 4.0-vcs, Suse Linux 6.1.

session_start();
printf('Current session data is: <pre>%s</pre>', session_encode());
printf('$foo is %s<br>', isset($foo) ? $foo : 'undefined');
$foo = isset($foo) ? $foo+1 : 1;
session_register("foo");

This is the backtrace:
(gdb) run -X -f /home/www3/conf/httpd.conf
Starting program: /home/www3/bin/httpd -X -f /home/www3/conf/httpd.conf

Program received signal SIGSEGV, Segmentation fault.
zend_hash_internal_pointer_reset_ex (ht=0x636e655f, pos=0x0) at zend_hash.c:903
903                     ht->pInternalPointer = ht->pListHead;
(gdb) bt
#0  zend_hash_internal_pointer_reset_ex (ht=0x636e655f, pos=0x0)
    at zend_hash.c:903
#1  0x401f030e in _ps_srlzr_decode_wddx (val=0x80e2bcc "foo|i:12;", vallen=9)
    at session.c:346
#2  0x401f06d4 in _php_session_decode (val=0x80e2bcc "foo|i:12;", vallen=9)
    at session.c:403
#3  0x401f08ff in _php_session_initialize () at session.c:459
#4  0x401f1839 in _php_session_start () at session.c:841
#5  0x401f2c49 in php_if_session_start (ht=0, return_value=0x810e4d4,
    this_ptr=0x0, return_value_used=0) at session.c:1199
#6  0x401a65d6 in execute (op_array=0x810d464) at ./zend_execute.c:1574
#7  0x4018e67d in php_execute_script (primary_file=0xbffff7a8) at main.c:1201
#8  0x401c0af9 in apache_php_module_main (r=0x810983c, fd=19,
    display_source_mode=0) at sapi_apache.c:93
#9  0x401c14d4 in send_php (r=0x810983c, display_source_mode=0,
    filename=0x810a254 "/home/www/htdocs/test.php3") at mod_php4.c:512
#10 0x401c151d in send_parsed_php (r=0x810983c) at mod_php4.c:524
#11 0x8054b83 in ap_invoke_handler ()
#12 0x806aa19 in process_request_internal ()
#13 0x806aa7c in ap_process_request ()
#14 0x8061279 in child_main ()
#15 0x8061438 in make_child ()
#16 0x80615c3 in startup_children ()
---Type <return> to continue, or q <return> to quit---
#17 0x8061c64 in standalone_main ()
#18 0x80624d3 in main ()

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2000-06-09 02:36 UTC] sas at cvs dot php dot net

Fixed in CVS. Note that this can only be caused by a broken session file (i.e. creating a session using the php serializer and then switching to wddx). PHP recovers now properly from that situation.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Jul 12 02:01:35 2025 UTC