php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #5271 globalizing HTTP_SESSION_VARS before a session_start() gives a 11mm shot
Submitted: 2000-06-29 16:16 UTC Modified: 2000-06-30 10:17 UTC
From: teo at digiro dot net Assigned:
Status: Closed Package: Session related
PHP Version: 4.0 Latest CVS (29/06/2000) OS: RH6.2
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: teo at digiro dot net
New email:
PHP Version: OS:

 

 [2000-06-29 16:16 UTC] teo at digiro dot net
Code:
<?
class Kill {
    function Kill() 
    {
        global $HTTP_SESSION_VARS;
        session_start();
    }
}
$k = new Kill();

Backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x40364f88 in zend_if_get_class_methods (ht=0, return_value=0x0, this_ptr=0x80efb00, 
    return_value_used=1078122208) at zend_builtin_functions.c:546
546             if (ZEND_NUM_ARGS() != 1 || zend_get_parameters_ex(1, &class_name)==FAILURE) {
(gdb) bt
#0  0x40364f88 in zend_if_get_class_methods (ht=0, return_value=0x0, this_ptr=0x80efb00, 
    return_value_used=1078122208) at zend_builtin_functions.c:546
#1  0xbffffa94 in ?? ()
#2  0x4039b46c in _ps_open_files (mod_data=0xbffffaac, save_path=0x403624be "?\a?\001", 
    session_name=0x1 <Address 0x1 out of bounds>) at mod_files.c:201
#3  0x4039d0c9 in array_user_key_compare (a=0x1, b=0x7) at array.c:634
#4  0x403624be in zend_hash_index_update_or_next_insert (ht=0x80efb30, h=1077330384, 
    pData=0x4000ae60, nDataSize=3221224516, pDest=0xbffffad4, flag=1077288016)
    at zend_hash.c:425
#5  0x40364a56 in zend_if_define (ht=1078122208, return_value=0x40362498, 
    this_ptr=0xbffffadc, return_value_used=1077337071) at zend_builtin_functions.c:394
#6  0x40361c50 in zend_hash_init (ht=0xbffffae8, nSize=1077330405, pHashFunction=0, 
    pDestructor=0xbffffaf8, persistent=134554926) at zend_hash.c:191
#7  0x4036dbef in cfglex (cfglval=0x0) at configuration-scanner.c:1024
#8  0x4036c1e5 in php_hash_environment () at main.c:1012
#9  0x805252e in run_cleanups ()
#10 0x8050c15 in ap_clear_pool ()
#11 0x8050c89 in ap_destroy_pool ()
#12 0x8050bed in ap_clear_pool ()
#13 0x806068f in child_main ()
#14 0x8060c4c in make_child ()
#15 0x8060da9 in startup_children ()
#16 0x80613d6 in standalone_main ()
#17 0x8061b73 in main ()
#18 0x400bc9cb in __libc_start_main (main=0x806181c <main>, argc=2, argv=0xbffffc44, 
    init=0x804f914 <_init>, fini=0x8098cec <_fini>, rtld_fini=0x4000ae60 <_dl_fini>, 
    stack_end=0xbffffc3c) at ../sysdeps/generic/libc-start.c:92
(gdb) list
541             char *string_key;
542             ulong num_key;
543             int key_type;
544             CLS_FETCH();
545     
546             if (ZEND_NUM_ARGS() != 1 || zend_get_parameters_ex(1, &class_name)==FAILURE) {
547                     WRONG_PARAM_COUNT;
548             }
549     
550             convert_to_string_ex(class_name);

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2000-06-30 10:17 UTC] stas at cvs dot php dot net
Fixed in lastest CVS.	
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 08:01:27 2024 UTC