php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #53295 if bailout is called on rshutdown, session segfault on next request
Submitted: 2010-11-11 15:50 UTC Modified: 2015-02-02 09:20 UTC
From: yoram dot b at zend dot com Assigned: yohgaki (profile)
Status: Closed Package: Session related
PHP Version: 5.3.3 OS: All
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2010-11-11 15:50 UTC] yoram dot b at zend dot com 
Description:
------------
session sets it's handlers to NULL at rshutdown.
in case of bailout in rshutdown (by other extension), this cleanup will not happen and next request will segfault.

setting to NULL at RINIT works around the problem.

Test script:
---------------
<?php
function open($save_path, $session_name)
{
  global $sess_save_path;

  $sess_save_path = $save_path;
  return(true);
}

function close()
{
  return(true);
}

function read($id)
{
  global $sess_save_path;

  $sess_file = "$sess_save_path/sess_$id";
  return (string) @file_get_contents($sess_file);
}

function write($id, $sess_data)
{
  global $sess_save_path;

  $sess_file = "$sess_save_path/sess_$id";
  if ($fp = @fopen($sess_file, "w")) {
    $return = fwrite($fp, $sess_data);
    fclose($fp);
    return $return;
  } else {
    return(false);
  }

}

function destroy($id)
{
  global $sess_save_path;

  $sess_file = "$sess_save_path/sess_$id";
  return(@unlink($sess_file));
}

function gc($maxlifetime)
{
  global $sess_save_path;

  foreach (glob("$sess_save_path/sess_*") as $filename) {
    if (filemtime($filename) + $maxlifetime < time()) {
      @unlink($filename);
    }
  }
  return true;
}

session_set_save_handler("open", "close", "read", "write", "destroy", "gc");

session_start();

// proceed to use sessions normally

?>

Patches

session5.3.3.diff (last revision 2010-11-11 14:51 UTC by yoram dot b at zend dot com)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-11-12 00:13 UTC] felipe@php.net
-Summary: if bailout is called on rshutdown, session segfualt on next request +Summary: if bailout is called on rshutdown, session segfault on next request
 [2014-07-13 02:56 UTC] yohgaki@php.net
-Package: Scripting Engine problem +Package: Session related -Assigned To: +Assigned To: yohgaki
 [2015-02-02 09:20 UTC] yohgaki@php.net
-Status: Assigned +Status: Closed
 [2015-02-02 09:20 UTC] yohgaki@php.net 
I think this is already fixed in released versions.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 12:01:27 2024 UTC