php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #53295 if bailout is called on rshutdown, session segfault on next request
Submitted: 2010-11-11 15:50 UTC Modified: 2015-02-02 09:20 UTC
From: yoram dot b at zend dot com Assigned: yohgaki (profile)
Status: Closed Package: Session related
PHP Version: 5.3.3 OS: All
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: yoram dot b at zend dot com
New email:
PHP Version: OS:

 

 [2010-11-11 15:50 UTC] yoram dot b at zend dot com 
Description:
------------
session sets it's handlers to NULL at rshutdown.
in case of bailout in rshutdown (by other extension), this cleanup will not happen and next request will segfault.

setting to NULL at RINIT works around the problem.

Test script:
---------------
<?php
function open($save_path, $session_name)
{
  global $sess_save_path;

  $sess_save_path = $save_path;
  return(true);
}

function close()
{
  return(true);
}

function read($id)
{
  global $sess_save_path;

  $sess_file = "$sess_save_path/sess_$id";
  return (string) @file_get_contents($sess_file);
}

function write($id, $sess_data)
{
  global $sess_save_path;

  $sess_file = "$sess_save_path/sess_$id";
  if ($fp = @fopen($sess_file, "w")) {
    $return = fwrite($fp, $sess_data);
    fclose($fp);
    return $return;
  } else {
    return(false);
  }

}

function destroy($id)
{
  global $sess_save_path;

  $sess_file = "$sess_save_path/sess_$id";
  return(@unlink($sess_file));
}

function gc($maxlifetime)
{
  global $sess_save_path;

  foreach (glob("$sess_save_path/sess_*") as $filename) {
    if (filemtime($filename) + $maxlifetime < time()) {
      @unlink($filename);
    }
  }
  return true;
}

session_set_save_handler("open", "close", "read", "write", "destroy", "gc");

session_start();

// proceed to use sessions normally

?>

Patches

session5.3.3.diff (last revision 2010-11-11 14:51 UTC by yoram dot b at zend dot com)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-11-12 00:13 UTC] felipe@php.net
-Summary: if bailout is called on rshutdown, session segfualt on next request +Summary: if bailout is called on rshutdown, session segfault on next request
 [2014-07-13 02:56 UTC] yohgaki@php.net
-Package: Scripting Engine problem +Package: Session related -Assigned To: +Assigned To: yohgaki
 [2015-02-02 09:20 UTC] yohgaki@php.net
-Status: Assigned +Status: Closed
 [2015-02-02 09:20 UTC] yohgaki@php.net 
I think this is already fixed in released versions.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu May 02 14:01:34 2024 UTC