PHP :: Bug #5553 :: Internal data corruption

Bug #5553	Internal data corruption
Submitted:	2000-07-13 10:35 UTC	Modified:	2000-08-08 23:03 UTC
From:	christian at pil dot dk	Assigned:
Status:	Closed	Package:	Session related
PHP Version:	4.0.1pl2	OS:	Linux 2.2.15
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	christian at pil dot dk
New email:
PHP Version:		OS:

New Comment:

[2000-07-13 10:35 UTC] christian at pil dot dk

I got segfaults at the end of almost every request during cleanup. After compiling with '--enable-debug' I get the following messages in the errorlog instead:

[Wed Jul 12 16:21:36 2000]  Script:  '/path/docs/my.php3'
---------------------------------------
session.c(1282) : Block 0x081D730C status:
Beginning:      Overrun (magic=0x6E61685F, expected=0x7312F8DC)
      End:      Unknown
---------------------------------------
session.c(1262) :  Freeing 0x08232F04 (20 bytes), script=/path/docs/my.php3

I placed a breakpoint at the offending line and a backtrace at that point looks like this:

#0  php_rshutdown_session_globals () at session.c:1282
#1  0x80aea90 in php_rshutdown_session (type=1, module_number=19) at session.c:1319
#2  0x80f0b5e in module_registry_cleanup (module=0x81f4ef8) at zend_API.c:858
#3  0x80f33f9 in zend_hash_apply (ht=0x81bb900, apply_func=0x80f0b38 <module_registry_cleanup>) at zend_hash.c:672
#4  0x80f02a0 in zend_deactivate_modules () at zend.c:503
#5  0x807f82f in php_request_shutdown (dummy=0x0) at main.c:659
#6  0x807da16 in php_apache_request_shutdown (dummy=0x0) at mod_php4.c:301
#7  0x811bd4e in run_cleanups (c=0x820f67c) at alloc.c:1706
#8  0x811a57d in ap_clear_pool (a=0x820cf94) at alloc.c:531
#9  0x811a5f1 in ap_destroy_pool (a=0x820cf94) at alloc.c:561
#10 0x811a56c in ap_clear_pool (a=0x81c923c) at alloc.c:528
#11 0x8129a2f in child_main (child_num_arg=0) at http_main.c:3900
#12 0x8129fcc in make_child (s=0x81bfa24, slot=0, now=963411222) at http_main.c:4281
#13 0x812a129 in startup_children (number_to_start=5) at http_main.c:4363
#14 0x812a756 in standalone_main (argc=4, argv=0xbffffb14) at http_main.c:4651
#15 0x812aee3 in main (argc=4, argv=0xbffffb14) at http_main.c:4978
#16 0x408d79cb in __libc_start_main (main=0x812ab9c <main>, argc=4, argv=0xbffffb14, init=0x8064798 <_init>, fini=0x81583dc <_fini>, rtld_fini=0x4000ae60 <_dl_fini>, stack_end=0xbffffb0c) at ../sysdeps/generic/libc-start.c:92

The output from session_encode looks like this:

my_destination|s:26:"http://cola.pil.dk/my.php3";mymsUser|O:8:"mymsuser":17:{s:16:"MymsMobilenumber";s:20:"40176558            ";s:9:"CountryID";i:20;s:10:"LanguageID";i:1;s:15:"LanguageISOCode";s:2:"en";s:9:"SelectAll";s:162:"SELECT MymsUserID, MymsUserEmail, MymsUserPassword, MymsFirstname, MymsLastname, 
                                MymsRememberCode, MymsMobilenumber, CountryID, LanguageID 
                        FROM Myms_User";s:5:"valid";b:1;s:2:"ID";i:1;s:5:"Email";s:16:"christian@pil.dk";s:8:"Password";s:4:"fisk";s:9:"FirstName";s:254:"Christian                                                                                                                                                                                                                                                     ";s:8:"LastName";s:254:"Laursen                                                                                                                                                                                                                                                       ";s:12:"RememberCode";s:0:"";s:18:"RememberCookieName";s:12:"MymsRemember";s:10:"ExistsInDB";b:1;s:3:"dbh";O:6:"db_sql":14:{s:4:"Host";s:9:"localhost";s:8:"Database";s:6:"master";s:4:"User";s:6:"master";s:8:"Password";s:13:"XXXXXXXXXXXXX";s:13:"UseODBCCursor";i:0;s:7:"Link_ID";i:0;s:8:"Query_ID";i:0;s:6:"Record";a:2:{i:0;s:5:"en   ";s:15:"languageisocode";s:5:"en   ";}s:3:"Row";i:0;s:5:"Errno";i:0;s:5:"Error";s:0:"";s:9:"Auto_Free";i:0;s:11:"Auto_Commit";i:1;}s:8:"Timezone";i:0;}

I tried to inspect the contents of ps_globals at that point but forund nothing suspicious-looking there.

If there is anything else I can do to help, please let me know.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2000-07-13 10:52 UTC] christian at pil dot dk

Generating the session_dump causes a segfault.

Here's the backtrace:

#0  __writev (fd=8, vector=0xbfffbf88, count=2) at ../sysdeps/unix/sysv/linux/writev.c:52
#1  0x811d90b in writev_it_all (fb=0x81c9274, vec=0xbfffbf88, nvec=2) at buff.c:1070
#2  0x811dd40 in large_write (fb=0x81c9274, buf=0x83cab24, nbyte=149) at buff.c:1225
#3  0x811de04 in ap_bwrite (fb=0x81c9274, buf=0x83cab24, nbyte=149) at buff.c:1288
#4  0x812f61e in ap_rwrite (buf=0x83cab24, nbyte=149, r=0x820cfbc) at http_protocol.c:2393
#5  0x807d5f6 in sapi_apache_ub_write (str=0x83cab24 "</font>\n\t\t\t\t  </td>\n", ' ' <repeats 18 times>, "<td width=\"110\" align=\"right\"><font size=\"-2\" face=\"Verdana, Arial, Helvetica, sans-serif\"><a href=\"help.php3\">", str_length=149) at mod_php4.c:141
#6  0x80daaf9 in php_ub_body_write_no_header (str=0x83cab24 "</font>\n\t\t\t\t  </td>\n", ' ' <repeats 18 times>, "<td width=\"110\" align=\"right\"><font size=\"-2\" face=\"Verdana, Arial, Helvetica, sans-serif\"><a href=\"help.php3\">", str_length=149) at output.c:270
#7  0x80da8cc in php_body_write (str=0x83cab24 "</font>\n\t\t\t\t  </td>\n", ' ' <repeats 18 times>, "<td width=\"110\" align=\"right\"><font size=\"-2\" face=\"Verdana, Arial, Helvetica, sans-serif\"><a href=\"help.php3\">", str_length=149) at output.c:84
#8  0x807f892 in php_body_write_wrapper (str=0x83cab24 "</font>\n\t\t\t\t  </td>\n", ' ' <repeats 18 times>, "<td width=\"110\" align=\"right\"><font size=\"-2\" face=\"Verdana, Arial, Helvetica, sans-serif\"><a href=\"help.php3\">", str_length=149) at main.c:688
#9  0x80efded in zend_print_zval_ex (write_func=0x807f884 <php_body_write_wrapper>, expr=0x824c34c, indent=0) at zend.c:189
#10 0x80efd9c in zend_print_zval (expr=0x824c34c, indent=0) at zend.c:170
#11 0x80ef9e9 in zend_print_variable (var=0x824c34c) at zend_variables.c:162
#12 0x8113610 in execute (op_array=0x826afd0) at ./zend_execute.c:1189
#13 0x8115b88 in execute (op_array=0x83a38e0) at ./zend_execute.c:1598
#14 0x8115b88 in execute (op_array=0x83a3ed8) at ./zend_execute.c:1598
#15 0x8115b88 in execute (op_array=0x82a2e70) at ./zend_execute.c:1598
#16 0x8115b88 in execute (op_array=0x83a8004) at ./zend_execute.c:1598
#17 0x80801db in php_execute_script (primary_file=0xbffff95c) at main.c:1157
#18 0x80faca0 in apache_php_module_main (r=0x820cfbc, fd=23, display_source_mode=0) at sapi_apache.c:93
#19 0x807defb in send_php (r=0x820cfbc, display_source_mode=0, filename=0x820daac "/path/docs/my.php3") at mod_php4.c:515
#20 0x807df3c in send_parsed_php (r=0x820cfbc) at mod_php4.c:527
#21 0x811f013 in ap_invoke_handler (r=0x820cfbc) at http_config.c:508
#22 0x81324f9 in process_request_internal (r=0x820cfbc) at http_request.c:1215
#23 0x813255c in ap_process_request (r=0x820cfbc) at http_request.c:1231
#24 0x8129e3e in child_main (child_num_arg=0) at http_main.c:4177
#25 0x8129fcc in make_child (s=0x81bfa24, slot=0, now=963411222) at http_main.c:4281
#26 0x812a129 in startup_children (number_to_start=5) at http_main.c:4363
#27 0x812a756 in standalone_main (argc=4, argv=0xbffffb14) at http_main.c:4651
#28 0x812aee3 in main (argc=4, argv=0xbffffb14) at http_main.c:4978
#29 0x408d79cb in __libc_start_main (main=0x812ab9c <main>, argc=4, argv=0xbffffb14, init=0x8064798 <_init>, fini=0x81583dc <_fini>, rtld_fini=0x4000ae60 <_dl_fini>, stack_end=0xbffffb0c) at ../sysdeps/generic/libc-start.c:92

[2000-07-13 11:01 UTC] kara at cvs dot php dot net

Should be fixed in CVS a few days ago

[2000-08-08 23:03 UTC] waldschrott@php.net

Closed due to missing user feedback.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Oct 27 16:01:27 2024 UTC