php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70876 Segmentation fault when regenerating session id with strict mode
Submitted: 2015-11-07 11:52 UTC Modified: 2015-11-07 13:59 UTC
From: guilbaud dot johan at gmail dot com Assigned: laruence (profile)
Status: Closed Package: Session related
PHP Version: 7.0.0RC6 OS: OpenSuse leap 42.1 x86_64
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: guilbaud dot johan at gmail dot com
New email:
PHP Version: OS:

 

 [2015-11-07 11:52 UTC] guilbaud dot johan at gmail dot com
Description:
------------
Hello
I got segmentation fault when session.strict_mod is set to true and regenerate_session_id is called

I've compiled php with RC6 sources
I've got the problem with PHP7RC5 and PHPRC6 RPMs for opensuse too


Test script:
---------------
<?php
ini_set('session.use_strict_mode', true);
session_start();
session_regenerate_id();
echo "ok";

Expected result:
----------------
Ok

Actual result:
--------------
Segmentation fault / browser show connection was reset 

#0  ps_files_path_create (buf=buf@entry=0x7fffffffa370 "\340І\353\377\177", data=0x0, key=0x7fffeb864018 "3a81076e16d071a7f245db1db761e4bf", buflen=4096)
    at /home/johan/php7/php-7.0.0RC6/ext/session/mod_files.c:117
#1  0x00007ffff160d813 in ps_files_key_exists (data=<optimized out>, key=<optimized out>) at /home/johan/php7/php-7.0.0RC6/ext/session/mod_files.c:334
#2  0x00007ffff160bbbf in zif_session_regenerate_id (execute_data=<optimized out>, return_value=0x7fffeb812290) at /home/johan/php7/php-7.0.0RC6/ext/session/session.c:2081
#3  0x00007ffff176b5dd in ZEND_DO_ICALL_SPEC_HANDLER () at /home/johan/php7/php-7.0.0RC6/Zend/zend_vm_execute.h:586
#4  0x00007ffff175dd8b in execute_ex (ex=<optimized out>) at /home/johan/php7/php-7.0.0RC6/Zend/zend_vm_execute.h:414
#5  0x00007ffff17a6df7 in zend_execute (op_array=0x7fffeb874000, op_array@entry=0x7fffeb89a360, return_value=return_value@entry=0x7fffeb812030)
    at /home/johan/php7/php-7.0.0RC6/Zend/zend_vm_execute.h:458
#6  0x00007ffff1722d64 in zend_execute_scripts (type=type@entry=8, retval=0x7fffeb812030, retval@entry=0x0, file_count=file_count@entry=3)
    at /home/johan/php7/php-7.0.0RC6/Zend/zend.c:1428
#7  0x00007ffff16c7c80 in php_execute_script (primary_file=primary_file@entry=0x7fffffffd720) at /home/johan/php7/php-7.0.0RC6/main/main.c:2471
#8  0x00007ffff17a86e2 in php_handler (r=<optimized out>) at /home/johan/php7/php-7.0.0RC6/sapi/apache2handler/sapi_apache2.c:678
#9  0x000055555559f180 in ap_run_handler ()
#10 0x000055555559f6c9 in ap_invoke_handler ()
#11 0x00005555555b39ac in ap_internal_redirect ()
#12 0x00007ffff226716c in ?? () from /usr/lib64/apache2-prefork/mod_rewrite.so
#13 0x000055555559f180 in ap_run_handler ()
#14 0x000055555559f6c9 in ap_invoke_handler ()
#15 0x00005555555b464a in ?? ()
#16 0x00005555555b4924 in ?? ()
#17 0x00005555555b0c7e in ?? ()
#18 0x00005555555a8d30 in ap_run_process_connection ()
#19 0x00005555555bba9e in ?? ()
#20 0x00005555555bbc98 in ?? ()
#21 0x00005555555bc9b3 in ?? ()
#22 0x0000555555584f9e in ap_run_mpm ()
---Type <return> to continue, or q <return> to quit---
#23 0x000055555557e616 in ?? ()
#24 0x00007ffff6f4cb05 in __libc_start_main () from /lib64/libc.so.6
#25 0x000055555557e74f in _start ()


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-11-07 13:20 UTC] laruence@php.net
-Assigned To: +Assigned To: laruence
 [2015-11-07 13:49 UTC] reeze@php.net
Automatic comment on behalf of reeze
Revision: http://git.php.net/?p=php-src.git;a=commit;h=0bf3ebb4ba77f38261d9cb21a205a7d31b7f85cf
Log: Fixed bug #70876 Segmentation fault when regenerating session id with strict mode
 [2015-11-07 13:49 UTC] reeze@php.net
-Status: Assigned +Status: Closed
 [2015-11-07 13:59 UTC] reeze@php.net
Hi laruence,

I found this easy one. It didn't get assigned before. after I commit the diff then I noticed the assignment. ;-).

As I mentioned in commit.   https://github.com/php/php-src/blob/master/ext/session/mod_files.c#L654 said it should be non-null,  but it did.   https://github.com/php/php-src/blob/master/ext/session/mod_files.c#L676 maybe   yohgaki may take care of it. either by fix comment or the *mod_data thing.
 [2015-11-07 14:19 UTC] reeze@php.net
Automatic comment on behalf of reeze
Revision: http://git.php.net/?p=php-src.git;a=commit;h=0bf3ebb4ba77f38261d9cb21a205a7d31b7f85cf
Log: Fixed bug #70876 Segmentation fault when regenerating session id with strict mode
 [2015-11-07 15:30 UTC] laruence@php.net
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=e9fd8ad4462a39f61e757ef89f417c413aa1df6f
Log: Fixed bug #70876 (Segmentation fault when regenerating session id with strict mode)
 [2015-11-07 15:30 UTC] laruence@php.net
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=148bb622faa71090a3f6d9721aeb28a4ac720496
Log: Revert &quot;Fixed bug #70876 Segmentation fault when regenerating session id with strict mode&quot;
 [2015-11-09 18:12 UTC] ab@php.net
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=22d3033ec689e5fc56dc165fff9bff9d6c13880c
Log: Fixed bug #70876 (Segmentation fault when regenerating session id with strict mode)
 [2016-07-20 11:35 UTC] davey@php.net
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=e9fd8ad4462a39f61e757ef89f417c413aa1df6f
Log: Fixed bug #70876 (Segmentation fault when regenerating session id with strict mode)
 [2016-07-20 11:35 UTC] davey@php.net
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=148bb622faa71090a3f6d9721aeb28a4ac720496
Log: Revert &quot;Fixed bug #70876 Segmentation fault when regenerating session id with strict mode&quot;
 [2016-07-20 11:35 UTC] davey@php.net
Automatic comment on behalf of reeze
Revision: http://git.php.net/?p=php-src.git;a=commit;h=0bf3ebb4ba77f38261d9cb21a205a7d31b7f85cf
Log: Fixed bug #70876 Segmentation fault when regenerating session id with strict mode
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed Oct 09 08:01:27 2024 UTC