php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #9061 SIGSEGV in session write
Submitted: 2001-02-01 19:00 UTC Modified: 2001-06-14 23:20 UTC
From: jcanon at accero dot net Assigned:
Status: Closed Package: Session related
PHP Version: 4.0.4pl1 OS: Red Hat 6.2 Linux
Private report: No CVE-ID:
 [2001-02-01 19:00 UTC] jcanon at accero dot net
Gentlemen/Ladies,

I found what I believe to be a bug in PHP. 

I am using sessions on a secure server (i.e. SSL). The sessions are configured so that the Write routine uses a 'global' object in order to access user details (and update a mySql database with that information). That object is built from a class definition which is defined as extending another class. My session 'Write' routine looks like this:

function write ($id, $sess_data) { // uses a database - and php calls it after the script terminates
    global $currentUser;     // 
     if (!$currentUser->updateSessionID()) {
          return (false); // 
     }
     return(true);
}

I was getting SIGSEGV's in my log file, so I changed the above code to create a new $currentUser object using a single global variable string (as the information from which to create the $currentUser) - instead of referring to the object created while my script was still returning stuff to the browser. This has eliminated the faults.

Below is the output from running httpd under gdb while accessing the page:

Program received signal SIGSEGV, Segmentation fault.
0x80dabea in _efree (ptr=0x8373a38) at zend_alloc.c:232
232             REMOVE_POINTER_FROM_LIST(p);


(gdb) bt
#0  0x80dabea in _efree (ptr=0x8373a38) at zend_alloc.c:232
#1  0x80db0a1 in shutdown_memory_manager (silent=1, clean_cache=0) at zend_alloc.c:439
#2  0x8078d7e in php_request_shutdown (dummy=0x0) at main.c:695
#3  0x80769ac in php_apache_request_shutdown ()
#4  0x8118861 in run_cleanups ()
#5  0x8116da3 in ap_clear_pool ()
#6  0x8116e27 in ap_destroy_pool ()
#7  0x8116d8f in ap_clear_pool ()
#8  0x8128041 in child_main ()
#9  0x8128695 in make_child ()
#10 0x8128814 in startup_children ()
#11 0x8128e8c in standalone_main ()
#12 0x81296dc in main ()
#13 0x81c301b in __libc_start_main (main=0x8129330 <main>, argc=5, argv=0xbffffab4, init=0x80480b4 <_init>,
    fini=0x8211b3c <_fini>, rtld_fini=0, stack_end=0xbffffaac) at ../sysdeps/generic/libc-start.c:92



Here is our configuration:

Apache 1.3.17
./configure  --activate-module=src/modules/php4/libphp4.a
--enable-module=ssl

PHP 4.0.4pl1
./configure --with-mysql --with-apache=../apache_1.3.17 --enable-track-vars
--enable-debug

Mod_ssl 2.8.0
./configure --with-apache=../apache_1.3.17

Resulting binary library info:

ldd httpd-1.3.17-php-4.0.4pl1-mod_ssl2.8.0.shared.debug
     libpam.so.0 => /lib/libpam.so.0 (0x4001a000)
     libdl.so.2 => /lib/libdl.so.2 (0x40022000)
     libresolv.so.2 => /lib/libresolv.so.2 (0x40026000)
     libm.so.6 => /lib/libm.so.6 (0x40035000)
     libcrypt.so.1 => /lib/libcrypt.so.1 (0x40053000)
     libnsl.so.1 => /lib/libnsl.so.1 (0x40080000)
     libssl.so.0 => /usr/lib/libssl.so.0 (0x40096000)
     libcrypto.so.0 => /usr/lib/libcrypto.so.0 (0x400c3000)
     libc.so.6 => /lib/libc.so.6 (0x40180000)
     /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

We also compiled the binary with --static.

Thank you,

Joe Canon

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-06-14 23:20 UTC] sniper@php.net
This should be fixed in PHP 4.0.6, please try the latest RC from:

http://www.php.net/~andi/php-4.0.6RC3.tar.gz

(if above link doesn't work, try changing RC3 to RC4)


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Mon Apr 21 07:02:06 2014 UTC