severity 694473 grave
reassign 694473 libapache2-mod-php5
retitle 694473 session extension causes endless recursion after graceful reload
found 694473 5.4.4-10
thanks
This is an endless recursion resulting in a stack overflow:
#0 0xb5be0283 in php_session_rfc1867_callback (event=,
event_data=0x0, extra=0xbfd43a70) at /build/buildd-php5_5.4.4-10-i386-
SZuNyZ/php5-5.4.4/ext/session/session.c:2388
...
#82550 0xb5be0283 in php_session_rfc1867_callback (event=,
event_data=0x0, extra=0xbfd43a70) at /build/buildd-php5_5.4.4-10-
i386-SZuNyZ/php5-5.4.4/ext/session/session.c:2388
...
It always happens after there has been an graceful reload (i.e.
/etc/init.d/apache2 reload), so it will break after every logrotate (therefore
bumping severity).
The attached patch is a hack to workaround the issue, but it is not a complete
fix:
If there is another plugin setting php_rfc1867_callback and using the
same logic, there will again be an endless recursion (but this time alternating
between two functions).
I am not familiar enough with php to know what the correct fix would be. Maybe
it should just set a flag during the first time PHP_MINIT_FUNCTION(session) is
called and do nothing the second time around. Or maybe mod_php should make sure
that the static data is re-initialized again.
--- php5-5.4.4.orig/ext/session/session.c
+++ php5-5.4.4/ext/session/session.c
@@ -2192,8 +2192,10 @@
#ifdef HAVE_LIBMM
PHP_MINIT(ps_mm) (INIT_FUNC_ARGS_PASSTHRU);
#endif
- php_session_rfc1867_orig_callback = php_rfc1867_callback;
- php_rfc1867_callback = php_session_rfc1867_callback;
+ if (php_rfc1867_callback != php_session_rfc1867_callback) {
+ php_session_rfc1867_orig_callback = php_rfc1867_callback;
+ php_rfc1867_callback = php_session_rfc1867_callback;
+ }
/* Register interface */
INIT_CLASS_ENTRY(ce, PS_IFACE_NAME, php_session_iface_functions);
