ID: 31704 Updated by: [EMAIL PROTECTED] Reported By: frode at coretrek dot no Status: Feedback Bug Type: Strings related Operating System: FreeBSD 4.10 PHP Version: 4.3.10 New Comment:
The code is correct in that area. If you are using sessions your segfault could be cause because FreeBSD does not use http://cvs.php.net/diff.php/php-src/ext/session/session.c?r1=1.336.2.48&r2=1.336.2.49&ty=u without this fix it is possible that the rearrangement of unserialize() triggers the bug in the session module. If this does not fix the problem please give a full backtrace. Because even if the code segfaults in unserialize() the crash could be cause because it was previously called in an not 100% correct way. Previous Comments: ------------------------------------------------------------------------ [2005-01-26 17:22:29] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php4-STABLE-latest.tar.gz For Windows: http://snaps.php.net/win32/php4-win32-STABLE-latest.zip ------------------------------------------------------------------------ [2005-01-26 16:38:18] frode at coretrek dot no Description: ------------ I've been having problems with php segfaulting randomly when using the FreeBSD ports-build of php, with errors that do not appear to occur when using the "php-4.3.10.tar.bz" vanilla tarball. While browsing FreeBSD's patches for php-4.3.10, I noticed the following file: http://www.freebsd.org/cgi/cvsweb.cgi/ports/lang/php4/files/patch-ext%3a%3astandard%3a%3avar_unserializer.c http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/ports/lang/php4/files/patch-ext%3a%3astandard%3a%3avar_unserializer.c?rev=1.1&content-type=text/plain which appears to be based on, among other patches, the following commit: http://cvs.php.net/diff.php/php-src/ext/standard/var_unserializer.c?r1=1.48&r2=1.49&ty=u Notice that "old_data" is changed from a "zval*" to a "zval**". Looking at the "full picture" in the latest version of this file at: http://cvs.php.net/co.php/php-src/ext/standard/var_unserializer.c?r=1.18.4.18 I can see that "(void**)&old_data" is passed to zend_hash_index_find. My C knowledge is rusty at best, but doesn't this result in an "zval***" being cast into a "void**", i.e. wrong number of indirections? I'd appreciate it if someone more familiar with the PHP sourcecode could have a look at this and determine if there is a bug here. Reproduce code: --------------- N/A Expected result: ---------------- N/A Actual result: -------------- N/A ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=31704&edit=1
