[Bug 173043] Re: php5 5.2.3-1ubuntu6.1 introduced segfault regression

Malcolm Scott Fri, 30 Nov 2007 19:25:27 -0800

I've reproduced the crash using a self-compiled package with debug
symbols (DEB_BUILD_OPTIONS=nostrip,debug).  Here's the backtrace:


#0  0x00002b886ee62b50 in strlen () from /lib/libc.so.6
#1  0x000000000051f4e4 in php_session_reset_id () at 
/home/malcolm/srcfphpbuild/php5-5.2.3/ext/session/session.c:1098
#2  0x0000000000521c55 in php_session_start () at 
/home/malcolm/srcfphpbuild/php5-5.2.3/ext/session/session.c:1327
#3  0x0000000000522529 in zif_session_start (ht=1821884800, 
return_value=0x2b886c977a78, return_value_ptr=0x2b886c951c80, this_ptr=0x0, 
    return_value_used=-16843009) at 
/home/malcolm/srcfphpbuild/php5-5.2.3/ext/session/session.c:1802
#4  0x00000000006770f2 in zend_do_fcall_common_helper_SPEC 
(execute_data=0x7fff3e1a7b60)
    at /home/malcolm/srcfphpbuild/php5-5.2.3/Zend/zend_vm_execute.h:200
#5  0x0000000000667bdc in execute (op_array=0xd92d90) at 
/home/malcolm/srcfphpbuild/php5-5.2.3/Zend/zend_vm_execute.h:92
#6  0x000000000066c9f3 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER 
(execute_data=0x7fff3e1af4d0)
    at /home/malcolm/srcfphpbuild/php5-5.2.3/Zend/zend_vm_execute.h:2030
#7  0x0000000000667bdc in execute (op_array=0xd865c0) at 
/home/malcolm/srcfphpbuild/php5-5.2.3/Zend/zend_vm_execute.h:92
#8  0x000000000066c9f3 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER 
(execute_data=0x7fff3e1b10c0)
    at /home/malcolm/srcfphpbuild/php5-5.2.3/Zend/zend_vm_execute.h:2030
#9  0x0000000000667bdc in execute (op_array=0xd82d38) at 
/home/malcolm/srcfphpbuild/php5-5.2.3/Zend/zend_vm_execute.h:92
#10 0x00000000006488b3 in zend_execute_scripts (type=32767, retval=0x0, 
file_count=3)
    at /home/malcolm/srcfphpbuild/php5-5.2.3/Zend/zend.c:1134
#11 0x00000000006067f8 in php_execute_script (primary_file=Cannot access memory 
at address 0x80003e1b0138
) at /home/malcolm/srcfphpbuild/php5-5.2.3/main/main.c:1794
#12 0x00000000006ca99f in main (argc=1041979768, argv=0x0) at 
/home/malcolm/srcfphpbuild/php5-5.2.3/sapi/cgi/cgi_main.c:1735

This corroborates uwe's comment that something is going wrong in the
session handling code.

The problem occurs due to 204-start-session-cookies.patch: the change at line 
1098 of ext/session/session.c from
       smart_str_appends(&ncookie, PS(session_name));
to
       e_session_name = php_url_encode(PS(session_name), 
strlen(PS(session_name)), NULL);
       smart_str_appends(&ncookie, e_session_name);
is what's causing the crash.

Currently working on a fix.

** Changed in: php5 (Ubuntu)
       Status: Incomplete => Confirmed

-- 
php5 5.2.3-1ubuntu6.1 introduced segfault regression
https://bugs.launchpad.net/bugs/173043
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 173043] Re: php5 5.2.3-1ubuntu6.1 introduced segfault regression

Reply via email to