severity 694473 grave
reassign 694473 libapache2-mod-php5
retitle 694473 session extension causes endless recursion after graceful reload
found 694473 5.4.4-10

This is an endless recursion resulting in a stack overflow:

#0 0xb5be0283 in php_session_rfc1867_callback (event=<unknown type>, 
event_data=0x0, extra=0xbfd43a70) at /build/buildd-php5_5.4.4-10-i386-


#82550 0xb5be0283 in php_session_rfc1867_callback (event=<unknown type>, 
event_data=0x0, extra=0xbfd43a70) at /build/buildd-php5_5.4.4-10-


It always happens after there has been an graceful reload (i.e.
/etc/init.d/apache2 reload), so it will break after every logrotate (therefore
bumping severity).

The attached patch is a hack to workaround the issue, but it is not a complete 
If there is another plugin setting php_rfc1867_callback and using the
same logic, there will again be an endless recursion (but this time alternating
between two functions).

I am not familiar enough with php to know what the correct fix would be. Maybe
it should just set a flag during the first time PHP_MINIT_FUNCTION(session) is
called and do nothing the second time around. Or maybe mod_php should make sure
that the static data is re-initialized again.
--- php5-5.4.4.orig/ext/session/session.c
+++ php5-5.4.4/ext/session/session.c
@@ -2192,8 +2192,10 @@
 #ifdef HAVE_LIBMM
-	php_session_rfc1867_orig_callback = php_rfc1867_callback;
-	php_rfc1867_callback = php_session_rfc1867_callback;
+	if (php_rfc1867_callback != php_session_rfc1867_callback) {
+		php_session_rfc1867_orig_callback = php_rfc1867_callback;
+		php_rfc1867_callback = php_session_rfc1867_callback;
+	}
 	/* Register interface */
 	INIT_CLASS_ENTRY(ce, PS_IFACE_NAME, php_session_iface_functions);

Reply via email to