#44946 [NEW]: crashes in ini_set()

gryzman at gmail dot com Thu, 08 May 2008 05:05:29 -0700

From:             gryzman at gmail dot com
Operating system: centos 4.6 itanium
PHP version:      5.2.6
PHP Bug Type:     Reproducible crash
Bug description:  crashes in ini_set()


Description:
------------
it looks like it crashes on ini_set() , with no exception as to which 
param I want to change. 

Reproduce code:
---------------
<?PHP
ini_set('session.save_handler', 'user');
?>



Expected result:
----------------
no crashes

Actual result:
--------------
crash


[EMAIL PROTECTED] ~]# gdb php
GNU gdb Red Hat Linux (6.3.0.0-1.153.el4rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and 
you are
welcome to change it and/or distribute copies of it under certain 
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for 
details.
This GDB was configured as "ia64-redhat-linux-gnu"...(no debugging 
symbols found)
Using host libthread_db library "/lib/tls/libthread_db.so.1".

(gdb) r
Starting program: /usr/bin/php 
Reading symbols from shared object read from target memory...(no 
debugging symbols found)...done.
Loaded system supplied DSO at 0xa000000000000000
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread 2305843009231854656 (LWP 13379)]
<?PHP
ini_set('session.save_handler', 'user');
?>

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 2305843009231854656 (LWP 13379)]
0x4000000000379a61 in _zval_ptr_dtor ()
(gdb) bt
#0  0x4000000000379a61 in _zval_ptr_dtor ()
#1  0x40000000003ee300 in zend_do_fcall_common_helper_SPEC ()
#2  0x40000000003ed8f0 in execute ()
#3  0x40000000003a1c60 in zend_execute_scripts ()
#4  0x4000000000304010 in php_execute_script ()
#5  0x4000000000533ed0 in main ()




or for instance:

(vanillia 5.2.6 php, with debug symbols:)

[EMAIL PROTECTED] php-5.2.6]# gdb ./sapi/cli/php
GNU gdb Red Hat Linux (6.3.0.0-1.153.el4rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and 
you are
welcome to change it and/or distribute copies of it under certain 
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for 
details.
This GDB was configured as "ia64-redhat-linux-gnu"...Using host 
libthread_db library "/lib/tls/libthread_db.so.1".

warning: not using untrusted file ".gdbinit"
(gdb) r
Starting program: /tmp/php-5.2.6/sapi/cli/php 
Reading symbols from shared object read from target memory...done.
Loaded system supplied DSO at 0xa000000000000000
[Thread debugging using libthread_db enabled]
[New Thread 2305843009230556256 (LWP 16212)]
<?PHP
ini_set('session.save_handler', 'user');
?>

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 2305843009230556256 (LWP 16212)]
_zval_ptr_dtor (zval_ptr=0x60000fffffff8d00) at /tmp/php-
5.2.6/Zend/zend_execute_API.c:412
412             (*zval_ptr)->refcount--;
(gdb) bt
#0  _zval_ptr_dtor (zval_ptr=0x60000fffffff8d00) at /tmp/php-
5.2.6/Zend/zend_execute_API.c:412
#1  0x40000000003e5b70 in zend_do_fcall_common_helper_SPEC 
(execute_data=0x60000fffffff8d60) at /tmp/php-
5.2.6/Zend/zend_execute.h:155
#2  0x40000000003e5160 in execute (op_array=0x20000000010b9e20) at 
/tmp/php-5.2.6/Zend/zend_vm_execute.h:92
#3  0x40000000003994d0 in zend_execute_scripts (type=8, retval=0x0, 
file_count=3) at /tmp/php-5.2.6/Zend/zend.c:1134
#4  0x40000000002fb800 in php_execute_script (primary_file=Cannot 
access memory at address 0x1
) at /tmp/php-5.2.6/main/main.c:2005
#5  0x400000000052a650 in main (argc=Cannot access memory at address 
0x10
) at /tmp/php-5.2.6/sapi/cli/php_cli.c:1140
(gdb) 




-- 
Edit bug report at http://bugs.php.net/?id=44946&edit=1
-- 
Try a CVS snapshot (PHP 5.2): 
http://bugs.php.net/fix.php?id=44946&r=trysnapshot52
Try a CVS snapshot (PHP 5.3): 
http://bugs.php.net/fix.php?id=44946&r=trysnapshot53
Try a CVS snapshot (PHP 6.0): 
http://bugs.php.net/fix.php?id=44946&r=trysnapshot60
Fixed in CVS:                 http://bugs.php.net/fix.php?id=44946&r=fixedcvs
Fixed in release:             
http://bugs.php.net/fix.php?id=44946&r=alreadyfixed
Need backtrace:               http://bugs.php.net/fix.php?id=44946&r=needtrace
Need Reproduce Script:        http://bugs.php.net/fix.php?id=44946&r=needscript
Try newer version:            http://bugs.php.net/fix.php?id=44946&r=oldversion
Not developer issue:          http://bugs.php.net/fix.php?id=44946&r=support
Expected behavior:            http://bugs.php.net/fix.php?id=44946&r=notwrong
Not enough info:              
http://bugs.php.net/fix.php?id=44946&r=notenoughinfo
Submitted twice:              
http://bugs.php.net/fix.php?id=44946&r=submittedtwice
register_globals:             http://bugs.php.net/fix.php?id=44946&r=globals
PHP 4 support discontinued:   http://bugs.php.net/fix.php?id=44946&r=php4
Daylight Savings:             http://bugs.php.net/fix.php?id=44946&r=dst
IIS Stability:                http://bugs.php.net/fix.php?id=44946&r=isapi
Install GNU Sed:              http://bugs.php.net/fix.php?id=44946&r=gnused
Floating point limitations:   http://bugs.php.net/fix.php?id=44946&r=float
No Zend Extensions:           http://bugs.php.net/fix.php?id=44946&r=nozend
MySQL Configuration Error:    http://bugs.php.net/fix.php?id=44946&r=mysqlcfg

#44946 [NEW]: crashes in ini_set()

Reply via email to