#48922 [Fbk]: session_set_save_handler() appears to cause all processing to stop

[timj]

 ID:               48922
 Updated by:       t...@php.net
 Reported By:      bobby at indesignfirm dot com
 Status:           Feedback
 Bug Type:         Session related
 Operating System: RedHat 2.6.9-42.0.8.EL #1
 PHP Version:      5.2.10
 New Comment:

I *think* I have the same problem. Segfaults on various pages that
don't occur on 5.2.9. I have a session handler using PEAR HTTP_Session,
that saves via MDB2/mysqli to a MySQL database. The common factor seems
to be that they happen during session_save_state.

Here's 5.2.10: (crash in version_compare):

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff1ea4d3f in _zend_mm_free_int (heap=0x7ffff8396480,
p=0x7ffff8bb7010) at /usr/src/debug/php-5.2.10/Zend/zend_alloc.c:1978
1978            if (ZEND_MM_IS_FREE_BLOCK(next_block)) {
(gdb) bt
#0  0x00007ffff1ea4d3f in _zend_mm_free_int (heap=0x7ffff8396480,
p=0x7ffff8bb7010) at /usr/src/debug/php-5.2.10/Zend/zend_alloc.c:1978
#1  0x00007ffff1ea5af4 in _efree (ptr=0x7ffff8bb7010) at
/usr/src/debug/php-5.2.10/Zend/zend_alloc.c:2311
#2  0x00007ffff1e3f4ff in php_version_compare (orig_ver1=0x7ffff87b7538
"5.2.10", orig_ver2=0x7ffff8e41ac0 "5.0") at
/usr/src/debug/php-5.2.10/ext/standard/versioning.c:202
#3  0x00007ffff1e3f58b in zif_version_compare (ht=3,
return_value=0x7ffff87bc458, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=1) at
/usr/src/debug/php-5.2.10/ext/standard/versioning.c:222
#4  0x00007ffff1ef028d in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fffffffac00) at
/usr/src/debug/php-5.2.10/Zend/zend_vm_execute.h:200
#5  0x00007ffff1ef4235 in ZEND_DO_FCALL_SPEC_CONST_HANDLER
(execute_data=0x7fffffffac00) at
/usr/src/debug/php-5.2.10/Zend/zend_vm_execute.h:1739
#6  0x00007ffff1eefd6f in execute (op_array=0x7ffff8a028c0) at
/usr/src/debug/php-5.2.10/Zend/zend_vm_execute.h:92
#7  0x00007ffff1ef043e in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fffffffba00) at
/usr/src/debug/php-5.2.10/Zend/zend_vm_execute.h:234
#8  0x00007ffff1ef0984 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0x7fffffffba00) at
/usr/src/debug/php-5.2.10/Zend/zend_vm_execute.h:322
#9  0x00007ffff1eefd6f in execute (op_array=0x7ffff8b696e8) at
/usr/src/debug/php-5.2.10/Zend/zend_vm_execute.h:92
#10 0x00007ffff1ef043e in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fffffffbf60) at
/usr/src/debug/php-5.2.10/Zend/zend_vm_execute.h:234
#11 0x00007ffff1ef0984 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0x7fffffffbf60) at
/usr/src/debug/php-5.2.10/Zend/zend_vm_execute.h:322
#12 0x00007ffff1eefd6f in execute (op_array=0x7ffff8b69588) at
/usr/src/debug/php-5.2.10/Zend/zend_vm_execute.h:92
#13 0x00007ffff1ef043e in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fffffffc2d0) at
/usr/src/debug/php-5.2.10/Zend/zend_vm_execute.h:234
#14 0x00007ffff1ef0984 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0x7fffffffc2d0) at
/usr/src/debug/php-5.2.10/Zend/zend_vm_execute.h:322
#15 0x00007ffff1eefd6f in execute (op_array=0x7ffff8b6a728) at
/usr/src/debug/php-5.2.10/Zend/zend_vm_execute.h:92
#16 0x00007ffff1ef043e in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fffffffd1c0) at
/usr/src/debug/php-5.2.10/Zend/zend_vm_execute.h:234
#17 0x00007ffff1ef0984 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0x7fffffffd1c0) at
/usr/src/debug/php-5.2.10/Zend/zend_vm_execute.h:322
#18 0x00007ffff1eefd6f in execute (op_array=0x7ffff8e29300) at
/usr/src/debug/php-5.2.10/Zend/zend_vm_execute.h:92
#19 0x00007ffff1eb816b in zend_call_function (fci=0x7fffffffd440,
fci_cache=0x0) at
/usr/src/debug/php-5.2.10/Zend/zend_execute_API.c:1032
#20 0x00007ffff1eb66d4 in call_user_function_ex
(function_table=0x7ffff8396d20, object_pp=0x0,
function_name=0x7ffff8e3eea0, retval_ptr_ptr=0x7fffffffd4e8,
param_count=2, params=0x7ffff87b7670, no_separation=1, 
    symbol_table=0x0) at
/usr/src/debug/php-5.2.10/Zend/zend_execute_API.c:640
#21 0x00007ffff1eb65af in call_user_function
(function_table=0x7ffff8396d20, object_pp=0x0,
function_name=0x7ffff8e3eea0, retval_ptr=0x7ffff87b7c18, param_count=2,
params=0x7fffffffd590)
    at /usr/src/debug/php-5.2.10/Zend/zend_execute_API.c:613
#22 0x00007ffff1da4785 in ps_call_handler (func=0x7ffff8e3eea0, argc=2,
argv=0x7fffffffd590) at
/usr/src/debug/php-5.2.10/ext/session/mod_user.c:53
#23 0x00007ffff1da4c2d in ps_write_user (mod_data=0x7ffff221db60,
key=0x7ffff8e3f7c0 "59ufo7hqslet38p73jp9na8577", 
    val=0x7ffff8fb1e88
"__HTTP_Session2_Info|i:2;__HTTP_Session2_Idle|i:3600;__HTTP_Session2_Idle_TS|i:1247951369;user_id|s:1:\"6\";audit_user|N;",
vallen=119) at /usr/src/debug/php-5.2.10/ext/session/mod_user.c:141
#24 0x00007ffff1d9d8ba in php_session_save_current_state () at
/usr/src/debug/php-5.2.10/ext/session/session.c:556
#25 0x00007ffff1da0fbb in php_session_flush () at
/usr/src/debug/php-5.2.10/ext/session/session.c:1408
#26 0x00007ffff1da31cc in zm_deactivate_session (type=1,
module_number=17) at
/usr/src/debug/php-5.2.10/ext/session/session.c:2010
#27 0x00007ffff1ecd24b in module_registry_cleanup
(module=0x7ffff83c8550) at
/usr/src/debug/php-5.2.10/Zend/zend_API.c:1976
#28 0x00007ffff1ed2ba7 in zend_hash_reverse_apply (ht=0x7ffff2221e20,
apply_func=0x7ffff1ecd20c <module_registry_cleanup>) at
/usr/src/debug/php-5.2.10/Zend/zend_hash.c:755
#29 0x00007ffff1ec5628 in zend_deactivate_modules () at
/usr/src/debug/php-5.2.10/Zend/zend.c:838
#30 0x00007ffff1e6de29 in php_request_shutdown (dummy=0x0) at
/usr/src/debug/php-5.2.10/main/main.c:1468
#31 0x00007ffff1f475f9 in php_apache_request_dtor (r=0x7ffff87edb38) at
/usr/src/debug/php-5.2.10/sapi/apache2handler/sapi_apache2.c:472
#32 0x00007ffff1f47e6a in php_handler (r=0x7ffff87edb38) at
/usr/src/debug/php-5.2.10/sapi/apache2handler/sapi_apache2.c:644
#33 0x00007ffff7fd9600 in ap_run_handler (r=0x7ffff87edb38) at
/usr/src/debug/httpd-2.2.11/server/config.c:158
#34 0x00007ffff7fdce98 in ap_invoke_handler (r=0x7ffff87edb38) at
/usr/src/debug/httpd-2.2.11/server/config.c:372
#35 0x00007ffff7fe852e in ap_process_request (r=0x7ffff87edb38) at
/usr/src/debug/httpd-2.2.11/modules/http/http_request.c:282
#36 0x00007ffff7fe5328 in ap_process_http_connection (c=0x7ffff87e7cf8)
at /usr/src/debug/httpd-2.2.11/modules/http/http_core.c:190
#37 0x00007ffff7fe1048 in ap_run_process_connection (c=0x7ffff87e7cf8)
at /usr/src/debug/httpd-2.2.11/server/connection.c:43
#38 0x00007ffff7fecf78 in child_main (child_num_arg=<value optimized
out>) at /usr/src/debug/httpd-2.2.11/server/mpm/prefork/prefork.c:650
#39 0x00007ffff7fed1f6 in make_child (s=0x7ffff8212f90, slot=0) at
/usr/src/debug/httpd-2.2.11/server/mpm/prefork/prefork.c:690
#40 0x00007ffff7fed853 in ap_mpm_run (_pconf=<value optimized out>,
plog=<value optimized out>, s=<value optimized out>) at
/usr/src/debug/httpd-2.2.11/server/mpm/prefork/prefork.c:966
#41 0x00007ffff7fc56d0 in main (argc=14, argv=0x7fffffffe128) at
/usr/src/debug/httpd-2.2.11/server/main.c:740
(gdb) frame 2
#2  0x00007ffff1e3f4ff in php_version_compare (orig_ver1=0x7ffff87b7538
"5.2.10", orig_ver2=0x7ffff8e41ac0 "5.0") at
/usr/src/debug/php-5.2.10/ext/standard/versioning.c:202
202             efree(ver1);

The above call appears to have come via "version_compare(phpversion(),
"5.0", ">="))" in MDB2::classExists().

However, running exactly the same page with the 5.2 snapshot from
200907182030 results in apparently the same behaviour (segfault) but in
a completely different function:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff1ea373a in _zend_mm_alloc_int (heap=0x7ffff83964a0, size=12)
at /usr/src/debug/php5.2-200907182030/Zend/zend_alloc.c:1785
1785                            heap->cache[index] = best_fit->prev_free_block;
(gdb) bt
#0  0x00007ffff1ea373a in _zend_mm_alloc_int (heap=0x7ffff83964a0,
size=12) at /usr/src/debug/php5.2-200907182030/Zend/zend_alloc.c:1785
#1  0x00007ffff1ea4bbc in _emalloc (size=12) at
/usr/src/debug/php5.2-200907182030/Zend/zend_alloc.c:2300
#2  0x00007ffff1ea4d49 in _safe_emalloc (nmemb=3, size=4, offset=0) at
/usr/src/debug/php5.2-200907182030/Zend/zend_alloc.c:2391
#3  0x00007ffff1d3d24c in php_pcre_match_impl (pce=0x7ffff8bd8360,
subject=0x7ffff8b998a8
"__HTTP_Session2_Info|i:2;__HTTP_Session2_Idle|i:3600;__HTTP_Session2_Idle_TS|i:1247953764;user_id|s:1:\"6\";audit_user|N;",

    subject_len=119, return_value=0x7ffff87b99f0, subpats=0x0,
global=0, use_flags=0, flags=0, start_offset=0) at
/usr/src/debug/php5.2-200907182030/ext/pcre/php_pcre.c:603
#4  0x00007ffff1d3cfe8 in php_do_pcre_match (ht=2,
return_value=0x7ffff87b99f0, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=1, global=0) at
/usr/src/debug/php5.2-200907182030/ext/pcre/php_pcre.c:513
#5  0x00007ffff1d3db55 in zif_preg_match (ht=2,
return_value=0x7ffff87b99f0, return_value_ptr=0x0, this_ptr=0x0,
return_value_used=1) at
/usr/src/debug/php5.2-200907182030/ext/pcre/php_pcre.c:762
#6  0x00007ffff1eef409 in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fffffffbfe0) at
/usr/src/debug/php5.2-200907182030/Zend/zend_vm_execute.h:200
#7  0x00007ffff1ef33b1 in ZEND_DO_FCALL_SPEC_CONST_HANDLER
(execute_data=0x7fffffffbfe0) at
/usr/src/debug/php5.2-200907182030/Zend/zend_vm_execute.h:1739
#8  0x00007ffff1eeeeeb in execute (op_array=0x7ffff8ec85a0) at
/usr/src/debug/php5.2-200907182030/Zend/zend_vm_execute.h:92
#9  0x00007ffff1eef5ba in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fffffffc2d0) at
/usr/src/debug/php5.2-200907182030/Zend/zend_vm_execute.h:234
#10 0x00007ffff1eefb00 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0x7fffffffc2d0) at
/usr/src/debug/php5.2-200907182030/Zend/zend_vm_execute.h:322
#11 0x00007ffff1eeeeeb in execute (op_array=0x7ffff8b69d80) at
/usr/src/debug/php5.2-200907182030/Zend/zend_vm_execute.h:92
#12 0x00007ffff1eef5ba in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fffffffd1c0) at
/usr/src/debug/php5.2-200907182030/Zend/zend_vm_execute.h:234
#13 0x00007ffff1eefb00 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER
(execute_data=0x7fffffffd1c0) at
/usr/src/debug/php5.2-200907182030/Zend/zend_vm_execute.h:322
#14 0x00007ffff1eeeeeb in execute (op_array=0x7ffff8e29508) at
/usr/src/debug/php5.2-200907182030/Zend/zend_vm_execute.h:92
#15 0x00007ffff1eb727b in zend_call_function (fci=0x7fffffffd440,
fci_cache=0x0) at
/usr/src/debug/php5.2-200907182030/Zend/zend_execute_API.c:1032
#16 0x00007ffff1eb57e4 in call_user_function_ex
(function_table=0x7ffff8396d40, object_pp=0x0,
function_name=0x7ffff8e3f1f0, retval_ptr_ptr=0x7fffffffd4e8,
param_count=2, params=0x7ffff87b7850, no_separation=1, 
    symbol_table=0x0) at
/usr/src/debug/php5.2-200907182030/Zend/zend_execute_API.c:640
#17 0x00007ffff1eb56bf in call_user_function
(function_table=0x7ffff8396d40, object_pp=0x0,
function_name=0x7ffff8e3f1f0, retval_ptr=0x7ffff87b75f0, param_count=2,
params=0x7fffffffd590)
    at /usr/src/debug/php5.2-200907182030/Zend/zend_execute_API.c:613
#18 0x00007ffff1da385d in ps_call_handler (func=0x7ffff8e3f1f0, argc=2,
argv=0x7fffffffd590) at
/usr/src/debug/php5.2-200907182030/ext/session/mod_user.c:53
#19 0x00007ffff1da3d05 in ps_write_user (mod_data=0x7ffff221db20,
key=0x7ffff8d8e290 "l41av5sk36mub26qvgm1t61672", 
    val=0x7ffff8fb2470
"__HTTP_Session2_Info|i:2;__HTTP_Session2_Idle|i:3600;__HTTP_Session2_Idle_TS|i:1247953764;user_id|s:1:\"6\";audit_user|N;",
vallen=119) at
/usr/src/debug/php5.2-200907182030/ext/session/mod_user.c:141
#20 0x00007ffff1d9c98a in php_session_save_current_state () at
/usr/src/debug/php5.2-200907182030/ext/session/session.c:556
#21 0x00007ffff1da008b in php_session_flush () at
/usr/src/debug/php5.2-200907182030/ext/session/session.c:1408
#22 0x00007ffff1da229c in zm_deactivate_session (type=1,
module_number=17) at
/usr/src/debug/php5.2-200907182030/ext/session/session.c:2010
#23 0x00007ffff1ecc35b in module_registry_cleanup
(module=0x7ffff83c86f0) at
/usr/src/debug/php5.2-200907182030/Zend/zend_API.c:1976
#24 0x00007ffff1ed1cb7 in zend_hash_reverse_apply (ht=0x7ffff2221de0,
apply_func=0x7ffff1ecc31c <module_registry_cleanup>) at
/usr/src/debug/php5.2-200907182030/Zend/zend_hash.c:755
#25 0x00007ffff1ec4738 in zend_deactivate_modules () at
/usr/src/debug/php5.2-200907182030/Zend/zend.c:838
#26 0x00007ffff1e6cf1c in php_request_shutdown (dummy=0x0) at
/usr/src/debug/php5.2-200907182030/main/main.c:1463
#27 0x00007ffff1f46775 in php_apache_request_dtor (r=0x7ffff87edd18) at
/usr/src/debug/php5.2-200907182030/sapi/apache2handler/sapi_apache2.c:472
#28 0x00007ffff1f46fe6 in php_handler (r=0x7ffff87edd18) at
/usr/src/debug/php5.2-200907182030/sapi/apache2handler/sapi_apache2.c:644
#29 0x00007ffff7fd9600 in ap_run_handler (r=0x7ffff87edd18) at
/usr/src/debug/httpd-2.2.11/server/config.c:158
#30 0x00007ffff7fdce98 in ap_invoke_handler (r=0x7ffff87edd18) at
/usr/src/debug/httpd-2.2.11/server/config.c:372
#31 0x00007ffff7fe852e in ap_process_request (r=0x7ffff87edd18) at
/usr/src/debug/httpd-2.2.11/modules/http/http_request.c:282
#32 0x00007ffff7fe5328 in ap_process_http_connection (c=0x7ffff87e7ed8)
at /usr/src/debug/httpd-2.2.11/modules/http/http_core.c:190
#33 0x00007ffff7fe1048 in ap_run_process_connection (c=0x7ffff87e7ed8)
at /usr/src/debug/httpd-2.2.11/server/connection.c:43
#34 0x00007ffff7fecf78 in child_main (child_num_arg=<value optimized
out>) at /usr/src/debug/httpd-2.2.11/server/mpm/prefork/prefork.c:650
#35 0x00007ffff7fed1f6 in make_child (s=0x7ffff8212f90, slot=0) at
/usr/src/debug/httpd-2.2.11/server/mpm/prefork/prefork.c:690
#36 0x00007ffff7fed853 in ap_mpm_run (_pconf=<value optimized out>,
plog=<value optimized out>, s=<value optimized out>) at
/usr/src/debug/httpd-2.2.11/server/mpm/prefork/prefork.c:966
#37 0x00007ffff7fc56d0 in main (argc=14, argv=0x7fffffffe128) at
/usr/src/debug/httpd-2.2.11/server/main.c:740
(gdb) frame 3
#3  0x00007ffff1d3d24c in php_pcre_match_impl (pce=0x7ffff8bd8360,
subject=0x7ffff8b998a8
"__HTTP_Session2_Info|i:2;__HTTP_Session2_Idle|i:3600;__HTTP_Session2_Idle_TS|i:1247953764;user_id|s:1:\"6\";audit_user|N;",

    subject_len=119, return_value=0x7ffff87b99f0, subpats=0x0,
global=0, use_flags=0, flags=0, start_offset=0) at
/usr/src/debug/php5.2-200907182030/ext/pcre/php_pcre.c:603
603             offsets = (int *)safe_emalloc(size_offsets, sizeof(int), 0);



Previous Comments:
------------------------------------------------------------------------

[2009-07-15 12:09:20] j...@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/



------------------------------------------------------------------------

[2009-07-14 20:15:11] bobby at indesignfirm dot com

After more research it would seem that the problem lies within the read
function using the mysqli_connect function.  If I change it to
mysql_connect, processing continues, changing it back to mysqli_connect
causes it to instantly fail with no further information.

However all other mysqli queries are running fine.

------------------------------------------------------------------------

[2009-07-14 19:48:55] bobby at indesignfirm dot com

Description:
------------
Server upgraded from 5.2.9 last night and suddenly any scripts using
custom session set save handler has stopped working.

No errors reported, all processing just stops.

Un-commenting the code makes everything come back to life.

Reproduce code:
---------------
function open($savePath, $sessName) {
        return true;
    }
    
    function close() {
        return true;
    }
    
    function read($sessID) {
        //Lookup the session in the database
        $readquery = new QueryCall();
        $readquery->SetProcedureName('Session_GetData');
        $readquery->AddVariable('TEXT', $sessID);
        $readquery->ExecuteQuery();
      
        //Now return the data we get back from the database
        return $readquery->procedureResults[0]['d'];
    }
    
    function write($sessID,$sessData) {
        //Write the session data to the database
        $writequery = new QueryCall();
        $writequery->SetProcedureName('Session_WriteData');
        $writequery->AddVariable('TEXT', $sessID);
        $writequery->AddVariable('TEXT', time());
        $writequery->AddVariable('TEXT', $sessData);
        $writequery->ExecuteQueryNoResults();

        //Now return true just to keep it happy
        return TRUE;
    }
    
    function destroy($sessID) {
        //Destroy the session that we need to get rid of
        $destroyquery = new QueryCall();
        $destroyquery->SetProcedureName('Session_Destroy');
        $destroyquery->AddVariable('TEXT', $sessID);
        $destroyquery->ExecuteQueryNoResults();

        //Return True just to make everything happy
        return TRUE;
    }
    
    function gc($sessMaxLifeTime) {
        //Calculate what the time limit is
        $timelimit = time() - $sessMaxLifeTime;
        
        //Let's do some garbage collection
        $garbagequery = new QueryCall();
        $garbagequery->SetProcedureName('Session_GarbageCollection');
        $garbagequery->AddVariable('TEXT', $timelimit);
        $garbagequery->ExecuteQueryNoResults();
        
        //Return true just to make everything happy
        return TRUE;
    }

session_set_save_handler('open', 'close', 'read', 'write', 'destroy',
'gc');

Expected result:
----------------
Session information should be stored in the database and has been
working for several months now.  Since the upgrade of 5.2.10 it has
stopped working.  No code changes have been made to application

Actual result:
--------------
Blank page.  Nothing returned.


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=48922&edit=1