ID: 24592
Updated by: [EMAIL PROTECTED]
Reported By: jhuston at cs dot umn dot edu
-Status: Open
+Status: Feedback
Bug Type: Session related
Operating System: Sparc Solaris 9
PHP Version: 4.3.3RC2-dev
New Comment:
Do you have register_globals ON or OFF ?
Previous Comments:
------------------------------------------------------------------------
[2003-07-10 14:23:19] jhuston at cs dot umn dot edu
I downloaded the CVS snapshot and compiled it with same configure
options. It is still getting the same bus error as described earlier.
I ran a test on test.php (same code as i posted earlier).
[EMAIL PROTECTED] gradebook]% php -v
PHP 4.3.3RC2-dev (cli) (built: Jul 10 2003 13:24:53)
Copyright (c) 1997-2003 The PHP Group
Zend Engine v1.3.0, Copyright (c) 1998-2003 Zend Technologies
[EMAIL PROTECTED] gradebook]% php test.php
Notice: import_request_variables(): No prefix specified - possible
security hazard in /home/projects/gradebook/test.php on line 6
Notice: Undefined index: webusername in
/home/projects/gradebook/test.php on line 8
Notice: Undefined index: webuserid in
/home/projects/gradebook/test.php on line 9
Notice: Undefined index: webuserroleid in
/home/projects/gradebook/test.php on line 10
Notice: Undefined variable: termid in
/home/projects/gradebook/test.php on line 12
Notice: Undefined index: termid in /home/projects/gradebook/test.php
on line 13
Notice: Undefined index: courseid in /home/projects/gradebook/test.php
on line 14
It didn't crash at all yet.
Bus error
Then I ran it on gdb again and it still produced same error message as
mentioned earlier.
[EMAIL PROTECTED] gradebook]% gdb php
GNU gdb 5.0
Copyright 2000 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and
you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "sparc-sun-solaris2.8"...
(gdb) run test.php
Starting program: /usr/local/bin/php test.php
Notice: import_request_variables(): No prefix specified - possible
security hazard in /home/projects/gradebook/test.php on line 6
Notice: Undefined index: webusername in
/home/projects/gradebook/test.php on line 8
Notice: Undefined index: webuserid in
/home/projects/gradebook/test.php on line 9
Notice: Undefined index: webuserroleid in
/home/projects/gradebook/test.php on line 10
Notice: Undefined variable: termid in
/home/projects/gradebook/test.php on line 12
Notice: Undefined index: termid in /home/projects/gradebook/test.php
on line 13
Notice: Undefined index: courseid in /home/projects/gradebook/test.php
on line 14
It didn't crash at all yet.
Program received signal SIGSEGV, Segmentation fault.
0x135170 in _efree (ptr=0x2c42a0)
at /home/src/php4-STABLE-200307101730/Zend/zend_alloc.c:259
259 /home/src/php4-STABLE-200307101730/Zend/zend_alloc.c: No such
file or directory.
(gdb) where
#0 0x135170 in _efree (ptr=0x2c42a0)
at /home/src/php4-STABLE-200307101730/Zend/zend_alloc.c:259
#1 0x94e98 in migrate_global (ht=0x332228, pos=0x1)
at /home/src/php4-STABLE-200307101730/ext/session/session.c:640
#2 0x94fb8 in php_session_save_current_state ()
at /home/src/php4-STABLE-200307101730/ext/session/session.c:670
#3 0x97b24 in php_session_flush ()
at /home/src/php4-STABLE-200307101730/ext/session/session.c:1593
#4 0x97b54 in zm_deactivate_session (type=0, module_number=4)
at /home/src/php4-STABLE-200307101730/ext/session/session.c:1607
#5 0x148d7c in module_registry_cleanup (module=0x2f0ba8)
at /home/src/php4-STABLE-200307101730/Zend/zend_API.c:1167
#6 0x14b044 in zend_hash_apply (ht=0x2c57a4,
apply_func=0x148d40 <module_registry_cleanup>)
at /home/src/php4-STABLE-200307101730/Zend/zend_hash.c:688
#7 0x145b28 in zend_deactivate_modules ()
at /home/src/php4-STABLE-200307101730/Zend/zend.c:651
#8 0x11600c in php_request_shutdown (dummy=0x0)
at /home/src/php4-STABLE-200307101730/main/main.c:981
#9 0x1616e8 in main (argc=2, argv=0xffbff674)
at /home/src/php4-STABLE-200307101730/sapi/cli/php_cli.c:874
------------------------------------------------------------------------
[2003-07-10 12:13:08] jhuston at cs dot umn dot edu
During the course of writing a shorter script, I discovered a possible
cause of bus error or segmentation fault. When assigning $_SESSION
variable to an undefined variable, it puked. I would like to add that
I was able to reproduce the same behavior under 4.3.2 source tree on
Solaris. It worked fine under 4.2.3 until I upgraded it to 4.3.2 and
the problem surfaced.
Here's the short and sweet script that caused bus error:
---
<?
session_name("unclesam");
session_start();
import_request_variables("gp");
$webusername = $_SESSION['webusername'];
$webuserid = $_SESSION['webuserid'];
$webuserroleid = $_SESSION['webuserroleid'];
if($termid == "") {
$termid = $_SESSION['termid'];
$courseid = $_SESSION['courseid'];
}
$_SESSION['termid'] = $termid;
$_SESSION['courseid'] = $courseid;
?>
It didn't crash at all yet.
---
If you assigned termid to some value via POST or GET, it doesn't crash
at all. I wrote this code in this particular way because I wanted the
script to remember the termid value and when the user pressed back
button or if termid has been changed, it will save the change into
session variable.
The script can be accessed to at
http://scrabble.cs.umn.edu/gradebook/test.php.
The first time you access to this script, it'll come up blank because
it core dumped. But if you appended "?termid=1" to the URL above, it
survives. So basically, if termid is undefined, the script just pukes.
------------------------------------------------------------------------
[2003-07-10 11:19:04] [EMAIL PROTECTED]
Your example script is pretty useless to us since it contains those
include()'s..can you please provide a short script
which doesn't have any external resources required?
And without any HTML, etc. crap.
------------------------------------------------------------------------
[2003-07-10 11:11:43] jhuston at cs dot umn dot edu
Description:
------------
Installed PHP 4.3.3RC1 as a DSO on Apache 2.0.47 with the mysql and
oracle and gd extension enabled. I was able to reproduce same segfault
error on Apache 1.3.27 with DSO enabled. I can also reproduce the same
problem from line command.
It appears that it does go through to the end of the script but it just
dies before it could complete the script peacefully.
I'd get the same problem with my other scripts sharing the same set of
functions library. I tracked down a possible cause of Bus Error or
Segmentation fault. It appears that when the script is doing $_SESSION
variable assignments, it puked on exit. When I commented out all lines
containing $_SESSION variable assignments, the script exited peacefully
without any seg fault or bus error.
Some useful Info:
[EMAIL PROTECTED] uname -a
SunOS scrabble 5.9 Generic sun4u sparc SUNW,Sun-Blade-100
[EMAIL PROTECTED] php -v
PHP 4.3.3RC1 (cli) (built: Jul 10 2003 01:47:16)
Copyright (c) 1997-2003 The PHP Group
Zend Engine v1.3.0, Copyright (c) 1998-2003 Zend Technologies
[EMAIL PROTECTED] php -i
phpinfo()
PHP Version => 4.3.3RC1
System => SunOS scrabble 5.9 Generic sun4u
Build Date => Jul 10 2003 01:42:12
Configure Command => './configure'
'--with-apxs2=/usr/local/apache2/bin/apxs' '--with-mcrypt'
'--with-mysql=/usr/local/mysql4' '--with-oci8' '--enable-track-vars'
'--with-openssl=/usr/local/openssl' '--with-gd'
'--with-jpeg-dir=/usr/local/lib' '--with-zlib-dir=/usr/local/lib'
'--with-png-dir=/usr/local/lib'
Server API => Command Line Interface
Reproduce code:
---------------
One of the source codes can be viewed at:
http://scrabble.cs.umn.edu/gradebook/index.phps
This link will disappear after this bug ticket has been fixed and
closed.
Expected result:
----------------
Expected result would return a page from browser. When it segfaults,
it returns blank.
When I run it from line command I'd get something like this:
[EMAIL PROTECTED] php index.php
<html><title></title>
<style type="text/css">
.
.
.
</table>
<tr><td><font color=#333366>Gradebook 1.0a © 2002 Josh Huston, All
Rights Reserved</font></td></tr>
</table>
</html>
Bus error
[EMAIL PROTECTED]
Actual result:
--------------
This is what i got when running gdb:
[EMAIL PROTECTED] gdb php
GNU gdb 5.0
Copyright 2000 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and
you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "sparc-sun-solaris2.8"...
(gdb) run index.php
Starting program: /usr/local/bin/php index.php
<html><title></title>
<style type="text/css">
.
.
(snip)
.
.
<tr><td><font color=#333366>Gradebook 1.0a © 2002 Josh Huston, All
Rights Reserved</font></td></tr>
</table>
</html>
Program received signal SIGSEGV, Segmentation fault.
0x131d28 in _efree (ptr=0x2c0f80)
at /home/src/php-4.3.3RC1/Zend/zend_alloc.c:259
259 in /home/src/php-4.3.3RC1/Zend/zend_alloc.c
(gdb) where
#0 0x131d28 in _efree (ptr=0x2c0f80)
at /home/src/php-4.3.3RC1/Zend/zend_alloc.c:259
#1 0x91b9c in migrate_global (ht=0x32f1a0, pos=0x1)
at /home/src/php-4.3.3RC1/ext/session/session.c:640
#2 0x91cbc in php_session_save_current_state ()
at /home/src/php-4.3.3RC1/ext/session/session.c:670
#3 0x94828 in php_session_flush ()
at /home/src/php-4.3.3RC1/ext/session/session.c:1593
#4 0x94858 in zm_deactivate_session (type=0, module_number=4)
at /home/src/php-4.3.3RC1/ext/session/session.c:1607
#5 0x145934 in module_registry_cleanup (module=0x2ed858)
at /home/src/php-4.3.3RC1/Zend/zend_API.c:1167
#6 0x147bfc in zend_hash_apply (ht=0x2c2484,
apply_func=0x1458f8 <module_registry_cleanup>)
at /home/src/php-4.3.3RC1/Zend/zend_hash.c:688
#7 0x1426e0 in zend_deactivate_modules ()
at /home/src/php-4.3.3RC1/Zend/zend.c:651
#8 0x112a14 in php_request_shutdown (dummy=0x0)
at /home/src/php-4.3.3RC1/main/main.c:982
#9 0x15e438 in main (argc=2, argv=0xffbff67c)
at /home/src/php-4.3.3RC1/sapi/cli/php_cli.c:874
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=24592&edit=1
