datetime.c

marrtins at hackres dot lv Tue, 07 Oct 2003 11:58:57 -0700

From:             marrtins at hackres dot lv
Operating system: w2k sp4
PHP version:      4.3.3
PHP Bug Type:     Reproducible crash
Bug description:  Apache crash in ext/standard/datetime.c


Description:
------------
I got a Apache(Server version: Apache/1.3.27 (Win32) / Server built: Oct 
6 2003 13:10:44) crash when use my own session handling functions and
session gets created first time.

Application popup: Apache.exe - Application Error : The instruction at
"0x1004d6ba" referenced memory at "0x00000000". The memory could not be
"read".

Click on OK to terminate the program
Click on CANCEL to debug the program 


Reproduce code:
---------------
1. class.SessionHandler.php
------------------------
<?
...
  function sess_read($sess_id) {
    global $db;

    $sess = $this->get_sess($sess_id);
    if(!count($sess))
      return ""; // <- crash when returning *anything*
...
?>

2. inc.session.php
---------------
<?
ini_set('session.save_handler', 'user');
ini_set('session.use_cookies', true);
ini_set('session.name', 'sid');
ini_set('session.gc_maxlifetime', time() + 31536000); // 1 year
ini_set('session.cookie_lifetime', time() + 31536000); // 1 year
ini_set('session.serialize_handler', 'php');
ini_set('session.gc_probability', 1);

$sess_handler = new SessionHandler();
session_set_save_handler(
  array(&$sess_handler, "sess_open"), 
  array(&$sess_handler, "sess_close"),
  array(&$sess_handler, "sess_read"),
  array(&$sess_handler, "sess_write"),
  array(&$sess_handler, "sess_destroy"),
  array(&$sess_handler, "sess_gc")
);

session_start();
?>

3. ext/standard/dattime.c
for some reasons 'php_gmtime_r' returns NULL
----------------------
...
tm1 = php_gmtime_r(&t, &tmbuf);
...
  } else if(tm1) {
    snprintf(str, 80, "%s, %02d-%s-%02d %02d:%02d:%02d GMT",
        day_short_names[tm1->tm_wday],
        tm1->tm_mday,
        mon_short_names[tm1->tm_mon],
        ((tm1->tm_year)%100),
        tm1->tm_hour, tm1->tm_min, tm1->tm_sec);
  }

cahnge to:
...
  } else if(tm1) {
...

---------------
Now works fine.



-- 
Edit bug report at http://bugs.php.net/?id=25780&edit=1
-- 
Try a CVS snapshot (php4):  http://bugs.php.net/fix.php?id=25780&r=trysnapshot4
Try a CVS snapshot (php5):  http://bugs.php.net/fix.php?id=25780&r=trysnapshot5
Fixed in CVS:               http://bugs.php.net/fix.php?id=25780&r=fixedcvs
Fixed in release:           http://bugs.php.net/fix.php?id=25780&r=alreadyfixed
Need backtrace:             http://bugs.php.net/fix.php?id=25780&r=needtrace
Try newer version:          http://bugs.php.net/fix.php?id=25780&r=oldversion
Not developer issue:        http://bugs.php.net/fix.php?id=25780&r=support
Expected behavior:          http://bugs.php.net/fix.php?id=25780&r=notwrong
Not enough info:            http://bugs.php.net/fix.php?id=25780&r=notenoughinfo
Submitted twice:            http://bugs.php.net/fix.php?id=25780&r=submittedtwice
register_globals:           http://bugs.php.net/fix.php?id=25780&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=25780&r=php3
Daylight Savings:           http://bugs.php.net/fix.php?id=25780&r=dst
IIS Stability:              http://bugs.php.net/fix.php?id=25780&r=isapi
Install GNU Sed:            http://bugs.php.net/fix.php?id=25780&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=25780&r=float

#25780 [NEW]: Apache crash in ext/standard/datetime.c

Reply via email to