From: dexter at debian dot org
Operating system: Debian
PHP version: 5CVS-2005-06-30 (dev)
PHP Bug Type: Reproducible crash
Bug description: crash if safe_mode is on and session.save_path is changed
Description:
------------
apache2
safe_mode = On
<Directory /www>
php_admin_value session.save_path '/www/tmp'
</Directory>
Reproduce code:
---------------
<? print "hello"; ?>
Expected result:
----------------
hello
Actual result:
--------------
500 Server closed connection without sending any data
back500 Server closed connection without sending any data
back
(gdb) bt
#0 php_apache_sapi_get_stat ()
at /tmp/php5/php5-5.0.4/sapi/apache2handler/sapi_apache2.c:175
#1 0x40a93ba6 in sapi_get_stat ()
at /tmp/php5/php5-5.0.4/main/SAPI.c:857
#2 0x40a54b0b in php_statpage ()
at /tmp/php5/php5-5.0.4/ext/standard/pageinfo.c:68
#3 0x40a54b6b in php_getuid ()
at /tmp/php5/php5-5.0.4/ext/standard/pageinfo.c:94
#4 0x40a9098f in php_checkuid_ex (
filename=0x86af3e4
"/rdfs/webdata/vhosts/www.opendoors.no/tmp",
fopen_mode=0x0, mode=3,
flags=0) at /tmp/php5/php5-5.0.4/main/safe_mode.c:152
#5 0x40a90c55 in php_checkuid (filename=0x86af3e4
"/rdfs/webdata/vhosts/www.opendoors.no/tmp",
fopen_mode=0x0, mode=3)
at /tmp/php5/php5-5.0.4/main/safe_mode.c:193
#6 0x40a12b64 in OnUpdateSaveDir (entry=0x867ec20,
new_value=0x86af3e4
"/rdfs/webdata/vhosts/www.opendoors.no/tmp",
new_value_length=41,
mh_arg1=0x0, mh_arg2=0x40b309e0, mh_arg3=0x0,
stage=16)
at /tmp/php5/php5-5.0.4/ext/session/session.c:137
#7 0x40acf94d in zend_alter_ini_entry (name=0x838a150
"session.save_path", name_length=18,
new_value=0x82ba778
"/rdfs/webdata/vhosts/www.opendoors.no/tmp",
new_value_length=41,
modify_type=4, stage=16)
at /tmp/php5/php5-5.0.4/Zend/zend_ini.c:233
#8 0x40aed48d in apply_config (dummy=0x82ba518)
at /tmp/php5/php5-5.0.4/sapi/apache2handler/apache_config.c:169
#9 0x40aec962 in php_handler (r=0x86a9368)
at /tmp/php5/php5-5.0.4/sapi/apache2handler/sapi_apache2.c:465
#10 0x080783a5 in ap_run_handler ()
#11 0x080789b0 in ap_invoke_handler ()
#12 0x08069c9a in ap_process_request ()
#13 0x0806512d in _start ()
#14 0x086a9368 in ?? ()
#15 0x00000004 in ?? ()
#16 0x086a9368 in ?? ()
#17 0x4085bd80 in modperl_process_connection_handler ()
from /usr/lib/apache2/modules/mod_perl.so
#18 0x080835f5 in ap_run_process_connection ()
#19 0x080769a4 in ap_graceful_stop_signalled ()
--
Edit bug report at http://bugs.php.net/?id=33520&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=33520&r=trysnapshot4
Try a CVS snapshot (php5.0):
http://bugs.php.net/fix.php?id=33520&r=trysnapshot50
Try a CVS snapshot (php5.1):
http://bugs.php.net/fix.php?id=33520&r=trysnapshot51
Fixed in CVS: http://bugs.php.net/fix.php?id=33520&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=33520&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=33520&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=33520&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=33520&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=33520&r=support
Expected behavior: http://bugs.php.net/fix.php?id=33520&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=33520&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=33520&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=33520&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=33520&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=33520&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=33520&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=33520&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=33520&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=33520&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=33520&r=mysqlcfg
