ID: 10447
Updated by: torben
Old-Status: Closed
Status: Analyzed
Bug Type: CCVS related
PHP Version: 4.0 Latest CVS (22/04/2001)
Assigned To: 

No, he didn't. :) The problem itself is that session IDs
are completely exposed (i.e. not resource- or list-based)
and there is no error-checking in the module. The check
that was added didn't help; the same code still segfaults
and all of the other affected functions are still affected.

Previous Comments:

[2001-04-22 20:21:19] [EMAIL PROTECTED]
Sterling fixed this in CVS.

- James


[2001-04-22 20:17:11] [EMAIL PROTECTED]
I have duplicated this issue on my end and I am looking into it.

Fix imminent.


[2001-04-22 19:37:22] [EMAIL PROTECTED]
The ccvs functions segfault when given an invalid session ID.

This works fine:
$session = ccvs_init('ccvs');
echo "Adding an invoice to the session:n";
if (!ccvs_new($session, 'foo') === 'OK') {
    echo "Could not create invoice; reason: " . ccvs_textvalue($session) . "n";

This segfaults:
$session = ccvs_init('ccvs');
echo "Adding an invoice to the session:n";
if (!ccvs_new($sess, 'foo') === 'OK') {
    echo "Could not create invoice; reason: " . ccvs_textvalue($session) . "n";

shanna% gdb php
GNU gdb 19991116
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i586-mandrake-linux"...
(gdb) run ./ccvstest
Starting program: /usr/local/bin/php ./ccvstest
X-Powered-By: PHP/4.0.6-dev
Content-type: text/html

Trying a presumably invalid configuration: 
Returned: ''; Return type: string

Trying a presumably valid configuration:
Adding an invoice to the session:
Looking up the new invoice:
PHP Warning:  Undefined variable:  sssion in ./ccvstest on line 17
<b>Warning</b>:  Undefined variable:  sssion in <b>./ccvstest</b> on line 
./ccvstest(17) : Warning - Undefined variable:  sssion

Program received signal SIGSEGV, Segmentation fault.
0x4024b791 in strlen () from /lib/
(gdb) bt
#0  0x4024b791 in strlen () from /lib/
#1  0x8071a0d in php_if_ccvs_lookup (ht=3, return_value=0x831164c, this_ptr=0x0, 
return_value_used=1) at ccvs.c:486
#2  0x8171cba in execute (op_array=0x82f5a3c) at ./zend_execute.c:1494
#3  0x8138084 in zend_execute_scripts (type=8, file_count=3) at zend.c:743
#4  0x806a27f in php_execute_script (primary_file=0xbffff924) at main.c:1196
#5  0x806825c in main (argc=2, argv=0xbffff9b4) at cgi_main.c:735


ATTENTION! Do NOT reply to this email!
To reply, use the web interface found at

PHP Development Mailing List <>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to