ID: 11826
Updated by: sniper
Reported By: [EMAIL PROTECTED]
Old Status: Open
Status: Feedback
Bug Type: Reproducible crash
Operating System: WinMe, Linux
PHP Version: 4.0.4
New Comment:
Please try the latest CVS from http://snaps.php.net/
or for Windows: http://www.zend.com/snapshots/
--Jani
Previous Comments:
------------------------------------------------------------------------
[2001-07-09 11:24:37] [EMAIL PROTECTED]
Your test handler doesn't crash PHP for me with the latest CVS version on Linux.
------------------------------------------------------------------------
[2001-07-08 18:32:29] [EMAIL PROTECTED]
I have isolated the bug but did not find the cause. It makes strtok()
crash when attempting to free memory that has been trashed.
It only happens when strtok is called from session on read or on write
handles. I could not find what is wrong in strtok but I suspect there is
inconsistent use of PHP internal global variables (strtok_string) inside
session handle functions. So it seems to be a serious PHP bug that may
also crash scripts that use strtok or other functions from inside session
handle functions that use PHP internal global variables
Metabase is no longer affected by this PHP bug because I have banned all
the uses of strtok function. A new version of Metabase was uploaded to
http://phpclasses.UpperDesign.com/browse.html/package/20 . If you use
Metabase for session handling your are strongly encouraged to download this
version.
For reproducing the PHP strtok bug without Metabase, try the script below.
<?php
function on_session_start ($save_path, $session_name)
{
return true;
}
function on_session_end()
{
return true;
}
function on_session_read ($key)
{
return true;
}
function on_session_write ($key, $val)
{
$query="SELECT * FROM sessions";
$select=(strtolower(strtok($query," "))=="select");
return true;
}
function on_session_destroy ($key)
{
return true;
}
function on_session_gc ($max_lifetime)
{
return true;
}
// Set the save handlers
session_set_save_handler("on_session_start", "on_session_end",
"on_session_read",
"on_session_write",
"on_session_destroy",
"on_session_gc");
session_start();
// Register the $counter variable as part of the sesssion
session_register('counter');
$counter = 1;
echo 'Session test started';
?>
------------------------------------------------------------------------
[2001-07-07 19:59:23] [EMAIL PROTECTED]
Most likely, none of the developers are actually USING
Metabase, so this bug is simply getting glossed over.
Perhaps a reproducible test case that does not require
usage or knowledge of Metabase would help...
IE, while we really appreciate all the work you have
gone through to document this bug, and make these scripts
available, until we can see the bug OUTSIDE of the Metabase
package, it probably won't get a lot of attention.
------------------------------------------------------------------------
[2001-07-07 12:46:49]
It's interesting that in the last week this bug report has not gotten a single reply.
It is an easily reproducable bug that Manuel Lemos (author of the Metabase database
abstraction layer) believes is a problem with PHP. He has assured me that the problem
is not with Metabase so, accordingly:
There must be a bug with custom session handlers called
using
session_set_save_handler
("on_session_start", "on_session_end",
"on_session_read", "on_session_write",
"on_session_destroy", "on_session_gc");
that is making it crash when Metabase calls are used in the start/end/read/write etc.
functions.
As Metabase is one of the best solutions out there for database abstraction with PHP
(are there any others that allow database schema in XML and the range of type
conversion options, etc? Or are as well documented?) I believe that this bug at least
deserves a reply from the developer community. (Even if it is along the lines of: 'We
don't care, fix it yourself' just so I know!)
I have included a link to all code necessary to reproduce the crash in my original bug
report and I've streamlined the code so that only logic necessary for the bug to be
seen is present.
------------------------------------------------------------------------
[2001-07-01 16:39:14] [EMAIL PROTECTED]
I have included in the downloadable file a full installation of Metabase and also a
session handler that uses plain old MySQL calls to save the session information (this
does *not* crash the server and is there to help with your testing -- it is called
mysql_sessions.php and can be tested just by including it in the nabsession_test.php
and nabsession_test2.php scripts in the place of metabase_sessions.php.)
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/?id=11826
ATTENTION! Do NOT reply to this email!
To reply, use the web interface found at http://bugs.php.net/?id=11826&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
