ID: 13524
User updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Open
Bug Type: Session related
Operating System: linux 2.2.19 redhat
PHP Version: 4.0.5
New Comment:
unfortunately i cannot as i do not have control over install of php in my company.
however, as a side note, i switched from using user defined session handling to mm
which was already compiled into php on our server. i changed session.save_handler =
mm, restarted apache, removed the calls to session_set_save_handler() from the code,
and when i tried the scripts (just removed all code that was no longer necessary)
below, i got another segfault.
here's the configuration we have for php (i didn't include this last time, sorry)
--cache-file=/dev/null
--with-config-file-path=/usr/local/apache/conf
--with-apxs=/usr/local/apache/bin/apxs
--enable-trans-sid
--with-imap
--enable-ftp
--enable-track-vars
--with-mysql=/usr/local/mysql
--enable-libgcc
--disable-debug
--with-db
--verbose
--with-gdbm
--with-ndbm
--with-db2
--with-gd=shared
--with-dom
--with-ttf
--with-xml
--with-zlib
--with-mhash
--prefix=/usr/local/php
--with-regex=system
--enable-memory-limit
--enable-calendar
--enable-sysvsem
--enable-sysvshm
--with-bz2
--with-gettext
--with-jpeg-dir=/usr
--with-xpm-dir=/usr/X11R6
--with-ldap
--with-mcal=/usr/local/src/libmcal
--with-mm=/usr/local/mm
--enable-exif
--with-pcre-regex=/usr/local/lib
--with-sablot=/usr
--with-expat=/usr
--without-pgsql
--enable-yp
--enable-shmop
--with-snmp
--enable-sockets
--enable-dba
--with-kerberos=/usr/kerberos
--with-imap-ssl
--with-pspell=/usr
here's the gdb/bt:
(gdb) run -X -f /usr/local/apache/conf/httpd.conf
Starting program: /usr/local/apache/bin/httpd -X - f /usr/local/apache/conf/httpd.conf
Program received signal SIGSEGV, Segmentation fault.
0x40380ed9 in php_if_session_unset (ht=0, return_value=0x80bf37c, this_ptr=0x0,
return_value_used=0) at session.c:1402
1402 zend_hash_clean(Z_ARRVAL_P(PS(http_session_vars)));
(gdb) bt
#0 0x40380ed9 in php_if_session_unset (ht=0, return_value=0x80bf37c,
this_ptr=0x0, return_value_used=0) at session.c:1402
#1 0x409ddf84 in zend_reverse_table ()
from /usr/local/apache/libexec/ZendOptimizer.so
#2 0x409e901d in zend_oe () from /usr/local/apache/libexec/ZendOptimizer.so
#3 0x40332785 in zend_execute_scripts (type=8, file_count=3) at zend.c:743
#4 0x40343cc7 in php_execute_script (primary_file=0xbffff780) at main.c:1209
#5 0x403405c2 in apache_php_module_main (r=0x8150fac, display_source_mode=0)
at sapi_apache.c:89
#6 0x40340f1d in send_php (r=0x8150fac, display_source_mode=0, filename=0x0)
at mod_php4.c:521
#7 0x40340f52 in send_parsed_php (r=0x8150fac) at mod_php4.c:532
#8 0x805443f in ap_invoke_handler ()
#9 0x80681d3 in process_request_internal ()
#10 0x8068234 in ap_process_request ()
#11 0x805f6d5 in child_main ()
#12 0x805f880 in make_child ()
#13 0x805f9f4 in startup_children ()
#14 0x8060043 in standalone_main ()
#15 0x806085f in main ()
#16 0x40149b5c in __libc_start_main (main=0x80604c8 <main>, argc=4,
ubp_av=0xbffffa34, init=0x804ea70 <_init>, fini=0x80954ac <_fini>,
rtld_fini=0x4000d634 <_dl_fini>, stack_end=0xbffffa2c)
at ../sysdeps/generic/libc-start.c:129
here's the code i used to test it:
----start testsessions.php----
<?php
// testsessions.php
error_reporting(E_ALL);
session_start();
if(session_is_registered("someval")) {
echo "someval=".$someval."<br>\n";
} else {
// if you comment session_unset(), it works fine.
session_unset();
session_destroy();
echo "someval not registered<br>\n";
echo "<a href=\"testsessions2.php\">go here to register someval</a>\n";
}
?>
----end testsessions.php----
----start testsessions2.php----
<?php
// testsessions2.php
error_reporting(E_ALL);
session_start();
$someval = 3;
session_register("someval");
echo "someval now registered as ".$someval."<br>\n";
echo "<a href=\"testsessions.php\">go here to see</a>\n";
?>
----end testsessions2.php----
looks like the same bug to me...
Previous Comments:
------------------------------------------------------------------------
[2001-10-03 05:35:15] [EMAIL PROTECTED]
Reopening. PHP should never segfault.
Tried to reproduce with current CVS, but that didn't work.
Can you please try to reproduce it with a snapshot from http://snaps.php.net?
------------------------------------------------------------------------
[2001-10-02 20:31:48] [EMAIL PROTECTED]
added the NECESSARY returns on all the handler functions and now it appears to work
fine.
sorry for the inconvenience...
------------------------------------------------------------------------
[2001-10-02 20:09:55] [EMAIL PROTECTED]
Your write, destroy and gc functions need to return true on success. Shouldn't cause
a segfault of course, but try fixing that and also try a recent version of PHP.
------------------------------------------------------------------------
[2001-10-02 20:05:06] [EMAIL PROTECTED]
when using session_unset() with no registered vars in the session, i get an apache
segfault. i only experience this when using my own session handlers
(sessions.save_handler = user in php.ini). when using files, i don't get segfault.
here are scripts i used to cause this error:
---sessions.lib-------
<?php
// $Id$
/*
* session table schema
*
* create table SOLR_SESSIONS (
* session_id char(32) not null,
* session_data text not null,
* session_expiration int(11) unsigned not null,
* primary key (session_id));
*
*/
// PEAR db abstraction
require_once("DB.php");
function on_session_start($save_path, $session_name) {
global $dbh;
return TRUE;
// does nothing since we already have a db connection
}
function on_session_end() {
global $dbh;
return TRUE;
// does nothing
}
function on_session_read($key) {
global $dbh;
$sql = "SELECT session_data FROM SOLR_SESSIONS WHERE session_id = '$key' and
session_expiration > UNIX_TIMESTAMP(NOW())";
$result = $dbh->query($sql);
if(DB::isError($result)) {
return "";
}
$row = $result->fetchRow(DB_FETCHMODE_ASSOC);
return $row["session_data"];
}
function on_session_write($key, $val) {
global $dbh;
$insert_sql = "INSERT INTO SOLR_SESSIONS values ('$key', '$val',
UNIX_TIMESTAMP()+3600)";
$update_sql = "UPDATE SOLR_SESSIONS SET session_data = '$val',
session_expiration = UNIX_TIMESTAMP()+3600, WHERE session_id = '$key'";
if(DB::isError($dbh->query($insert_sql))) {
$dbh->query($update_sql);
}
}
function on_session_destroy($key) {
global $dbh;
$sql = "DELETE FROM SOLR_SESSIONS WHERE session_id = '$key'";
$dbh->query($sql);
}
function on_session_gc($max_lifetime) {
global $dbh;
$sql = "DELETE FROM SOLR_SESSIONS WHERE session_expiration <
UNIX_TIMESTAMP(NOW())";
$dbh->query($sql);
}
?>
---testsessions.php-------
<?php
// testsessions.php
/*
* session table schema
*
* create table SOLR_SESSIONS (
* session_id char(32) not null,
* session_data text not null,
* session_expiration int(11) unsigned not null,
* primary key (session_id));
*
*/
error_reporting(E_ALL);
require_once("DB.php");
require_once("libs/sessions.lib");
session_set_save_handler("on_session_start", "on_session_end",
"on_session_read", "on_session_write",
"on_session_destroy",
"on_session_gc");
$dbh = DB::connect("mysql://solr:ziggurat-keep@localhost/SOLR");
if(DB::isError($dbh)) {
die($dbh->get_error());
}
session_start();
if(session_is_registered("someval")) {
echo "someval=".$someval."<br>\n";
} else {
// if you comment session_unset(), it works fine.
session_unset();
session_destroy();
//header("Location: testsessions2.php");
echo "someval not registered<br>\n";
echo "<a href=\"testsessions2.php\">go here to register someval</a>\n";
}
?>
---testsessions2.php-------
<?php
// testsessions2.php
error_reporting(E_ALL);
require_once("DB.php");
require_once("libs/sessions.lib");
session_set_save_handler("on_session_start", "on_session_end",
"on_session_read", "on_session_write",
"on_session_destroy",
"on_session_gc");
$dbh = DB::connect("mysql://solr:ziggurat-keep@localhost/SOLR");
if(DB::isError($dbh)) {
die($dbh->get_error());
}
session_start();
$someval = 1;
session_register("someval");
echo "someval now registered as ".$someval."<br>\n";
echo "<a href=\"testsessions.php\">go here to see</a>\n";
?>
here is the backtrace:
(gdb) run -X -f /usr/local/apache/conf/httpd.conf
Starting program: /usr/local/apache/bin/httpd -X -f /usr/local/apache/conf/httpd.c
onf
Program received signal SIGSEGV, Segmentation fault.
0x40380ed9 in php_if_session_unset (ht=0, return_value=0x81e8554, this_ptr=0x0,
return_value_used=0) at session.c:1402
1402 zend_hash_clean(Z_ARRVAL_P(PS(http_session_vars)));
(gdb) bt
#0 0x40380ed9 in php_if_session_unset (ht=0, return_value=0x81e8554,
this_ptr=0x0, return_value_used=0) at session.c:1402
#1 0x409ddf84 in zend_reverse_table ()
from /usr/local/apache/libexec/ZendOptimizer.so
#2 0x409e901d in zend_oe () from /usr/local/apache/libexec/ZendOptimizer.so
#3 0x40332785 in zend_execute_scripts (type=8, file_count=3) at zend.c:743
#4 0x40343cc7 in php_execute_script (primary_file=0xbffff790) at main.c:1209
#5 0x403405c2 in apache_php_module_main (r=0x8150b5c, display_source_mode=0)
at sapi_apache.c:89
#6 0x40340f1d in send_php (r=0x8150b5c, display_source_mode=0, filename=0x0)
at mod_php4.c:521
#7 0x40340f52 in send_parsed_php (r=0x8150b5c) at mod_php4.c:532
#8 0x805443f in ap_invoke_handler ()
#9 0x80681d3 in process_request_internal ()
#10 0x8068234 in ap_process_request ()
#11 0x805f6d5 in child_main ()
#12 0x805f880 in make_child ()
#13 0x805f9f4 in startup_children ()
#14 0x8060043 in standalone_main ()
#15 0x806085f in main ()
#16 0x40149b5c in __libc_start_main (main=0x80604c8 <main>, argc=4,
ubp_av=0xbffffa44, init=0x804ea70 <_init>, fini=0x80954ac <_fini>,
rtld_fini=0x4000d634 <_dl_fini>, stack_end=0xbffffa3c)
at ../sysdeps/generic/libc-start.c:129
(gdb)
hope this helps
------------------------------------------------------------------------
Edit this bug report at http://bugs.php.net/?id=13524&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
