[PHP-DEV] Bug #13524 Updated: session_unset() with no registered vars causes segfault w/save_handler=user

[christopher . k . hall]

ID: 13524
User updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Open
Bug Type: Session related
Operating System: linux 2.2.19 redhat
PHP Version: 4.0.5
New Comment:

sorry, i meant to add, you will want to load testsessions.php in your browser first.

Previous Comments:
------------------------------------------------------------------------

[2001-10-04 11:21:30] [EMAIL PROTECTED]

sorry, i meant to add, you will want to load testsessions.php in your browser first.

------------------------------------------------------------------------

[2001-10-04 11:18:56] [EMAIL PROTECTED]

unfortunately i cannot as i do not have control over install of php in my company.

however, as a side note, i switched from using user defined session handling to mm 
which was already compiled into php on our server.  i changed session.save_handler = 
mm, restarted apache,  removed the calls to session_set_save_handler() from the code, 
and when i tried the scripts (just removed all code that was no longer necessary) 
below, i got another segfault.

here's the configuration we have for php (i didn't include this last time, sorry)

--cache-file=/dev/null
--with-config-file-path=/usr/local/apache/conf 
--with-apxs=/usr/local/apache/bin/apxs
--enable-trans-sid
--with-imap
--enable-ftp
--enable-track-vars
--with-mysql=/usr/local/mysql
--enable-libgcc
--disable-debug
--with-db
--verbose
--with-gdbm
--with-ndbm
--with-db2
--with-gd=shared
--with-dom
--with-ttf
--with-xml
--with-zlib
--with-mhash
--prefix=/usr/local/php
--with-regex=system
--enable-memory-limit
--enable-calendar
--enable-sysvsem
--enable-sysvshm
--with-bz2
--with-gettext
--with-jpeg-dir=/usr
--with-xpm-dir=/usr/X11R6
--with-ldap
--with-mcal=/usr/local/src/libmcal
--with-mm=/usr/local/mm
--enable-exif
--with-pcre-regex=/usr/local/lib
--with-sablot=/usr
--with-expat=/usr
--without-pgsql
--enable-yp
--enable-shmop
--with-snmp
--enable-sockets
--enable-dba
--with-kerberos=/usr/kerberos
--with-imap-ssl
--with-pspell=/usr

here's the gdb/bt:

(gdb) run -X -f /usr/local/apache/conf/httpd.conf
Starting program: /usr/local/apache/bin/httpd -X - f /usr/local/apache/conf/httpd.conf

Program received signal SIGSEGV, Segmentation fault.
0x40380ed9 in php_if_session_unset (ht=0, return_value=0x80bf37c, this_ptr=0x0,
    return_value_used=0) at session.c:1402
1402            zend_hash_clean(Z_ARRVAL_P(PS(http_session_vars)));
(gdb) bt
#0  0x40380ed9 in php_if_session_unset (ht=0, return_value=0x80bf37c,
    this_ptr=0x0, return_value_used=0) at session.c:1402
#1  0x409ddf84 in zend_reverse_table ()
   from /usr/local/apache/libexec/ZendOptimizer.so
#2  0x409e901d in zend_oe () from /usr/local/apache/libexec/ZendOptimizer.so
#3  0x40332785 in zend_execute_scripts (type=8, file_count=3) at zend.c:743
#4  0x40343cc7 in php_execute_script (primary_file=0xbffff780) at main.c:1209
#5  0x403405c2 in apache_php_module_main (r=0x8150fac, display_source_mode=0)
    at sapi_apache.c:89
#6  0x40340f1d in send_php (r=0x8150fac, display_source_mode=0, filename=0x0)
    at mod_php4.c:521
#7  0x40340f52 in send_parsed_php (r=0x8150fac) at mod_php4.c:532
#8  0x805443f in ap_invoke_handler ()
#9  0x80681d3 in process_request_internal ()
#10 0x8068234 in ap_process_request ()
#11 0x805f6d5 in child_main ()
#12 0x805f880 in make_child ()
#13 0x805f9f4 in startup_children ()
#14 0x8060043 in standalone_main ()
#15 0x806085f in main ()
#16 0x40149b5c in __libc_start_main (main=0x80604c8 <main>, argc=4,
    ubp_av=0xbffffa34, init=0x804ea70 <_init>, fini=0x80954ac <_fini>,
    rtld_fini=0x4000d634 <_dl_fini>, stack_end=0xbffffa2c)
    at ../sysdeps/generic/libc-start.c:129

here's the code i used to test it:

----start testsessions.php----

<?php

// testsessions.php

error_reporting(E_ALL);

session_start();

if(session_is_registered("someval")) {
        echo "someval=".$someval."<br>\n";
} else {
        // if you comment session_unset(), it works fine.
        session_unset();
        session_destroy();
        
        echo "someval not registered<br>\n";
        echo "<a href=\"testsessions2.php\">go here to register someval</a>\n";

}

?>

----end testsessions.php----

----start testsessions2.php----

<?php

// testsessions2.php

error_reporting(E_ALL);

session_start();

$someval = 3;
session_register("someval");

echo "someval now registered as ".$someval."<br>\n";
echo "<a href=\"testsessions.php\">go here to see</a>\n";

?>

----end testsessions2.php----

looks like the same bug to me...


------------------------------------------------------------------------

[2001-10-03 05:35:15] [EMAIL PROTECTED]

Reopening. PHP should never segfault.

Tried to reproduce with current CVS, but that didn't work.

Can you please try to reproduce it with a snapshot from http://snaps.php.net?

------------------------------------------------------------------------

[2001-10-02 20:31:48] [EMAIL PROTECTED]

added the NECESSARY returns on all the handler functions and now it appears to work 
fine.

sorry for the inconvenience...

------------------------------------------------------------------------

[2001-10-02 20:09:55] [EMAIL PROTECTED]

Your  write, destroy and gc functions need to return true on success.  Shouldn't cause 
a segfault of course, but try fixing that and also try a recent version of PHP.

------------------------------------------------------------------------

The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
    http://bugs.php.net/?id=13524


Edit this bug report at http://bugs.php.net/?id=13524&edit=1


-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]