From: [EMAIL PROTECTED]
Operating system: FreeBSD 4.4-Stable
PHP version: 4.1.0
PHP Bug Type: Session related
Bug description: PHP causes segfault when session handler=user
Currently running Apache 1.3.20, but problem also happens with 1.3.22. The
segfaults (also signal 10 - bus errors) were happening inconsistently, but
I think I have been able to get it to crash every time under a certain
condition.
Basically, if I use a user-defined session handler, Apache (with PHP) would
segfault with no core or error message (other than the segfault). I can
duplicate it with the following.
<?php
$PHPDIR = "$DOCUMENT_ROOT/../php";
if ($HTTP_SERVER_VARS["QUERY_STRING"] == "pgsql") {
include ("$PHPDIR/pgsql_session_handler.php");
} else {
include ("$PHPDIR/pg_session_handler.php");
}
session_start();
session_register("onevar");
?>
Here is a backtrace I was (FINALLY!) able to get.
Starting program: /usr/local/apache/intranet/bin/httpd -X
Program received signal SIGSEGV, Segmentation fault.
0x8153105 in _zend_is_inconsistent (ht=0x5a5a5a5a, file=0x81e8ea4
"zend_hash.c", line=975) at zend_hash.c:84
84 if (ht->inconsistent==HT_OK) {
(gdb) bt
#0 0x8153105 in _zend_is_inconsistent (ht=0x5a5a5a5a, file=0x81e8ea4
"zend_hash.c", line=975) at zend_hash.c:84
#1 0x81558a8 in zend_hash_internal_pointer_reset_ex (ht=0x5a5a5a5a,
pos=0xbfbff5a8) at zend_hash.c:975
#2 0x80c475d in php_session_save_current_state () at session.c:544
#3 0x80c6eac in php_session_flush () at session.c:1381
#4 0x80c6ed3 in zm_deactivate_session (type=1, module_number=21) at
session.c:1393
#5 0x8152227 in module_registry_cleanup (module=0x826b600) at
zend_API.c:1165
#6 0x8154d2f in zend_hash_apply (ht=0x8225340, apply_func=0x81521e8
<module_registry_cleanup>) at zend_hash.c:669
#7 0x814eee5 in zend_deactivate_modules () at zend.c:585
#8 0x808dd64 in php_request_shutdown (dummy=0x0) at main.c:723
#9 0x815af85 in apache_php_module_main (r=0x8298034,
display_source_mode=0) at sapi_apache.c:96
#10 0x808b58a in send_php (r=0x8298034, display_source_mode=0,
filename=0x8298b14 "/home/www/intranet/htdocs/test.php")
at mod_php4.c:575
#11 0x808b5de in send_parsed_php (r=0x8298034) at mod_php4.c:590
#12 0x817df4d in ap_invoke_handler (r=0x8298034) at http_config.c:517
#13 0x81925f0 in process_request_internal (r=0x8298034) at
http_request.c:1307
#14 0x819265a in ap_process_request (r=0x8298034) at http_request.c:1323
#15 0x818965b in child_main (child_num_arg=0) at http_main.c:4209
#16 0x8189819 in make_child (s=0x822c034, slot=0, now=1008281129) at
http_main.c:4313
#17 0x8189992 in startup_children (number_to_start=5) at http_main.c:4395
#18 0x8189f9c in standalone_main (argc=2, argv=0xbfbffba8) at
http_main.c:4683
#19 0x818a7b4 in main (argc=2, argv=0xbfbffba8) at http_main.c:5010
(gdb)
I also have received this crash as well. Another backtrace that's slightly
different.
Starting program: /usr/local/apache/intranet/bin/httpd -X
Program received signal SIGSEGV, Segmentation fault.
0x8155a0b in zend_hash_get_current_key_ex (ht=0x8285da4,
str_index=0xbfbff5b4, str_length=0xbfbff5b0, num_index=0xbfbff5ac,
duplicate=0 '\000', pos=0xbfbff5a8) at zend_hash.c:1035
1035 if (p->nKeyLength) {
(gdb) bt
#0 0x8155a0b in zend_hash_get_current_key_ex (ht=0x8285da4,
str_index=0xbfbff5b4, str_length=0xbfbff5b0, num_index=0xbfbff5ac,
duplicate=0 '\000', pos=0xbfbff5a8) at zend_hash.c:1035
#1 0x80c4782 in php_session_save_current_state () at session.c:545
#2 0x80c6eac in php_session_flush () at session.c:1381
#3 0x80c6ed3 in zm_deactivate_session (type=1, module_number=21) at
session.c:1393
#4 0x8152227 in module_registry_cleanup (module=0x826b600) at
zend_API.c:1165
#5 0x8154d2f in zend_hash_apply (ht=0x8225340, apply_func=0x81521e8
<module_registry_cleanup>) at zend_hash.c:669
#6 0x814eee5 in zend_deactivate_modules () at zend.c:585
#7 0x808dd64 in php_request_shutdown (dummy=0x0) at main.c:723
#8 0x815af85 in apache_php_module_main (r=0x8298034,
display_source_mode=0) at sapi_apache.c:96
#9 0x808b58a in send_php (r=0x8298034, display_source_mode=0,
filename=0x8298b14 "/home/www/intranet/htdocs/test.php")
at mod_php4.c:575
#10 0x808b5de in send_parsed_php (r=0x8298034) at mod_php4.c:590
#11 0x817df4d in ap_invoke_handler (r=0x8298034) at http_config.c:517
#12 0x81925f0 in process_request_internal (r=0x8298034) at
http_request.c:1307
#13 0x819265a in ap_process_request (r=0x8298034) at http_request.c:1323
#14 0x818965b in child_main (child_num_arg=0) at http_main.c:4209
#15 0x8189819 in make_child (s=0x822c034, slot=0, now=1008281941) at
http_main.c:4313
#16 0x8189992 in startup_children (number_to_start=5) at http_main.c:4395
#17 0x8189f9c in standalone_main (argc=2, argv=0xbfbffba8) at
http_main.c:4683
#18 0x818a7b4 in main (argc=2, argv=0xbfbffba8) at http_main.c:5010
To duplicate the error, I would first call /test.php, which uses the
session handler code that's available on Zend.com.
Then I would exit the browser and call /test.php?pgsql, which would include
the session handler code from Jon Parise. (Available at
http://www.csh.rit.edu/~jon/projects/pgsql_session_handler/)
The only reason I stumbled on a consistent crash was because I started to
try and use the pgsql session handler code from yohgaki, but was still
having the crashes.
Hope this helps!
--
Edit bug report at: http://bugs.php.net/?id=14497&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
