From: [EMAIL PROTECTED]
Operating system: Redhat 7.1/Windows ME
PHP version: 4.1.1
PHP Bug Type: Reproducible crash
Bug description: Signal 11/access violation w/user registered session handler
PHP crashes reliably under windows ME and semi-reliably under Linux when
using user-registered session-handling w/mysql, or at least using *my*
session-handling code. The problem begins if there are no session
variables defined; that is the session_read function returns an empty
string. As far as I can tell, in this case the $_SESSION array is created
in some strange state and the session_write function is never called.
Under Windows ME, the CGI process dies with an access violation near the
end of processing; the page is 1/2 displayed. Under Linux, the apache/php
process segfaults around 25% of the time. This behavior did not occur
using php.4.0.6 and earlier.
There is some interaction with register_globals. If I turned
register_globals on, the frequency of the crash under linux was halved,
but php under windows continued to crash reliably. I was unable to find
any pattern under linux.
The work-around is to never return '' from the session_read function.
After making this change, the crashes under Windows and Linux stopped and
joy was returned to my world.
It is, of course, possible that I am misusing the session-handling
feature. If this is the case, please let me know and accept my apologies
for what becomes a semi-bogus bug report.
Note that the script consisting of the session registration code included
below and "phpinfo()" provoked the crash.
============
Configuration information: Windows
- Windows ME
- apache 1.3.20 binary release
- PHP 4.1.1 full binary release, configured as CGI
============
Configuration information: Linux.
- Redhat 7.1, updated.
- Apache 1.3.22 (also tried with 1.3.19)
- PHP 4.1.1, compiled as module (also tried 4.1.0)
============
php configure script:
./configure \
--with-mysql=/usr \
--enable-sysvsem \
--enable-sysvshm \
--enable-debugger \
--enable-force-cgi-redirect \
--disable-short-tags \
--prefix=/home/php \
--with-config-file-path=/home/php \
--with-exec-dir=/home/php/bin \
--enable-discard-path \
--with-oci8=/home/oracle/app/oracle/product/8.0.5 \
--with-apache=/usr/src/local/apache_1.3.22 \
--with-ldap
============
apache configure script:
./configure --prefix=/usr \
--with-layout=RedHat \
--enable-module=all \
--enable-shared=max \
--disable-rule=WANTHSREGEX \
--disable-module=auth_dbm \
--enable-suexec \
--suexec-caller=web \
--suexec-docroot=/home/httpd/html \
--suexec-logfile=/var/log/httpd/suexec.log \
--suexec-userdir=public_web \
--suexec-uidmin=500 \
--suexec-gidmin=100 \
--suexec-safepath=/usr/local/bin:/usr/bin:/bin \
--activate-module=src/modules/php4/libphp4.a \
--activate-module=src/modules/auth_mysql/libauth_mysql.a
============
My session-handling code:
include_once "open_db.php";
function mySession_open ($save_path, $session_name) {
if (isset ($_COOKIE['AUPcatalog'])) {
session_id($_COOKIE['AUPcatalog']);
}
return true;
}
function mySession_close() {
return true;
}
function mySession_read ($key) {
$sess = mysql_query ("select ps_vars from phpsessions where ps_sessionid
= '$key'") or die (mysql_error());
$v = mysql_fetch_array ($sess, MYSQL_ASSOC);
if (!isset ($v['ps_vars']) || $v['ps_vars'] == '')
return "F1F2F3|i:1;"; // must return something, apparently!
return $v['ps_vars'];
}
function mySession_write ($key, $val) {
mysql_query ("update phpsessions set ps_vars='$val',
ps_lasttouched=UNIX_TIMESTAMP() where ps_sessionid = '$key'") or die
(mysql_error());
if (mysql_affected_rows() == 0) {
mysql_query ("insert phpsessions set ps_vars='$val',
ps_lasttouched=UNIX_TIMESTAMP(), ps_sessionid = '$key'");
}
return true;
}
function mySession_destroy ($key) {
mysql_query ("delete from mycourses where mc_sessionid = '$key'");
mysql_query ("delete from phpsessions where ps_sessionid = '$key'");
return true;
}
function mySession_gc ($maxlifetime) {
$sessions = mysql_query ("select ps_sessionid from phpsessions where
ps_lasttouched < UNIX_TIMESTAMP() - $maxlifetime") or die
(mysql_error());
while ($sess = mysql_fetch_array($sessions, MYSQL_ASSOC)) {
if ($sess['ps_sessionid'] == session_id()) {
continue;
}
mySession_destroy ($sess['ps_sessionid']);
}
return true;
}
session_module_name ("user");
session_set_save_handler ("mySession_open", "mySession_close",
"mySession_read", "mySession_write", "mySession_destroy",
"mySession_gc");
session_name ("AUPcatalog");
session_start();
============
--
Edit bug report at: http://bugs.php.net/?id=15044&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
