[PHP-DEV] Bug #11826 Updated: Custom sessions handler using Metabase calls crashes Apache
ID: 11826 Updated by: rasmus Reported By: [EMAIL PROTECTED] Status: Open Bug Type: Reproducible crash Operating System: WinMe, Linux PHP Version: 4.0.4 New Comment: Your test handler doesn't crash PHP for me with the latest CVS version on Linux. Previous Comments: [2001-07-08 18:32:29] [EMAIL PROTECTED] I have isolated the bug but did not find the cause. It makes strtok() crash when attempting to free memory that has been trashed. It only happens when strtok is called from session on read or on write handles. I could not find what is wrong in strtok but I suspect there is inconsistent use of PHP internal global variables (strtok_string) inside session handle functions. So it seems to be a serious PHP bug that may also crash scripts that use strtok or other functions from inside session handle functions that use PHP internal global variables Metabase is no longer affected by this PHP bug because I have banned all the uses of strtok function. A new version of Metabase was uploaded to http://phpclasses.UpperDesign.com/browse.html/package/20 . If you use Metabase for session handling your are strongly encouraged to download this version. For reproducing the PHP strtok bug without Metabase, try the script below. ?php function on_session_start ($save_path, $session_name) { return true; } function on_session_end() { return true; } function on_session_read ($key) { return true; } function on_session_write ($key, $val) { $query=SELECT * FROM sessions; $select=(strtolower(strtok($query, ))==select); return true; } function on_session_destroy ($key) { return true; } function on_session_gc ($max_lifetime) { return true; } // Set the save handlers session_set_save_handler(on_session_start, on_session_end, on_session_read, on_session_write, on_session_destroy, on_session_gc); session_start(); // Register the $counter variable as part of the sesssion session_register('counter'); $counter = 1; echo 'Session test started'; ? [2001-07-07 19:59:23] [EMAIL PROTECTED] Most likely, none of the developers are actually USING Metabase, so this bug is simply getting glossed over. Perhaps a reproducible test case that does not require usage or knowledge of Metabase would help... IE, while we really appreciate all the work you have gone through to document this bug, and make these scripts available, until we can see the bug OUTSIDE of the Metabase package, it probably won't get a lot of attention. [2001-07-07 12:46:49] It's interesting that in the last week this bug report has not gotten a single reply. It is an easily reproducable bug that Manuel Lemos (author of the Metabase database abstraction layer) believes is a problem with PHP. He has assured me that the problem is not with Metabase so, accordingly: There must be a bug with custom session handlers called using session_set_save_handler (on_session_start, on_session_end, on_session_read, on_session_write, on_session_destroy, on_session_gc); that is making it crash when Metabase calls are used in the start/end/read/write etc. functions. As Metabase is one of the best solutions out there for database abstraction with PHP (are there any others that allow database schema in XML and the range of type conversion options, etc? Or are as well documented?) I believe that this bug at least deserves a reply from the developer community. (Even if it is along the lines of: 'We don't care, fix it yourself' just so I know!) I have included a link to all code necessary to reproduce the crash in my original bug report and I've streamlined the code so that only logic necessary for the bug to be seen is present. [2001-07-01 16:39:14] [EMAIL PROTECTED] I have included in the downloadable file a full installation of Metabase and also a session handler that uses plain old MySQL calls to save the session information (this does *not* crash the server and is there to help with your testing -- it is called mysql_sessions.php and can be tested just by including it in the nabsession_test.php and nabsession_test2.php scripts in the place of metabase_sessions.php.) [2001-07-01 16:35:37] [EMAIL PROTECTED] This error has been reproduced on WinMe running Apache 1.3.19, PHP 4.04, MySQL 3.23.37 and Linux running Apache 1.3.12, PHP 4.0.3pl1, MySQL 3.23.6. When a custom session handler is set up that points to functions that use Manuel
[PHP-DEV] Bug #11826 Updated: Custom sessions handler using Metabase calls crashes Apache
ID: 11826 Updated by: sniper Reported By: [EMAIL PROTECTED] Old Status: Open Status: Feedback Bug Type: Reproducible crash Operating System: WinMe, Linux PHP Version: 4.0.4 New Comment: Please try the latest CVS from http://snaps.php.net/ or for Windows: http://www.zend.com/snapshots/ --Jani Previous Comments: [2001-07-09 11:24:37] [EMAIL PROTECTED] Your test handler doesn't crash PHP for me with the latest CVS version on Linux. [2001-07-08 18:32:29] [EMAIL PROTECTED] I have isolated the bug but did not find the cause. It makes strtok() crash when attempting to free memory that has been trashed. It only happens when strtok is called from session on read or on write handles. I could not find what is wrong in strtok but I suspect there is inconsistent use of PHP internal global variables (strtok_string) inside session handle functions. So it seems to be a serious PHP bug that may also crash scripts that use strtok or other functions from inside session handle functions that use PHP internal global variables Metabase is no longer affected by this PHP bug because I have banned all the uses of strtok function. A new version of Metabase was uploaded to http://phpclasses.UpperDesign.com/browse.html/package/20 . If you use Metabase for session handling your are strongly encouraged to download this version. For reproducing the PHP strtok bug without Metabase, try the script below. ?php function on_session_start ($save_path, $session_name) { return true; } function on_session_end() { return true; } function on_session_read ($key) { return true; } function on_session_write ($key, $val) { $query=SELECT * FROM sessions; $select=(strtolower(strtok($query, ))==select); return true; } function on_session_destroy ($key) { return true; } function on_session_gc ($max_lifetime) { return true; } // Set the save handlers session_set_save_handler(on_session_start, on_session_end, on_session_read, on_session_write, on_session_destroy, on_session_gc); session_start(); // Register the $counter variable as part of the sesssion session_register('counter'); $counter = 1; echo 'Session test started'; ? [2001-07-07 19:59:23] [EMAIL PROTECTED] Most likely, none of the developers are actually USING Metabase, so this bug is simply getting glossed over. Perhaps a reproducible test case that does not require usage or knowledge of Metabase would help... IE, while we really appreciate all the work you have gone through to document this bug, and make these scripts available, until we can see the bug OUTSIDE of the Metabase package, it probably won't get a lot of attention. [2001-07-07 12:46:49] It's interesting that in the last week this bug report has not gotten a single reply. It is an easily reproducable bug that Manuel Lemos (author of the Metabase database abstraction layer) believes is a problem with PHP. He has assured me that the problem is not with Metabase so, accordingly: There must be a bug with custom session handlers called using session_set_save_handler (on_session_start, on_session_end, on_session_read, on_session_write, on_session_destroy, on_session_gc); that is making it crash when Metabase calls are used in the start/end/read/write etc. functions. As Metabase is one of the best solutions out there for database abstraction with PHP (are there any others that allow database schema in XML and the range of type conversion options, etc? Or are as well documented?) I believe that this bug at least deserves a reply from the developer community. (Even if it is along the lines of: 'We don't care, fix it yourself' just so I know!) I have included a link to all code necessary to reproduce the crash in my original bug report and I've streamlined the code so that only logic necessary for the bug to be seen is present. [2001-07-01 16:39:14] [EMAIL PROTECTED] I have included in the downloadable file a full installation of Metabase and also a session handler that uses plain old MySQL calls to save the session information (this does *not* crash the server and is there to help with your testing -- it is called mysql_sessions.php and can be tested just by including it in the nabsession_test.php and nabsession_test2.php scripts in the place of metabase_sessions.php.) The remainder of the comments
[PHP-DEV] Bug #11826 Updated: Custom sessions handler using Metabase calls crashes Apache
ID: 11826 Updated by: manuel Reported By: [EMAIL PROTECTED] Status: Feedback Bug Type: Reproducible crash Operating System: WinMe, Linux PHP Version: 4.0.4 New Comment: Sascha's patch does not fix the problem, which is inconsistent memory allocation handling by strtok function, but suppresses the sympthom which is the crash. Now, it just leaks memory which is good enough for normal use, but I suppose that somebody with time and patience ought to double-check all memory allocations that are stored in global variables like strtok_string when made from session handler functions. Previous Comments: [2001-07-09 14:30:03] [EMAIL PROTECTED] Please try the latest CVS from http://snaps.php.net/ or for Windows: http://www.zend.com/snapshots/ --Jani [2001-07-09 11:24:37] [EMAIL PROTECTED] Your test handler doesn't crash PHP for me with the latest CVS version on Linux. [2001-07-08 18:32:29] [EMAIL PROTECTED] I have isolated the bug but did not find the cause. It makes strtok() crash when attempting to free memory that has been trashed. It only happens when strtok is called from session on read or on write handles. I could not find what is wrong in strtok but I suspect there is inconsistent use of PHP internal global variables (strtok_string) inside session handle functions. So it seems to be a serious PHP bug that may also crash scripts that use strtok or other functions from inside session handle functions that use PHP internal global variables Metabase is no longer affected by this PHP bug because I have banned all the uses of strtok function. A new version of Metabase was uploaded to http://phpclasses.UpperDesign.com/browse.html/package/20 . If you use Metabase for session handling your are strongly encouraged to download this version. For reproducing the PHP strtok bug without Metabase, try the script below. ?php function on_session_start ($save_path, $session_name) { return true; } function on_session_end() { return true; } function on_session_read ($key) { return true; } function on_session_write ($key, $val) { $query=SELECT * FROM sessions; $select=(strtolower(strtok($query, ))==select); return true; } function on_session_destroy ($key) { return true; } function on_session_gc ($max_lifetime) { return true; } // Set the save handlers session_set_save_handler(on_session_start, on_session_end, on_session_read, on_session_write, on_session_destroy, on_session_gc); session_start(); // Register the $counter variable as part of the sesssion session_register('counter'); $counter = 1; echo 'Session test started'; ? [2001-07-07 19:59:23] [EMAIL PROTECTED] Most likely, none of the developers are actually USING Metabase, so this bug is simply getting glossed over. Perhaps a reproducible test case that does not require usage or knowledge of Metabase would help... IE, while we really appreciate all the work you have gone through to document this bug, and make these scripts available, until we can see the bug OUTSIDE of the Metabase package, it probably won't get a lot of attention. [2001-07-07 12:46:49] It's interesting that in the last week this bug report has not gotten a single reply. It is an easily reproducable bug that Manuel Lemos (author of the Metabase database abstraction layer) believes is a problem with PHP. He has assured me that the problem is not with Metabase so, accordingly: There must be a bug with custom session handlers called using session_set_save_handler (on_session_start, on_session_end, on_session_read, on_session_write, on_session_destroy, on_session_gc); that is making it crash when Metabase calls are used in the start/end/read/write etc. functions. As Metabase is one of the best solutions out there for database abstraction with PHP (are there any others that allow database schema in XML and the range of type conversion options, etc? Or are as well documented?) I believe that this bug at least deserves a reply from the developer community. (Even if it is along the lines of: 'We don't care, fix it yourself' just so I know!) I have included a link to all code necessary to reproduce the crash in my original bug report and I've streamlined the code so that only logic necessary for the bug to be seen is present. The remainder of the comments for this report
[PHP-DEV] Bug #11826 Updated: Custom sessions handler using Metabase calls crashes Apache
ID: 11826 Updated by: manuel Reported By: [EMAIL PROTECTED] Status: Open Bug Type: Reproducible crash Operating System: WinMe, Linux PHP Version: 4.0.4 New Comment: I have isolated the bug but did not find the cause. It makes strtok() crash when attempting to free memory that has been trashed. It only happens when strtok is called from session on read or on write handles. I could not find what is wrong in strtok but I suspect there is inconsistent use of PHP internal global variables (strtok_string) inside session handle functions. So it seems to be a serious PHP bug that may also crash scripts that use strtok or other functions from inside session handle functions that use PHP internal global variables Metabase is no longer affected by this PHP bug because I have banned all the uses of strtok function. A new version of Metabase was uploaded to http://phpclasses.UpperDesign.com/browse.html/package/20 . If you use Metabase for session handling your are strongly encouraged to download this version. For reproducing the PHP strtok bug without Metabase, try the script below. ?php function on_session_start ($save_path, $session_name) { return true; } function on_session_end() { return true; } function on_session_read ($key) { return true; } function on_session_write ($key, $val) { $query=SELECT * FROM sessions; $select=(strtolower(strtok($query, ))==select); return true; } function on_session_destroy ($key) { return true; } function on_session_gc ($max_lifetime) { return true; } // Set the save handlers session_set_save_handler(on_session_start, on_session_end, on_session_read, on_session_write, on_session_destroy, on_session_gc); session_start(); // Register the $counter variable as part of the sesssion session_register('counter'); $counter = 1; echo 'Session test started'; ? Previous Comments: [2001-07-07 19:59:23] [EMAIL PROTECTED] Most likely, none of the developers are actually USING Metabase, so this bug is simply getting glossed over. Perhaps a reproducible test case that does not require usage or knowledge of Metabase would help... IE, while we really appreciate all the work you have gone through to document this bug, and make these scripts available, until we can see the bug OUTSIDE of the Metabase package, it probably won't get a lot of attention. [2001-07-07 12:46:49] It's interesting that in the last week this bug report has not gotten a single reply. It is an easily reproducable bug that Manuel Lemos (author of the Metabase database abstraction layer) believes is a problem with PHP. He has assured me that the problem is not with Metabase so, accordingly: There must be a bug with custom session handlers called using session_set_save_handler (on_session_start, on_session_end, on_session_read, on_session_write, on_session_destroy, on_session_gc); that is making it crash when Metabase calls are used in the start/end/read/write etc. functions. As Metabase is one of the best solutions out there for database abstraction with PHP (are there any others that allow database schema in XML and the range of type conversion options, etc? Or are as well documented?) I believe that this bug at least deserves a reply from the developer community. (Even if it is along the lines of: 'We don't care, fix it yourself' just so I know!) I have included a link to all code necessary to reproduce the crash in my original bug report and I've streamlined the code so that only logic necessary for the bug to be seen is present. [2001-07-01 16:39:14] [EMAIL PROTECTED] I have included in the downloadable file a full installation of Metabase and also a session handler that uses plain old MySQL calls to save the session information (this does *not* crash the server and is there to help with your testing -- it is called mysql_sessions.php and can be tested just by including it in the nabsession_test.php and nabsession_test2.php scripts in the place of metabase_sessions.php.) [2001-07-01 16:35:37] [EMAIL PROTECTED] This error has been reproduced on WinMe running Apache 1.3.19, PHP 4.04, MySQL 3.23.37 and Linux running Apache 1.3.12, PHP 4.0.3pl1, MySQL 3.23.6. When a custom session handler is set up that points to functions that use Manuel Lemos' Metabase database abstraction library to save session information in a database, Apace crashes randomly. When it does not crash, the code works as it is supposed to. For code necessary to
[PHP-DEV] Bug #11826 Updated: Custom sessions handler using Metabase calls crashes Apache
ID: 11826 User updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: Open Bug Type: Reproducible crash Operating System: WinMe, Linux PHP Version: 4.0.4 Assigned To: New Comment: It's interesting that in the last week this bug report has not gotten a single reply. It is an easily reproducable bug that Manuel Lemos (author of the Metabase database abstraction layer) believes is a problem with PHP. He has assured me that the problem is not with Metabase so, accordingly: There must be a bug with custom session handlers called using session_set_save_handler (on_session_start, on_session_end, on_session_read, on_session_write, on_session_destroy, on_session_gc); that is making it crash when Metabase calls are used in the start/end/read/write etc. functions. As Metabase is one of the best solutions out there for database abstraction with PHP (are there any others that allow database schema in XML and the range of type conversion options, etc? Or are as well documented?) I believe that this bug at least deserves a reply from the developer community. (Even if it is along the lines of: 'We don't care, fix it yourself' just so I know!) I have included a link to all code necessary to reproduce the crash in my original bug report and I've streamlined the code so that only logic necessary for the bug to be seen is present. Previous Comments: [] [2001-07-01 16:35:37] [EMAIL PROTECTED] This error has been reproduced on WinMe running Apache 1.3.19, PHP 4.04, MySQL 3.23.37 and Linux running Apache 1.3.12, PHP 4.0.3pl1, MySQL 3.23.6. When a custom session handler is set up that points to functions that use Manuel Lemos' Metabase database abstraction library to save session information in a database, Apace crashes randomly. When it does not crash, the code works as it is supposed to. For code necessary to recreate problem please download this file: http://www.aralbalkan.com/php_sessions_bug/metabase_sessions.zip It includes all necessary code (including the database schema, database schema installation script, the Metabase custom session handler functions and two small test scripts that use these to increment a variable. After you have installed the database schema (metatest1-schema-install.php) and entered the settings for you database in db_init.php please run nabsession_test.php and click on the link for the second page and try reloading. Randomly, your web server will crash. When it doesn't crash, the registered session variable will update correctly. Please don't hesitate to contact me if you need any further information. Manuel Lemos, the author of Metabase is aware of the problem and believes that the problem is with the PHP custom session handler code. When the Metabase calls are replaced with direct calls to MySLQ (to ATTENTION! Do NOT reply to this email! To reply, use the web interface found at http://bugs.php.net/?id=11826edit=2 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #11826 Updated: Custom sessions handler using Metabase calls crashes Apache
ID: 11826 Updated by: joey Reported By: [EMAIL PROTECTED] Old Status: Status: Open Bug Type: Reproducible crash Operating System: WinMe, Linux PHP Version: 4.0.4 Assigned To: New Comment: Most likely, none of the developers are actually USING Metabase, so this bug is simply getting glossed over. Perhaps a reproducible test case that does not require usage or knowledge of Metabase would help... IE, while we really appreciate all the work you have gone through to document this bug, and make these scripts available, until we can see the bug OUTSIDE of the Metabase package, it probably won't get a lot of attention. Previous Comments: [] [] [2001-07-01 16:35:37] [EMAIL PROTECTED] This error has been reproduced on WinMe running Apache 1.3.19, PHP 4.04, MySQL 3.23.37 and Linux running Apache 1.3.12, PHP 4.0.3pl1, MySQL 3.23.6. When a custom session handler is set up that points to functions that use Manuel Lemos' Metabase database abstraction library to save session information in a database, Apace crashes randomly. When it does not crash, the code works as it is supposed to. For code necessary to recreate problem please download this file: http://www.aralbalkan.com/php_sessions_bug/metabase_sessions.zip It includes all necessary code (including the database schema, database schema installation script, the Metabase custom session handler functions and two small test scripts that use these to increment a variable. After you have installed the database schema (metatest1-schema-install.php) and entered the settings for you database in db_init.php please run nabsession_test.php and click on the link for the second page and try reloading. Randomly, your web server will crash. When it doesn't crash, the registered session variable will update correctly. Please don't hesitate to contact me if you need any further information. Manuel Lemos, the author of Metabase is aware of the problem and believes that the problem is with the PHP custom session handler code. When the Metabase calls are replaced with direct calls to MySLQ (to ATTENTION! Do NOT reply to this email! To reply, use the web interface found at http://bugs.php.net/?id=11826edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]