Home Original page

PHP :: Bug #16995 :: reallocating memory causes segfaults

Bug #16995 reallocating memory causes segfaults
Submitted: 2002-05-03 11:57 UTC Modified: 2002-09-29 10:33 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: tcrhak at suse dot cz Assigned:
Status: Closed Package: Session related
PHP Version: 4.2.0 OS: Linux
Private report: No CVE-ID: None

 [2002-05-03 11:57 UTC] tcrhak at suse dot cz

<?php
    session_register( "_SESSION" );
    $_SESSION = "kk";
?>

backtrace:

#0  0x08189910 in zend_hash_get_current_key_ex (ht=0x82d5654, 
    str_index=0xbfffe984, str_length=0xbfffe980, num_index=0xbfffe97c, 
    duplicate=0 '\000', pos=0xbfffe988) at zend_hash.c:1035

#1  0x080fed0e in php_session_save_current_state ()
#2  0x08101855 in php_session_flush ()
#3  0x08101895 in zm_deactivate_session ()
#4  0x08186aee in module_registry_cleanup (module=0x8285ed0) at zend_API.c:1169
#5  0x08188f0a in zend_hash_apply (ht=0x82349a0, 
    apply_func=0x8186aa6 <module_registry_cleanup>) at zend_hash.c:669
#6  0x08183e14 in zend_deactivate_modules () at zend.c:581
#7  0x08077658 in php_request_shutdown ()
#8  0x08075997 in main ()
#9  0x4037a4f2 in __libc_start_main () from /lib/libc.so.6

The problem however appears earlier.
It seems that the zval structure ps_globals.http_session_vars points at is freed and allocated elsewhere, but ps_globals.http_session_vars
points to the old location, so when it comes to php_session_save_current_state (#1),
Z_ARRVAL_P(PS(http_session_vars)) holds some meaningless value.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

 [2002-05-03 11:59 UTC] tcrhak at suse dot cz

This appeared first in 4.1.0, 4.0.6 is ok.

 [2002-05-03 23:57 UTC] yohgaki@php.net

Another form of $_SESSION related crash.

 [2002-09-29 10:33 UTC] iliaa@php.net

This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.