Setting session.serialize_handler to none in apache config segfaults PHP

Bug #30282	Setting session.serialize_handler to none in apache config segfaults PHP
Submitted:	2004-09-29 23:29 UTC	Modified:	2004-09-30 18:50 UTC
From:	daniele at orlandi dot com	Assigned:
Status:	Closed	Package:	Session related
PHP Version:	4.3.9	OS:	SuSE Linux 9.1
Private report:	No	CVE-ID:	None

[2004-09-29 23:29 UTC] daniele at orlandi dot com

Description:
------------
This is an almost cosmetic issue. I incorrectly put "none" in apache's configuration file for session.serialize_handler. Starting the session, PHP segfaults; it may be a missing NULL check.

php_value session.serialize_handler none

[pid 31996] open("/tmp/sess_de475dfe390c0d01f35536633634db4a", O_RDWR|O_CREAT, 0600) = 28
[pid 31996] flock(28, LOCK_EX)          = 0
[pid 31996] fcntl64(28, F_SETFD, FD_CLOEXEC) = 0
[pid 31996] fstat64(28, {st_mode=S_IFREG|0600, st_size=0, ...}) = 0
[pid 31996] pread(28, "", 0, 0)
[pid 31996] --- SIGSEGV (Segmentation fault) @ 0 (0) ---

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-09-30 17:52 UTC] tony2001@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.