#46133 [NEW]: session_start() causes reproducible seg fault

darkroom dot dave at gmail dot com Fri, 19 Sep 2008 19:10:33 -0700

From:             darkroom dot dave at gmail dot com
Operating system: Linux
PHP version:      5.2.6
PHP Bug Type:     Reproducible crash
Bug description:  session_start() causes reproducible seg fault


Description:
------------
When a browser, lynx or wget connects to a page with a session_start() in
the first line of code for php the apache2 child segfaults.

If I move the start_session after another statement the segfault is no
longer always reproducible, but I believe they still happen occasionally. 
sleep(1) before the start_session() does not help but any other operation
seems to.


Reproduce code:
---------------
This Segfaults

<?php
        session_start();


// define our application directory
define('VISWAR_DIR', dirname(__FILE__).'/');


This Does not ALWAYS Segfault.

$session_start=true;
if ($session_start=true) {
        session_start();
        }


// define our application directory
define('VISWAR_DIR', dirname(__FILE__).'/');


Expected result:
----------------
I would expect it to never Segfault

Actual result:
--------------
Core was generated by `/usr/sbin/apache2 -k start'.
Program terminated with signal 11, Segmentation fault.
[New process 10430]
#0  _zend_mm_free_int (heap=0x85b0f18, p=0x86093e0)
    at
/home/ddula/usr/src/build2/5.2.6-2/php5-5.2.6/Zend/zend_alloc.c:881
881                             ZEND_MM_CHECK_TREE(mm_block);
(gdb) backtrace
#0  _zend_mm_free_int (heap=0x85b0f18, p=0x86093e0)
    at
/home/ddula/usr/src/build2/5.2.6-2/php5-5.2.6/Zend/zend_alloc.c:881
#1  0xb73559da in zend_hash_destroy (ht=0x88aef18)
    at /home/ddula/usr/src/build2/5.2.6-2/php5-5.2.6/Zend/zend_hash.c:722
#2  0xb734a31d in _zval_dtor_func (zvalue=0x88af50c)
    at
/home/ddula/usr/src/build2/5.2.6-2/php5-5.2.6/Zend/zend_variables.c:43
#3  0xb733cff8 in _zval_ptr_dtor (zval_ptr=0x88afb58)
    at
/home/ddula/usr/src/build2/5.2.6-2/php5-5.2.6/Zend/zend_variables.h:35
#4  0xb73559b4 in zend_hash_destroy (ht=0x88b0b48)
    at /home/ddula/usr/src/build2/5.2.6-2/php5-5.2.6/Zend/zend_hash.c:717
#5  0xb7366773 in zend_object_std_dtor (object=0x860d308)
    at
/home/ddula/usr/src/build2/5.2.6-2/php5-5.2.6/Zend/zend_objects.c:45
#6  0xb73667b2 in zend_objects_free_object_storage (object=0x860d308)
    at
/home/ddula/usr/src/build2/5.2.6-2/php5-5.2.6/Zend/zend_objects.c:122
#7  0xb7369ad0 in zend_objects_store_free_object_storage
(objects=0xb75dbc88)
    at
/home/ddula/usr/src/build2/5.2.6-2/php5-5.2.6/Zend/zend_objects_API.c:89
#8  0xb733d543 in shutdown_executor ()
    at
/home/ddula/usr/src/build2/5.2.6-2/php5-5.2.6/Zend/zend_execute_API.c:299
#9  0xb734a99f in zend_deactivate ()
    at /home/ddula/usr/src/build2/5.2.6-2/php5-5.2.6/Zend/zend.c:941
#10 0xb7300b2a in php_request_shutdown (dummy=0x0)
    at /home/ddula/usr/src/build2/5.2.6-2/php5-5.2.6/main/main.c:1492
#11 0xb73d2887 in php_handler (r=0x868ed48)
    at
/home/ddula/usr/src/build2/5.2.6-2/php5-5.2.6/sapi/apache2handler/sapi_apache2.c:486
#12 0x080794a9 in ap_run_handler ()
#13 0x0807c8b7 in ap_invoke_handler ()
#14 0x08089d7a in ap_internal_redirect ()
#15 0xb7087c60 in ?? () from /usr/lib/apache2/modules/mod_rewrite.so
#16 0x080794a9 in ap_run_handler ()
#17 0x0807c8b7 in ap_invoke_handler ()
#18 0x08089f00 in ap_process_request ()
#19 0x0808720b in ?? ()
#20 0x08080aa9 in ap_run_process_connection ()
#21 0x0808e339 in ?? ()
#22 0x0808e677 in ?? ()
#23 0x0808f067 in ap_mpm_run ()
#24 0x08066dd5 in main ()


-- 
Edit bug report at http://bugs.php.net/?id=46133&edit=1
-- 
Try a CVS snapshot (PHP 5.2): 
http://bugs.php.net/fix.php?id=46133&r=trysnapshot52
Try a CVS snapshot (PHP 5.3): 
http://bugs.php.net/fix.php?id=46133&r=trysnapshot53
Try a CVS snapshot (PHP 6.0): 
http://bugs.php.net/fix.php?id=46133&r=trysnapshot60
Fixed in CVS:                 http://bugs.php.net/fix.php?id=46133&r=fixedcvs
Fixed in release:             
http://bugs.php.net/fix.php?id=46133&r=alreadyfixed
Need backtrace:               http://bugs.php.net/fix.php?id=46133&r=needtrace
Need Reproduce Script:        http://bugs.php.net/fix.php?id=46133&r=needscript
Try newer version:            http://bugs.php.net/fix.php?id=46133&r=oldversion
Not developer issue:          http://bugs.php.net/fix.php?id=46133&r=support
Expected behavior:            http://bugs.php.net/fix.php?id=46133&r=notwrong
Not enough info:              
http://bugs.php.net/fix.php?id=46133&r=notenoughinfo
Submitted twice:              
http://bugs.php.net/fix.php?id=46133&r=submittedtwice
register_globals:             http://bugs.php.net/fix.php?id=46133&r=globals
PHP 4 support discontinued:   http://bugs.php.net/fix.php?id=46133&r=php4
Daylight Savings:             http://bugs.php.net/fix.php?id=46133&r=dst
IIS Stability:                http://bugs.php.net/fix.php?id=46133&r=isapi
Install GNU Sed:              http://bugs.php.net/fix.php?id=46133&r=gnused
Floating point limitations:   http://bugs.php.net/fix.php?id=46133&r=float
No Zend Extensions:           http://bugs.php.net/fix.php?id=46133&r=nozend
MySQL Configuration Error:    http://bugs.php.net/fix.php?id=46133&r=mysqlcfg

#46133 [NEW]: session_start() causes reproducible seg fault

Reply via email to