Bug #53345 [Opn->Fbk]: Crash related to custom session handler (via MySQL DB) in Roundcube

Sat, 20 Nov 2010 06:31:38 -0800 

Edit report at http://bugs.php.net/bug.php?id=53345&edit=1

 ID:                 53345
 Updated by:         fel...@php.net
 Reported by:        php-bugs at thequod dot de
 Summary:            Crash related to custom session handler (via MySQL
                     DB) in Roundcube
-Status:             Open
+Status:             Feedback
 Type:               Bug
 Package:            Session related
 Operating System:   Linux
 PHP Version:        5.3.3
 Block user comment: N
 Private report:     N

 New Comment:

Please try using this snapshot:

  http://snaps.php.net/php5.3-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/




Previous Comments:
------------------------------------------------------------------------
[2010-11-18 14:47:02] php-bugs at thequod dot de

Description:
------------
I am getting a crash using Roundcube (http://roundcube.net/ at trunk
(r4231)), which is not easily reproducible.



It appears to be related (initially triggered) to forwarding some spam
related message and the internal session management in Roundcube (which
is using a custom handler, writing the data to a MySQL database).



Currently I can easily trigger the crash, but it might be difficult to
reproduce it somewhere else.



Here is a gdb backtrace, using PHP from Debian testing:



#0  _zval_ptr_dtor (zval_ptr=0xbfec89bc)

    at
/build/buildd-php5_5.3.3-2-i386-iygsWg/php5-5.3.3/Zend/zend.h:385

#1  0x08348e99 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfec89bc)

    at
/build/buildd-php5_5.3.3-2-i386-iygsWg/php5-5.3.3/Zend/zend_execute.h:318

#2  0x0831ff2e in execute (op_array=0x8fade04)

    at
/build/buildd-php5_5.3.3-2-i386-iygsWg/php5-5.3.3/Zend/zend_vm_execute.h:107

#3  0x082ebbe1 in zend_call_function (fci=0xbfec8b7c,
fci_cache=0xbfec8b24)

    at
/build/buildd-php5_5.3.3-2-i386-iygsWg/php5-5.3.3/Zend/zend_execute_API.c:963

#4  0x082ec854 in call_user_function_ex (function_table=0x8d44c90,
object_pp=0x0,

    function_name=0x8fd8078, retval_ptr_ptr=0xbfec8bec,
param_count=<error type>, params=0x0,

    no_separation=1, symbol_table=0x0)

    at
/build/buildd-php5_5.3.3-2-i386-iygsWg/php5-5.3.3/Zend/zend_execute_API.c:754

#5  0x082ec8cb in call_user_function (function_table=0x8d44c90,
object_pp=0x0,

    function_name=0x8fd8078, retval_ptr=0xbfec8c3c, param_count=<error
type>, params=0x8fb9c6c)

    at
/build/buildd-php5_5.3.3-2-i386-iygsWg/php5-5.3.3/Zend/zend_execute_API.c:727

#6  0x08217f90 in user_shutdown_function_call
(shutdown_function_entry=0x8fd80a4)

    at
/build/buildd-php5_5.3.3-2-i386-iygsWg/php5-5.3.3/ext/standard/basic_functions.c:4976

#7  0x083032b8 in zend_hash_apply (ht=0x8fd1f0c,

    apply_func=0x8217f10 <user_shutdown_function_call>)

    at
/build/buildd-php5_5.3.3-2-i386-iygsWg/php5-5.3.3/Zend/zend_hash.c:875

#8  0x082159ea in php_call_shutdown_functions ()

    at
/build/buildd-php5_5.3.3-2-i386-iygsWg/php5-5.3.3/ext/standard/basic_functions.c:5068

#9  0x0829b435 in php_request_shutdown (dummy=0x0)

    at
/build/buildd-php5_5.3.3-2-i386-iygsWg/php5-5.3.3/main/main.c:1598

#10 0x083894ef in main (argc=3, argv=0xbfecc9cb)

    at
/build/buildd-php5_5.3.3-2-i386-iygsWg/php5-5.3.3/sapi/cgi/cgi_main.c:2167





I hope this helps to track this down - I could do some more debugging,
e.g. add var_dump/breaking points into the Roundcube code, but it might
be time consuming to get a small test script.



------------------------------------------------------------------------



-- 
Edit this bug report at http://bugs.php.net/bug.php?id=53345&edit=1

Reply via email to