From:
Operating system: Fedora, RHEL, OS X
PHP version: 5.3.9
Package: Session related
Bug Type: Bug
Bug description:session.save_handler=user without defined function core dumps
Description:
------------
The following script will core dump because the save_handlers have not been
defined, but the session extension is not checking to make sure the
functions are not null before trying to call them.
I would expect an error, but not a core dump.
I think the fix would be in mod_user.c to add a check in PS_OPEN_FUNC,
PS_CLOSE_FUNC, PS_READ_FUNC, PS_WRITE_FUNC, PS_DESTROY_FUNC, PS_GC_FUNC
with something like this:
----
if (PSF(open) == NULL) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "user session handler open
not found");
return FAILURE;
}
----
Or maybe the error "User session functions not configured" or something.
The problem I have with the patch is that it needs TSRMLS_CC, which the PS
function don't pass in and I don't know enough about the threading stuff to
fix.
Test script:
---------------
% php -d session.save_handler=user
<?PHP
session_start();
var_dump($_SESSION);
?>
Expected result:
----------------
Expecting a warning about how the user session function are not
defined/set.
Actual result:
--------------
This is a backtrace from running under Apache 2.x
#0 zend_is_callable_ex (callable=0x0, object_ptr=0x0, check_flags=8,
callable_name=0xffffaf48, callable_name_len=0xffffae8c, fcc=0xffffaf50,
error=0xffffaf4c)
at php-5.3.9/Zend/zend_API.c:2718
#1 0xf72e150a in zend_call_function (fci=0xffffaff0, fci_cache=0xffffaf50)
at php-5.3.9/Zend/zend_execute_API.c:817
#2 0xf72e21c1 in call_user_function_ex (function_table=0x81f43f8,
object_pp=0x0, function_name=0xffffaf4c, retval_ptr_ptr=0xffffaf4c,
param_count=4294946636, params=0xffffaf4c, no_separation=-20660,
symbol_table=0xffffaf4c) at php-5.3.9/Zend/zend_execute_API.c:758
#3 0xf72e2235 in call_user_function (function_table=0x81f43f8,
object_pp=0x0, function_name=0x0, retval_ptr=0xf6cc7d10, param_count=2,
params=0xffffb0c0)
at php-5.3.9/Zend/zend_execute_API.c:731
#4 0xf6a35fcf in ps_call_handler (func=0x0, argc=2, argv=0xffffb0c0) at
php-5.3.9/ext/session/mod_user.c:53
#5 0xf6a360e7 in ps_open_user (mod_data=0xffffaf4c, save_path=0xf6a36a49
"", session_name=0xf6a3675f "YBY") at php-5.3.9/ext/session/mod_user.c:93
#6 0xf6a32951 in php_session_start () at
php-5.3.9/ext/session/session.c:512
#7 0xf6a34784 in zif_session_start (ht=0, return_value=0xf6cc7b00,
return_value_ptr=0x0, this_ptr=0x0, return_value_used=0)
at php-5.3.9/ext/session/session.c:1911
#8 0xf7315474 in zend_do_fcall_common_helper_SPEC
(execute_data=0xf654f028) at php-5.3.9/Zend/zend_vm_execute.h:320
#9 0xf73144ba in execute (op_array=0xf6cc7a1c) at
php-5.3.9/Zend/zend_vm_execute.h:107
#10 0xf72f0e31 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at php-5.3.9/Zend/zend.c:1237
#11 0xf7294be4 in php_execute_script (primary_file=0xffffd5d0) at
php-5.3.9/main/main.c:2343
#12 0xf737ae3d in php_handler (r=0x82c6588) at
php-5.3.9/sapi/apache2handler/sapi_apache2.c:685
#13 0x08074ddd in ap_run_handler (r=0x82c6588) at config.c:157
#14 0x080751c1 in ap_invoke_handler (r=0x82c6588) at config.c:376
#15 0x08081d22 in ap_process_request (r=0x82c6588) at http_request.c:282
#16 0x0807f31a in ap_process_http_connection (c=0x82c23b8) at
http_core.c:190
#17 0x0807b971 in ap_run_process_connection (c=0x82c23b8) at
connection.c:43
#18 0x080868b7 in child_main (child_num_arg=Variable "child_num_arg" is not
available.
) at prefork.c:667
#19 0x08086ab1 in make_child (s=0x80aafd0, slot=0) at prefork.c:712
#20 0x08087153 in ap_mpm_run (_pconf=0x80a90d8, plog=0x80d7190,
s=0x80aafd0) at prefork.c:990
#21 0x08063047 in main (argc=2, argv=0xffffdb74) at main.c:739
--
Edit bug report at https://bugs.php.net/bug.php?id=60860&edit=1
--
Try a snapshot (PHP 5.4):
https://bugs.php.net/fix.php?id=60860&r=trysnapshot54
Try a snapshot (PHP 5.3):
https://bugs.php.net/fix.php?id=60860&r=trysnapshot53
Try a snapshot (trunk):
https://bugs.php.net/fix.php?id=60860&r=trysnapshottrunk
Fixed in SVN:
https://bugs.php.net/fix.php?id=60860&r=fixed
Fixed in SVN and need be documented:
https://bugs.php.net/fix.php?id=60860&r=needdocs
Fixed in release:
https://bugs.php.net/fix.php?id=60860&r=alreadyfixed
Need backtrace:
https://bugs.php.net/fix.php?id=60860&r=needtrace
Need Reproduce Script:
https://bugs.php.net/fix.php?id=60860&r=needscript
Try newer version:
https://bugs.php.net/fix.php?id=60860&r=oldversion
Not developer issue:
https://bugs.php.net/fix.php?id=60860&r=support
Expected behavior:
https://bugs.php.net/fix.php?id=60860&r=notwrong
Not enough info:
https://bugs.php.net/fix.php?id=60860&r=notenoughinfo
Submitted twice:
https://bugs.php.net/fix.php?id=60860&r=submittedtwice
register_globals:
https://bugs.php.net/fix.php?id=60860&r=globals
PHP 4 support discontinued:
https://bugs.php.net/fix.php?id=60860&r=php4
Daylight Savings: https://bugs.php.net/fix.php?id=60860&r=dst
IIS Stability:
https://bugs.php.net/fix.php?id=60860&r=isapi
Install GNU Sed:
https://bugs.php.net/fix.php?id=60860&r=gnused
Floating point limitations:
https://bugs.php.net/fix.php?id=60860&r=float
No Zend Extensions:
https://bugs.php.net/fix.php?id=60860&r=nozend
MySQL Configuration Error:
https://bugs.php.net/fix.php?id=60860&r=mysqlcfg
