I've reproduced the crash using a self-compiled package with debug symbols (DEB_BUILD_OPTIONS=nostrip,debug). Here's the backtrace:
#0 0x00002b886ee62b50 in strlen () from /lib/libc.so.6
#1 0x000000000051f4e4 in php_session_reset_id () at /home/malcolm/srcfphpbuild/php5-5.2.3/ext/session/session.c:1098
#2 0x0000000000521c55 in php_session_start () at /home/malcolm/srcfphpbuild/php5-5.2.3/ext/session/session.c:1327
#3 0x0000000000522529 in zif_session_start (ht=1821884800, return_value=0x2b886c977a78, return_value_ptr=0x2b886c951c80, this_ptr=0x0,
return_value_used=-16843009) at /home/malcolm/srcfphpbuild/php5-5.2.3/ext/session/session.c:1802
#4 0x00000000006770f2 in zend_do_fcall_common_helper_SPEC (execute_data=0x7fff3e1a7b60)
at /home/malcolm/srcfphpbuild/php5-5.2.3/Zend/zend_vm_execute.h:200
#5 0x0000000000667bdc in execute (op_array=0xd92d90) at /home/malcolm/srcfphpbuild/php5-5.2.3/Zend/zend_vm_execute.h:92
#6 0x000000000066c9f3 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER (execute_data=0x7fff3e1af4d0)
at /home/malcolm/srcfphpbuild/php5-5.2.3/Zend/zend_vm_execute.h:2030
#7 0x0000000000667bdc in execute (op_array=0xd865c0) at /home/malcolm/srcfphpbuild/php5-5.2.3/Zend/zend_vm_execute.h:92
#8 0x000000000066c9f3 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER (execute_data=0x7fff3e1b10c0)
at /home/malcolm/srcfphpbuild/php5-5.2.3/Zend/zend_vm_execute.h:2030
#9 0x0000000000667bdc in execute (op_array=0xd82d38) at /home/malcolm/srcfphpbuild/php5-5.2.3/Zend/zend_vm_execute.h:92
#10 0x00000000006488b3 in zend_execute_scripts (type=32767, retval=0x0, file_count=3)
at /home/malcolm/srcfphpbuild/php5-5.2.3/Zend/zend.c:1134
#11 0x00000000006067f8 in php_execute_script (primary_file=Cannot access memory at address 0x80003e1b0138
) at /home/malcolm/srcfphpbuild/php5-5.2.3/main/main.c:1794
#12 0x00000000006ca99f in main (argc=1041979768, argv=0x0) at /home/malcolm/srcfphpbuild/php5-5.2.3/sapi/cgi/cgi_main.c:1735
This corroborates uwe's comment that something is going wrong in the session handling code.
The problem occurs due to 204-start-session-cookies.patch: the change at line 1098 of ext/session/session.c from smart_str_appends(&ncookie, PS(session_name));
to e_session_name = php_url_encode(PS(session_name), strlen(PS(session_name)), NULL); smart_str_appends(&ncookie, e_session_name);
is what's causing the crash.
I've reproduced the crash using a self-compiled package with debug symbols (DEB_BUILD_ OPTIONS= nostrip, debug). Here's the backtrace:
#0 0x00002b886ee62b50 in strlen () from /lib/libc.so.6 reset_id () at /home/malcolm/ srcfphpbuild/ php5-5. 2.3/ext/ session/ session. c:1098 srcfphpbuild/ php5-5. 2.3/ext/ session/ session. c:1327 value=0x2b886c9 77a78, return_ value_ptr= 0x2b886c951c80, this_ptr=0x0, value_used= -16843009) at /home/malcolm/ srcfphpbuild/ php5-5. 2.3/ext/ session/ session. c:1802 fcall_common_ helper_ SPEC (execute_ data=0x7fff3e1a 7b60) srcfphpbuild/ php5-5. 2.3/Zend/ zend_vm_ execute. h:200 srcfphpbuild/ php5-5. 2.3/Zend/ zend_vm_ execute. h:92 OR_EVAL_ SPEC_CONST_ HANDLER (execute_ data=0x7fff3e1a f4d0) srcfphpbuild/ php5-5. 2.3/Zend/ zend_vm_ execute. h:2030 srcfphpbuild/ php5-5. 2.3/Zend/ zend_vm_ execute. h:92 OR_EVAL_ SPEC_CONST_ HANDLER (execute_ data=0x7fff3e1b 10c0) srcfphpbuild/ php5-5. 2.3/Zend/ zend_vm_ execute. h:2030 srcfphpbuild/ php5-5. 2.3/Zend/ zend_vm_ execute. h:92 scripts (type=32767, retval=0x0, file_count=3) srcfphpbuild/ php5-5. 2.3/Zend/ zend.c: 1134 file=Cannot access memory at address 0x80003e1b0138 srcfphpbuild/ php5-5. 2.3/main/ main.c: 1794 srcfphpbuild/ php5-5. 2.3/sapi/ cgi/cgi_ main.c: 1735
#1 0x000000000051f4e4 in php_session_
#2 0x0000000000521c55 in php_session_start () at /home/malcolm/
#3 0x0000000000522529 in zif_session_start (ht=1821884800, return_
return_
#4 0x00000000006770f2 in zend_do_
at /home/malcolm/
#5 0x0000000000667bdc in execute (op_array=0xd92d90) at /home/malcolm/
#6 0x000000000066c9f3 in ZEND_INCLUDE_
at /home/malcolm/
#7 0x0000000000667bdc in execute (op_array=0xd865c0) at /home/malcolm/
#8 0x000000000066c9f3 in ZEND_INCLUDE_
at /home/malcolm/
#9 0x0000000000667bdc in execute (op_array=0xd82d38) at /home/malcolm/
#10 0x00000000006488b3 in zend_execute_
at /home/malcolm/
#11 0x00000000006067f8 in php_execute_script (primary_
) at /home/malcolm/
#12 0x00000000006ca99f in main (argc=1041979768, argv=0x0) at /home/malcolm/
This corroborates uwe's comment that something is going wrong in the session handling code.
The problem occurs due to 204-start- session- cookies. patch: the change at line 1098 of ext/session/ session. c from
smart_str_ appends( &ncookie, PS(session_name));
e_session_ name = php_url_ encode( PS(session_ name), strlen( PS(session_ name)), NULL);
smart_str_ appends( &ncookie, e_session_name);
to
is what's causing the crash.
Currently working on a fix.