Ubuntu
php5 package

Bug #173043
Comment #8

Comment 8 for bug 173043

Revision history for this message

Malcolm Scott (malcscott) wrote on 2007-12-01:

I've reproduced the crash using a self-compiled package with debug symbols (DEB_BUILD_OPTIONS=nostrip,debug). Here's the backtrace:

#0 0x00002b886ee62b50 in strlen () from /lib/libc.so.6
#1 0x000000000051f4e4 in php_session_reset_id () at /home/malcolm/srcfphpbuild/php5-5.2.3/ext/session/session.c:1098
#2 0x0000000000521c55 in php_session_start () at /home/malcolm/srcfphpbuild/php5-5.2.3/ext/session/session.c:1327
#3 0x0000000000522529 in zif_session_start (ht=1821884800, return_value=0x2b886c977a78, return_value_ptr=0x2b886c951c80, this_ptr=0x0,
    return_value_used=-16843009) at /home/malcolm/srcfphpbuild/php5-5.2.3/ext/session/session.c:1802
#4 0x00000000006770f2 in zend_do_fcall_common_helper_SPEC (execute_data=0x7fff3e1a7b60)
    at /home/malcolm/srcfphpbuild/php5-5.2.3/Zend/zend_vm_execute.h:200
#5 0x0000000000667bdc in execute (op_array=0xd92d90) at /home/malcolm/srcfphpbuild/php5-5.2.3/Zend/zend_vm_execute.h:92
#6 0x000000000066c9f3 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER (execute_data=0x7fff3e1af4d0)
    at /home/malcolm/srcfphpbuild/php5-5.2.3/Zend/zend_vm_execute.h:2030
#7 0x0000000000667bdc in execute (op_array=0xd865c0) at /home/malcolm/srcfphpbuild/php5-5.2.3/Zend/zend_vm_execute.h:92
#8 0x000000000066c9f3 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER (execute_data=0x7fff3e1b10c0)
    at /home/malcolm/srcfphpbuild/php5-5.2.3/Zend/zend_vm_execute.h:2030
#9 0x0000000000667bdc in execute (op_array=0xd82d38) at /home/malcolm/srcfphpbuild/php5-5.2.3/Zend/zend_vm_execute.h:92
#10 0x00000000006488b3 in zend_execute_scripts (type=32767, retval=0x0, file_count=3)
    at /home/malcolm/srcfphpbuild/php5-5.2.3/Zend/zend.c:1134
#11 0x00000000006067f8 in php_execute_script (primary_file=Cannot access memory at address 0x80003e1b0138
) at /home/malcolm/srcfphpbuild/php5-5.2.3/main/main.c:1794
#12 0x00000000006ca99f in main (argc=1041979768, argv=0x0) at /home/malcolm/srcfphpbuild/php5-5.2.3/sapi/cgi/cgi_main.c:1735

This corroborates uwe's comment that something is going wrong in the session handling code.

The problem occurs due to 204-start-session-cookies.patch: the change at line 1098 of ext/session/session.c from
       smart_str_appends(&ncookie, PS(session_name));
to
       e_session_name = php_url_encode(PS(session_name), strlen(PS(session_name)), NULL);
       smart_str_appends(&ncookie, e_session_name);
is what's causing the crash.

Currently working on a fix.

I've reproduced the crash using a self-compiled package with debug symbols (DEB_BUILD_OPTIONS=nostrip,debug).  Here's the backtrace:

#0  0x00002b886ee62b50 in strlen () from /lib/libc.so.6
#1  0x000000000051f4e4 in php_session_reset_id () at /home/malcolm/srcfphpbuild/php5-5.2.3/ext/session/session.c:1098
#2  0x0000000000521c55 in php_session_start () at /home/malcolm/srcfphpbuild/php5-5.2.3/ext/session/session.c:1327
#3  0x0000000000522529 in zif_session_start (ht=1821884800, return_value=0x2b886c977a78, return_value_ptr=0x2b886c951c80, this_ptr=0x0, 
    return_value_used=-16843009) at /home/malcolm/srcfphpbuild/php5-5.2.3/ext/session/session.c:1802
#4  0x00000000006770f2 in zend_do_fcall_common_helper_SPEC (execute_data=0x7fff3e1a7b60)
    at /home/malcolm/srcfphpbuild/php5-5.2.3/Zend/zend_vm_execute.h:200
#5  0x0000000000667bdc in execute (op_array=0xd92d90) at /home/malcolm/srcfphpbuild/php5-5.2.3/Zend/zend_vm_execute.h:92
#6  0x000000000066c9f3 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER (execute_data=0x7fff3e1af4d0)
    at /home/malcolm/srcfphpbuild/php5-5.2.3/Zend/zend_vm_execute.h:2030
#7  0x0000000000667bdc in execute (op_array=0xd865c0) at /home/malcolm/srcfphpbuild/php5-5.2.3/Zend/zend_vm_execute.h:92
#8  0x000000000066c9f3 in ZEND_INCLUDE_OR_EVAL_SPEC_CONST_HANDLER (execute_data=0x7fff3e1b10c0)
    at /home/malcolm/srcfphpbuild/php5-5.2.3/Zend/zend_vm_execute.h:2030
#9  0x0000000000667bdc in execute (op_array=0xd82d38) at /home/malcolm/srcfphpbuild/php5-5.2.3/Zend/zend_vm_execute.h:92
#10 0x00000000006488b3 in zend_execute_scripts (type=32767, retval=0x0, file_count=3)
    at /home/malcolm/srcfphpbuild/php5-5.2.3/Zend/zend.c:1134
#11 0x00000000006067f8 in php_execute_script (primary_file=Cannot access memory at address 0x80003e1b0138
) at /home/malcolm/srcfphpbuild/php5-5.2.3/main/main.c:1794
#12 0x00000000006ca99f in main (argc=1041979768, argv=0x0) at /home/malcolm/srcfphpbuild/php5-5.2.3/sapi/cgi/cgi_main.c:1735

This corroborates uwe's comment that something is going wrong in the session handling code.

Currently working on a fix.

Ubuntuphp5 package

Comment 8 for bug 173043

Ubuntu
php5 package