I am reverting this patch:

http://cvs.php.net/diff.php/php-src/main/php_variables.c?r1=1.45.2.9&r2=1.45.2.10&ty=u

It consistently causes this segfault:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 2837)]
0x405313ff in zend_hash_find (ht=0x8266682, arKey=0x8266660 "fud_session_1109269364_referer_id", nKeyLength=34, pData=0x0)
    at /home/rasmus/php43/Zend/zend_hash.c:897
897                                     *pData = p->pData;
(gdb) bt
#0  0x405313ff in zend_hash_find (ht=0x8266682, arKey=0x8266660 "fud_session_1109269364_referer_id", nKeyLength=34, pData=0x0)
    at /home/rasmus/php43/Zend/zend_hash.c:897
#1  0x4050c39c in php_register_variable_ex (var=0x8266660 "fud_session_1109269364_referer_id", val=0xbffff730, track_vars_array=0x823e908)
    at /home/rasmus/php43/main/php_variables.c:201
#2  0x4050c031 in php_register_variable_safe (var=0x823e908 "?m\031\b", strval=0x0, str_len=0, track_vars_array=0x823e908)
    at /home/rasmus/php43/main/php_variables.c:56
#3  0x4050c6fb in php_default_treat_data (arg=2, str=0x0, destArray=0x823e908) at /home/rasmus/php43/main/php_variables.c:318
#4  0x40502af2 in php_hash_environment () at /home/rasmus/php43/main/main.c:1442
#5  0x4050187f in php_request_startup () at /home/rasmus/php43/main/main.c:936
#6  0x4053e746 in apache_php_module_main (r=0x818c894, display_source_mode=0) at /home/rasmus/php43/sapi/apache/sapi_apache.c:33
#7  0x4053f1e9 in send_php (r=0x818c894, display_source_mode=0, filename=0x0) at /home/rasmus/php43/sapi/apache/mod_php4.c:621
#8  0x4053f36d in send_parsed_php (r=0x823e908) at /home/rasmus/php43/sapi/apache/mod_php4.c:636

diff --git a/main/php_variables.c b/main/php_variables.c
index 45f82984185b590c01509f41560248047459653a..cf9d98cc6300161c360e219e6c861e3b7d22c00a 100644 (file)
--- a/main/php_variables.c
+++ b/main/php_variables.c
@@ -63,7 +63,7 @@ PHPAPI void php_register_variable_ex(char *var, zval *val, pval *track_vars_arra
        char *ip;               /* index pointer */
        char *index;
        int var_len, index_len;
-       zval *gpc_element, **gpc_element_p, *tmp;
+       zval *gpc_element, **gpc_element_p;
        zend_bool is_array;
        HashTable *symtable1=NULL;
 
@@ -184,20 +184,9 @@ plain_var:
                        } else {
                                if (PG(magic_quotes_gpc) && (index!=var)) {
                                        char *escaped_index = php_addslashes(index, index_len, &index_len, 0 TSRMLS_CC);
-                                       /* 
-                                        * According to rfc2965, more specific paths are listed above the less specific ones.
-                                        * If we encounter a duplicate cookie name, we should skip it, since it is not possible
-                                        * to have the same (plain text) cookie name for the same path and we should not overwrite
-                                        * more specific cookies with the less specific ones.
-                                        */
-                                       if (PG(http_globals)[TRACK_VARS_COOKIE] && symtable1 == Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_COOKIE]) && 
-                                                       zend_hash_find(symtable1, escaped_index, index_len+1, (void **) &tmp) != FAILURE) {
-                                               efree(escaped_index);
-                                               break;
-                                       }
                                        zend_hash_update(symtable1, escaped_index, index_len+1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
                                        efree(escaped_index);
-                               } else if (!PG(http_globals)[TRACK_VARS_COOKIE] || symtable1 != Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_COOKIE]) || zend_hash_find(symtable1, index, index_len+1, (void **) tmp) == FAILURE) {
+                               } else {
                                        zend_hash_update(symtable1, index, index_len+1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
                                }
                        }