From 6985aff7c31d38eed968f4c47a261b67b924621c Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Tue, 12 Mar 2024 21:10:53 +0100
Subject: [PATCH] Fix GH-13680: Segfault with session_decode and compilation
 error

It's illegal to return from a bailout because that doesn't restore the
original bailout data. Return outside of it.

Test by YuanchengJiang

Closes GH-13689.
---
 NEWS                           |  4 ++++
 ext/session/session.c          |  5 +++--
 ext/session/tests/gh13680.phpt | 25 +++++++++++++++++++++++++
 3 files changed, 32 insertions(+), 2 deletions(-)
 create mode 100644 ext/session/tests/gh13680.phpt

diff --git a/NEWS b/NEWS
index d24a8fee0a2..4598f8bea75 100644
--- a/NEWS
+++ b/NEWS
@@ -27,6 +27,10 @@ PHP                                                                        NEWS
   . Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown
     modes). (timwolla)
 
+- Session:
+  . Fixed bug GH-13680 (Segfault with session_decode and compilation error).
+    (nielsdos)
+
 - Sockets:
   . Fixed bug GH-13604 (socket_getsockname returns random characters in the end
     of the socket name). (David Carlier)
diff --git a/ext/session/session.c b/ext/session/session.c
index 6b639992972..74a0546b849 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -259,16 +259,17 @@ static zend_result php_session_decode(zend_string *data) /* {{{ */
 		php_error_docref(NULL, E_WARNING, "Unknown session.serialize_handler. Failed to decode session object");
 		return FAILURE;
 	}
+	zend_result result = SUCCESS;
 	zend_try {
 		if (PS(serializer)->decode(ZSTR_VAL(data), ZSTR_LEN(data)) == FAILURE) {
 			php_session_cancel_decode();
-			return FAILURE;
+			result = FAILURE;
 		}
 	} zend_catch {
 		php_session_cancel_decode();
 		zend_bailout();
 	} zend_end_try();
-	return SUCCESS;
+	return result;
 }
 /* }}} */
 
diff --git a/ext/session/tests/gh13680.phpt b/ext/session/tests/gh13680.phpt
new file mode 100644
index 00000000000..a95583ee345
--- /dev/null
+++ b/ext/session/tests/gh13680.phpt
@@ -0,0 +1,25 @@
+--TEST--
+GH-13680 (Segfault with session_decode and compilation error)
+--EXTENSIONS--
+session
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--INI--
+session.use_cookies=0
+session.use_strict_mode=0
+session.cache_limiter=
+session.serialize_handler=php_serialize
+session.save_handler=files
+error_reporting=E_ALL
+--FILE--
+<?php
+session_start();
+session_decode('foo');
+class Test extends DateTime {
+    public static function createFromFormat($format, $datetime, $timezone = null): Wrong {}
+}
+?>
+--EXPECTF--
+Warning: session_decode(): Failed to decode session object. Session has been destroyed in %s on line %d
+
+Fatal error: Could not check compatibility between Test::createFromFormat($format, $datetime, $timezone = null): Wrong and DateTime::createFromFormat(string $format, string $datetime, ?DateTimeZone $timezone = null): DateTime|false, because class Wrong is not available in %s on line %d