Fix GH-11529: Crash after dealing with an Apache request

In an MPM worker scenario we have 1 module, N threads. Each thread must have their globals initialised. If we only initialise the filename fields in MINIT, then the threads have an uninitialized value. If the uninitialized value is not NULL, this leads to segfaults upon access. Closes GH-11530.
2025-08-15 21:48:51 +02:00 · 2023-06-25 22:27:13 +02:00 · 2023-06-25 22:27:13 +02:00 · c0147a0588
commit c0147a0588
parent ddb6cadb4c
2 changed files with 5 additions and 2 deletions
--- a/3
+++ b/3
@ -15,6 +15,9 @@ PHP                                                                        NEWS
  . Fixed bug GH-11514 (PHP 8.3 build fails with --enable-mbstring enabled).
    (nielsdos)

+- Session:
+  . Fixed bug GH-11529 (Crash after dealing with an Apache request). (nielsdos)
+
 - zip:
  . zip extension version 1.22.0 for libzip 1.10.0. (Remi)
  . add new error macros (ER_DATA_LENGTH and ER_NOT_ALLOWED). (Remi)
--- a/ext/session/session.c
+++ b/ext/session/session.c
@ -2843,6 +2843,8 @@ static PHP_GINIT_FUNCTION(ps) /* {{{ */
 	ps_globals->mod_user_is_open = 0;
 	ps_globals->session_vars = NULL;
 	ps_globals->set_handler = 0;
+	ps_globals->session_started_filename = NULL;
+	ps_globals->session_started_lineno = 0;
 	/* Unset user defined handlers */
 	ZVAL_UNDEF(&ps_globals->mod_user_names.ps_open);
 	ZVAL_UNDEF(&ps_globals->mod_user_names.ps_close);
@ -2865,8 +2867,6 @@ static PHP_MINIT_FUNCTION(session) /* {{{ */
 	PS(module_number) = module_number;

 	PS(session_status) = php_session_none;
-	PS(session_started_filename) = NULL;
-	PS(session_started_lineno) = 0;
 	REGISTER_INI_ENTRIES();

 #ifdef HAVE_LIBMM