archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-18 15:08:55 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fixed bug #24592 (Possible crash in session extnsion, with NULL values)

Browse source
This commit is contained in:
Ilia Alshanetsky 2003-07-21 21:47:52 +00:00
parent 6175f0a4c9
commit f9a8fc0c09
2 changed files with 39 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

9
ext/session/session.c
View file

@ -734,9 +734,12 @@ static int migrate_global(HashTable *ht, HashPosition *pos TSRMLS_DC)
switch (n) { switch (n) {
case HASH_KEY_IS_STRING: case HASH_KEY_IS_STRING:
zend_hash_find(&EG(symbol_table), str, str_len, (void **) &val); if (zend_hash_find(&EG(symbol_table), str, str_len, (void **) &val) == SUCCESS && val) {
if (val) { if (!PZVAL_IS_REF(*val)) {
ZEND_SET_SYMBOL_WITH_LENGTH(ht, str, str_len, *val, (*val)->refcount + 1 , 1); (*val)->is_ref = 1;
(*val)->refcount += 1;
zend_hash_update(ht, str, str_len, val, sizeof(zval *), NULL);
}
ret = 1; ret = 1;
} }
break; break;

33
ext/session/tests/bug24592.phpt Normal file
View file

@ -0,0 +1,33 @@
--TEST--
Bug #24592 (crash when multiple NULL values are being stored)
--INI--
register_globals=0
html_errors=0
--FILE--
<?php
@session_start();
$foo = $_SESSION['foo'];
$bar = $_SESSION['bar'];
var_dump($foo, $bar, $_SESSION);
$_SESSION['foo'] = $foo;
$_SESSION['bar'] = $bar;
var_dump($_SESSION);
?>
--EXPECTF--
Notice: Undefined index: foo in %s on line %d
Notice: Undefined index: bar in %s on line %d
NULL
NULL
array(0) {
}
array(2) {
["foo"]=>
NULL
["bar"]=>
NULL
}