mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-11-23 18:04:36 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix GH-13680: Segfault with session_decode and compilation error

Browse Source 
It's illegal to return from a bailout because that doesn't restore the
original bailout data. Return outside of it.

Test by YuanchengJiang

Closes GH-13689.
This commit is contained in:
Niels Dossche 2024-03-12 21:10:53 +01:00
parent 809446d3d1
commit 6985aff7c3
3 changed files with 32 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
NEWS
View File

@ -27,6 +27,10 @@ PHP NEWS
. Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown . Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown
modes). (timwolla) modes). (timwolla)
- Session:
. Fixed bug GH-13680 (Segfault with session_decode and compilation error).
(nielsdos)
- Sockets: - Sockets:
. Fixed bug GH-13604 (socket_getsockname returns random characters in the end . Fixed bug GH-13604 (socket_getsockname returns random characters in the end
of the socket name). (David Carlier) of the socket name). (David Carlier)

5
ext/session/session.c
View File

@ -259,16 +259,17 @@ static zend_result php_session_decode(zend_string *data) /* {{{ */
php_error_docref(NULL, E_WARNING, "Unknown session.serialize_handler. Failed to decode session object"); php_error_docref(NULL, E_WARNING, "Unknown session.serialize_handler. Failed to decode session object");
return FAILURE; return FAILURE;
} }
zend_result result = SUCCESS;
zend_try { zend_try {
if (PS(serializer)->decode(ZSTR_VAL(data), ZSTR_LEN(data)) == FAILURE) { if (PS(serializer)->decode(ZSTR_VAL(data), ZSTR_LEN(data)) == FAILURE) {
php_session_cancel_decode(); php_session_cancel_decode();
return FAILURE; result = FAILURE;
} }
} zend_catch { } zend_catch {
php_session_cancel_decode(); php_session_cancel_decode();
zend_bailout(); zend_bailout();
} zend_end_try(); } zend_end_try();
return SUCCESS; return result;
} }
/* }}} */ /* }}} */

25
ext/session/tests/gh13680.phpt Normal file
View File

@ -0,0 +1,25 @@
--TEST--
GH-13680 (Segfault with session_decode and compilation error)
--EXTENSIONS--
session
--SKIPIF--
<?php include('skipif.inc'); ?>
--INI--
session.use_cookies=0
session.use_strict_mode=0
session.cache_limiter=
session.serialize_handler=php_serialize
session.save_handler=files
error_reporting=E_ALL
--FILE--
<?php
session_start();
session_decode('foo');
class Test extends DateTime {
public static function createFromFormat($format, $datetime, $timezone = null): Wrong {}
}
?>
--EXPECTF--
Warning: session_decode(): Failed to decode session object. Session has been destroyed in %s on line %d
Fatal error: Could not check compatibility between Test::createFromFormat($format, $datetime, $timezone = null): Wrong and DateTime::createFromFormat(string $format, string $datetime, ?DateTimeZone $timezone = null): DateTime|false, because class Wrong is not available in %s on line %d