diff options
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | ext/session/session.c | 9 |
2 files changed, 8 insertions, 3 deletions
@@ -11,6 +11,8 @@ PHP 4 NEWS - Fixed possible crash in imagerotate() when an invalid color index is used for background color. (Pierre-Alain Joye) - Fixed bug #24640 (var_export and var_dump can't output large float). (Marcus) +- Fixed bug #24592 (Possible crash in session extnsion, with NULL values). + (Ilia) - Fixed bug #24573 (debug_backtrace() crashes if $this set to null). (Jani) - Fixed bug #24560 (parse_url() incorrectly handling certain file:// based schemas). (Ilia) diff --git a/ext/session/session.c b/ext/session/session.c index cc1c3aeb2d..57b686cf13 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -635,9 +635,12 @@ static int migrate_global(HashTable *ht, HashPosition *pos TSRMLS_DC) switch (n) { case HASH_KEY_IS_STRING: - zend_hash_find(&EG(symbol_table), str, str_len, (void **) &val); - if (val) { - ZEND_SET_SYMBOL_WITH_LENGTH(ht, str, str_len, *val, (*val)->refcount + 1 , 1); + if (zend_hash_find(&EG(symbol_table), str, str_len, (void **) &val) == SUCCESS && val) { + if (!PZVAL_IS_REF(*val)) { + (*val)->is_ref = 1; + (*val)->refcount += 1; + zend_hash_update(ht, str, str_len, val, sizeof(zval *), NULL); + } ret = 1; } break; |