Merge branch 'PHP-7.4'

author: Nikita Popov <nikita.ppv@gmail.com> 2019-09-25 11:03:19 +0200
committer: Nikita Popov <nikita.ppv@gmail.com> 2019-09-25 11:03:19 +0200
commit: fb60ccc666e5b7245e7abf13314e79d9986b5b4e (patch)
tree: 31e0c6cd49238d488c40d6195df93502400ec7ab /ext/session/session.c
parent: de6b76805da6f7b3a69b364f1352e6408ff682e9 (diff)
parent: b8ef7c35abd31666d9fb317db4b09a9eef0ede6c (diff)
download: php-git-fb60ccc666e5b7245e7abf13314e79d9986b5b4e.tar.gz
1 files changed, 8 insertions, 1 deletions
diff --git a/ext/session/session.c b/ext/session/session.c
index 75ac465c7f..2e5cddcbb7 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -245,11 +245,18 @@ static zend_string *php_session_encode(void) /* {{{ */
 
 static int php_session_decode(zend_string *data) /* {{{ */
 {
+	int res;
 	if (!PS(serializer)) {
 		php_error_docref(NULL, E_WARNING, "Unknown session.serialize_handler. Failed to decode session object");
 		return FAILURE;
 	}
-	if (PS(serializer)->decode(ZSTR_VAL(data), ZSTR_LEN(data)) == FAILURE) {
+	/* Make sure that any uses of unserialize() during session decoding do not share
+	 * state with any unserialize() that is already in progress (e.g. because we are
+	 * currently inside Serializable::unserialize(). */
+	BG(serialize_lock)++;
+	res = PS(serializer)->decode(ZSTR_VAL(data), ZSTR_LEN(data));
+	BG(serialize_lock)--;
+	if (res == FAILURE) {
 		php_session_destroy();
 		php_session_track_init();
 		php_error_docref(NULL, E_WARNING, "Failed to decode session object. Session has been destroyed");
author	Nikita Popov <nikita.ppv@gmail.com>	2019-09-25 11:03:19 +0200
committer	Nikita Popov <nikita.ppv@gmail.com>	2019-09-25 11:03:19 +0200
commit	fb60ccc666e5b7245e7abf13314e79d9986b5b4e (patch)
tree	31e0c6cd49238d488c40d6195df93502400ec7ab /ext/session/session.c
parent	de6b76805da6f7b3a69b364f1352e6408ff682e9 (diff)
parent	b8ef7c35abd31666d9fb317db4b09a9eef0ede6c (diff)
download	php-git-fb60ccc666e5b7245e7abf13314e79d9986b5b4e.tar.gz