summaryrefslogtreecommitdiff
path: root/ext/session/session.c
diff options
context:
space:
mode:
Diffstat (limited to 'ext/session/session.c')
-rw-r--r--ext/session/session.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/ext/session/session.c b/ext/session/session.c
index 671968e8da..01c2d4b85a 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -244,11 +244,18 @@ static zend_string *php_session_encode(void) /* {{{ */
static int php_session_decode(zend_string *data) /* {{{ */
{
+ int res;
if (!PS(serializer)) {
php_error_docref(NULL, E_WARNING, "Unknown session.serialize_handler. Failed to decode session object");
return FAILURE;
}
- if (PS(serializer)->decode(ZSTR_VAL(data), ZSTR_LEN(data)) == FAILURE) {
+ /* Make sure that any uses of unserialize() during session decoding do not share
+ * state with any unserialize() that is already in progress (e.g. because we are
+ * currently inside Serializable::unserialize(). */
+ BG(serialize_lock)++;
+ res = PS(serializer)->decode(ZSTR_VAL(data), ZSTR_LEN(data));
+ BG(serialize_lock)--;
+ if (res == FAILURE) {
php_session_destroy();
php_session_track_init();
php_error_docref(NULL, E_WARNING, "Failed to decode session object. Session has been destroyed");
View Lorry Controller Status