Merge branch 'PHP-8.2' into PHP-8.3

nielsdos · nielsdos · commit b58dc6fd1a82 · 2024-03-13T17:49:31.000+01:00
* PHP-8.2: Fix GH-13680: Segfault with session_decode and compilation error
diff --git a/NEWS b/NEWS
@@ -30,6 +30,10 @@ PHP                                                                        NEWS
   . Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown
     modes). (timwolla)
 
+- Session:
+  . Fixed bug GH-13680 (Segfault with session_decode and compilation error).
+    (nielsdos)
+
 - Standard:
   . Fixed bug GH-11808 (Live filesystem modified by tests). (nielsdos)
   . Fixed GH-13402 (Added validation of `\n` in $additional_headers of mail()).
diff --git a/ext/session/session.c b/ext/session/session.c
@@ -271,16 +271,17 @@ static zend_result php_session_decode(zend_string *data) /* {{{ */
 		php_error_docref(NULL, E_WARNING, "Unknown session.serialize_handler. Failed to decode session object");
 		return FAILURE;
 	}
+	zend_result result = SUCCESS;
 	zend_try {
 		if (PS(serializer)->decode(ZSTR_VAL(data), ZSTR_LEN(data)) == FAILURE) {
 			php_session_cancel_decode();
-			return FAILURE;
+			result = FAILURE;
 		}
 	} zend_catch {
 		php_session_cancel_decode();
 		zend_bailout();
 	} zend_end_try();
-	return SUCCESS;
+	return result;
 }
 /* }}} */
 
diff --git a/ext/session/tests/gh13680.phpt b/ext/session/tests/gh13680.phpt
@@ -0,0 +1,25 @@
+--TEST--
+GH-13680 (Segfault with session_decode and compilation error)
+--EXTENSIONS--
+session
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--INI--
+session.use_cookies=0
+session.use_strict_mode=0
+session.cache_limiter=
+session.serialize_handler=php_serialize
+session.save_handler=files
+error_reporting=E_ALL
+--FILE--
+<?php
+session_start();
+session_decode('foo');
+class Test extends DateTime {
+    public static function createFromFormat($format, $datetime, $timezone = null): Wrong {}
+}
+?>
+--EXPECTF--
+Warning: session_decode(): Failed to decode session object. Session has been destroyed in %s on line %d
+
+Fatal error: Could not check compatibility between Test::createFromFormat($format, $datetime, $timezone = null): Wrong and DateTime::createFromFormat(string $format, string $datetime, ?DateTimeZone $timezone = null): DateTime|false, because class Wrong is not available in %s on line %d

Original file line number	Diff line number	Diff line change
`@@ -271,16 +271,17 @@ static zend_result php_session_decode(zend_string data) / {{{ */`
`271`	`271`	`php_error_docref(NULL, E_WARNING, "Unknown session.serialize_handler. Failed to decode session object");`
`272`	`272`	`return FAILURE;`
`273`	`273`	`}`
	`274`	`+ zend_result result = SUCCESS;`
`274`	`275`	`zend_try {`
`275`	`276`	`if (PS(serializer)->decode(ZSTR_VAL(data), ZSTR_LEN(data)) == FAILURE) {`
`276`	`277`	`php_session_cancel_decode();`
`277`		`- return FAILURE;`
	`278`	`+ result = FAILURE;`
`278`	`279`	`}`
`279`	`280`	`} zend_catch {`
`280`	`281`	`php_session_cancel_decode();`
`281`	`282`	`zend_bailout();`
`282`	`283`	`} zend_end_try();`
`283`		`- return SUCCESS;`
	`284`	`+ return result;`
`284`	`285`	`}`
`285`	`286`	`/* }}} */`
`286`	`287`