Merge branch 'PHP-7.4'

* PHP-7.4:
  Add test for bug #79031
  Revert "Increase serialize_lock while decoding session"

Author: nikic

ext/session/session.c

@@ -243,18 +243,11 @@ static zend_string *php_session_encode(void) /* {{{ */
 
 static int php_session_decode(zend_string *data) /* {{{ */
 {
-	int res;
 	if (!PS(serializer)) {
 		php_error_docref(NULL, E_WARNING, "Unknown session.serialize_handler. Failed to decode session object");
 		return FAILURE;
 	}
-	/* Make sure that any uses of unserialize() during session decoding do not share
-	 * state with any unserialize() that is already in progress (e.g. because we are
-	 * currently inside Serializable::unserialize(). */
-	BG(serialize_lock)++;
-	res = PS(serializer)->decode(ZSTR_VAL(data), ZSTR_LEN(data));
-	BG(serialize_lock)--;
-	if (res == FAILURE) {
+	if (PS(serializer)->decode(ZSTR_VAL(data), ZSTR_LEN(data)) == FAILURE) {
 		php_session_destroy();
 		php_session_track_init();
 		php_error_docref(NULL, E_WARNING, "Failed to decode session object. Session has been destroyed");

ext/session/tests/bug79031.phpt

@@ -0,0 +1,71 @@
+--TEST--
+Bug #79031: Session unserialization problem
+--FILE--
+<?php
+
+class SerializableClass implements Serializable {
+    public $sharedProp;
+    public function __construct($prop)
+    {
+        $this->sharedProp = $prop;
+    }
+    public function __set($key, $value)
+    {
+        $this->$key = $value;
+    }
+    public function serialize()
+    {
+        return serialize(get_object_vars($this));
+    }
+    public function unserialize($data)
+    {
+        $ar = unserialize($data);
+        if ($ar === false) {
+            return;
+        }
+        foreach ($ar as $k => $v) {
+            $this->__set($k, $v);
+        }
+    }
+}
+
+// Shared object that acts as property of two another objects stored in session
+$testPropertyObj = new stdClass();
+$testPropertyObj->name = 'test';
+
+// Two instances of \SerializableClass that shares property
+$sessionObject = [
+    'obj1' => new SerializableClass($testPropertyObj),
+    'obj2' => new SerializableClass($testPropertyObj),
+];
+session_start();
+$_SESSION = $sessionObject;
+
+$sessionString = session_encode();
+session_decode($sessionString);
+echo $sessionString;
+echo "\n\n";
+var_dump($_SESSION);
+
+?>
+--EXPECT--
+obj1|C:17:"SerializableClass":65:{a:1:{s:10:"sharedProp";O:8:"stdClass":1:{s:4:"name";s:4:"test";}}}obj2|C:17:"SerializableClass":28:{a:1:{s:10:"sharedProp";r:3;}}
+
+array(2) {
+  ["obj1"]=>
+  object(SerializableClass)#4 (1) {
+    ["sharedProp"]=>
+    object(stdClass)#5 (1) {
+      ["name"]=>
+      string(4) "test"
+    }
+  }
+  ["obj2"]=>
+  object(SerializableClass)#6 (1) {
+    ["sharedProp"]=>
+    object(stdClass)#5 (1) {
+      ["name"]=>
+      string(4) "test"
+    }
+  }
+}

ext/standard/tests/serialize/bug70219_1.phpt

@@ -18,7 +18,6 @@ class obj implements Serializable {
     }
     function unserialize($data) {
         session_decode($data);
-        return null;
     }
 }
 
@@ -34,18 +33,20 @@ for ($i = 0; $i < 5; $i++) {
 var_dump($data);
 var_dump($_SESSION);
 ?>
---EXPECT--
+--EXPECTF--
 array(2) {
   [0]=>
-  object(obj)#1 (1) {
+  object(obj)#%d (1) {
     ["data"]=>
     NULL
   }
   [1]=>
-  object(obj)#2 (1) {
+  object(obj)#%d (1) {
     ["data"]=>
     NULL
   }
 }
-array(0) {
+object(obj)#1 (1) {
+  ["data"]=>
+  NULL
 }