|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #44720 Encoding $_SESSION crashes with recusive arrays
Submitted: 2008-04-14 16:04 UTC Modified: 2008-04-15 01:03 UTC
From: antphill at uk dot ibm dot com Assigned:
Status: Closed Package: Session related
PHP Version: 5.2.6RC5 OS: Linux
Private report: No CVE-ID:
 [2008-04-14 16:04 UTC] antphill at uk dot ibm dot com
If I add create a global variable array which contains recursive entries it causes PHP to crash when I register it by calling session_register. This appears to be because the PS_ENCODE_LOOP macro does not check for recursion.

Reproduce code:

$array = array();

$array["foo"] = NULL;
$array["bar"] = NULL;
$array["guff"] = NULL;
$array["blah"] = &$array;

echo "Done!\n";

Expected result:
Perhaps we should check for recusion rather like the JSON extension does (see json_encode_array() in JSON.c)?

Actual result:


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2008-04-14 17:47 UTC]
session_register() is deprecated. DO NOT USE. Ever. RTFM about $_SESSION.
 [2008-04-15 01:03 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

Even though session_register has been removed in 6.0, I don't agree with leaving a segfault. I've fixed this in 5.3 and I'll backport to 5.2 once I check with ilia.
PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Thu Nov 26 21:01:33 2015 UTC