php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #44720 Encoding $_SESSION crashes with recusive arrays
Submitted: 2008-04-14 16:04 UTC Modified: 2008-04-15 01:03 UTC
From: antphill at uk dot ibm dot com Assigned:
Status: Closed Package: Session related
PHP Version: 5.2.6RC5 OS: Linux
Private report: No CVE-ID:
 [2008-04-14 16:04 UTC] antphill at uk dot ibm dot com
Description:
------------
If I add create a global variable array which contains recursive entries it causes PHP to crash when I register it by calling session_register. This appears to be because the PS_ENCODE_LOOP macro does not check for recursion.


Reproduce code:
---------------
<?php

$array = array();

$array["foo"] = NULL;
$array["bar"] = NULL;
$array["guff"] = NULL;
$array["blah"] = &$array;

var_dump(session_start());
var_dump(session_register($array));
echo "Done!\n";
?>


Expected result:
----------------
Perhaps we should check for recusion rather like the JSON extension does (see json_encode_array() in JSON.c)?

Actual result:
--------------
bool(true)


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-04-14 17:47 UTC] jani@php.net
session_register() is deprecated. DO NOT USE. Ever. RTFM about $_SESSION.
 [2008-04-15 01:03 UTC] scottmac@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Even though session_register has been removed in 6.0, I don't agree with leaving a segfault. I've fixed this in 5.3 and I'll backport to 5.2 once I check with ilia.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sat Apr 19 22:02:16 2014 UTC