|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2016-11-04 17:17 UTC] love at sickpeople dot se
Description: ------------ The code below segfaults in PHP 7.x including PHP 7.1 RC5. Basically this is a segfault due to infinite recursion and I know there has been reports about that before. I created this bug for one main reason: this crash does NOT occur in PHP 5.x, including 5.6.27. It "appeared" in PHP 7.0. Please see demo here: https://3v4l.org/Lc1cX Test script: --------------- session_set_save_handler ('sess', 'sess', 'sess_read', 'sess', 'sess', 'sess'); session_start (); Function sess ($foo = 'foo') { return true; } Function sess_read ($id) { session_regenerate_id (false); } PatchesPull Requests
Pull requests:
HistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu Nov 21 11:01:29 2024 UTC |
This kind of save handler abuse is trivial. e.g. function sess($foo) { sess($foo); } Another example is https://3v4l.org/Cj76q I don't think abusive code protection worths to implement, at least by session module. Making this a documentation problem. (BTW, session_regenerate_id() calls all handlers to do the job correctly. So it does not limited to read() handler, but all handlers.) Possible solution by core is to excessive recursive call detection like Python, or stack limit reach detection like Ruby. Possible solution by session module is to limit number of handler calls. Does any of us feel this is preferred?