Back out severely broken patch. I currently don't have the time

to debug this.  Please reapply a fixed version.

diff --git a/ext/session/session.c b/ext/session/session.c
index 138c3fa80ab22849d4c52d97a10e4d605fcfcacf..4f741f428a8832933eeaee770bdd20f8610fc953 100644 (file)
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -234,9 +234,15 @@ typedef struct {
 
 void php_set_session_var(char *name, size_t namelen, zval *state_val PSLS_DC)
 {
+       zval *state_val_copy;
        PLS_FETCH();
        ELS_FETCH();
 
+       ALLOC_ZVAL(state_val_copy);
+       *state_val_copy = *state_val;
+       zval_copy_ctor(state_val_copy);
+       state_val_copy->refcount = 0;
+
        if (PG(register_globals)) {
                zval **old_symbol;
                if(zend_hash_find(&EG(symbol_table),name,namelen+1,(void *)&old_symbol) == SUCCESS) { 
@@ -247,14 +253,15 @@ void php_set_session_var(char *name, size_t namelen, zval *state_val PSLS_DC)
                           of a global variable) dangling.
                         */
                        
-                       REPLACE_ZVAL_VALUE(old_symbol,state_val,0);
+                       REPLACE_ZVAL_VALUE(old_symbol,state_val_copy,0);
+                       FREE_ZVAL(state_val_copy);
 
                        zend_set_hash_symbol(*old_symbol, name, namelen, 1, 1, Z_ARRVAL_P(PS(http_session_vars)));
                } else {
-                       zend_set_hash_symbol(state_val, name, namelen, 1, 2, Z_ARRVAL_P(PS(http_session_vars)), &EG(symbol_table));
+                       zend_set_hash_symbol(state_val_copy, name, namelen, 1, 2, Z_ARRVAL_P(PS(http_session_vars)), &EG(symbol_table));
                }
        } else {
-               zend_set_hash_symbol(state_val, name, namelen, 0, 1, Z_ARRVAL_P(PS(http_session_vars)));
+               zend_set_hash_symbol(state_val_copy, name, namelen, 0, 1, Z_ARRVAL_P(PS(http_session_vars)));
        }
 }
 
@@ -322,6 +329,7 @@ PS_SERIALIZER_DECODE_FUNC(php_binary)
 
        PHP_VAR_UNSERIALIZE_INIT(var_hash);
 
+       MAKE_STD_ZVAL(current);
        for (p = val; p < endptr; ) {
                namelen = *p & (~PS_BIN_UNDEF);
                has_value = *p & PS_BIN_UNDEF ? 0 : 1;
@@ -331,16 +339,15 @@ PS_SERIALIZER_DECODE_FUNC(php_binary)
                p += namelen + 1;
                
                if (has_value) {
-                       MAKE_STD_ZVAL(current);
                        if (php_var_unserialize(&current, &p, endptr, &var_hash)) {
                                php_set_session_var(name, namelen, current PSLS_CC);
+                               zval_dtor(current);
                        }
-                       zval_ptr_dtor(&current);
                }
                PS_ADD_VARL(name, namelen);
                efree(name);
        }
-
+       FREE_ZVAL(current);
        PHP_VAR_UNSERIALIZE_DESTROY(var_hash);
 
        return SUCCESS;
@@ -398,6 +405,7 @@ PS_SERIALIZER_DECODE_FUNC(php)
 
        PHP_VAR_UNSERIALIZE_INIT(var_hash);
 
+       MAKE_STD_ZVAL(current);
        for (p = q = val; (p < endptr) && (q = memchr(p, PS_DELIMITER, endptr - p)); p = q) {
                if (p[0] == PS_UNDEF_MARKER) {
                        p++;
@@ -411,18 +419,17 @@ PS_SERIALIZER_DECODE_FUNC(php)
                q++;
                
                if (has_value) {
-                       MAKE_STD_ZVAL(current);
                        if (php_var_unserialize(&current, &q, endptr, &var_hash)) {
                                php_set_session_var(name, namelen, current PSLS_CC);
+                               zval_dtor(current);
                        }
-                       zval_ptr_dtor(&current);
                }
                PS_ADD_VARL(name, namelen);
                efree(name);
        }
+       FREE_ZVAL(current);
 
        PHP_VAR_UNSERIALIZE_DESTROY(var_hash);
-
        return SUCCESS;
 }