Fixed Bug #71683 Null pointer dereference in zend_hash_str_find_bucket

diff --git a/ext/session/session.c b/ext/session/session.c
index 994d76217abc381528a4c29a3f48c1fc6fd2242b..238ae877f81f399376362e4199fcd61b8e98d3fb 100644 (file)
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -1611,6 +1611,7 @@ PHPAPI void php_session_start(void) /* {{{ */
                 * '<session-name>=<session-id>' to allow URLs of the form
                 * http://yoursite/<session-name>=<session-id>/script.php */
                if (PS(define_sid) && !PS(id) &&
+                       zend_is_auto_global_str("_SERVER", sizeof("_SERVER") - 1) == SUCCESS &&
                        (data = zend_hash_str_find(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]), "REQUEST_URI", sizeof("REQUEST_URI") - 1)) &&
                        Z_TYPE_P(data) == IS_STRING &&
                        (p = strstr(Z_STRVAL_P(data), PS(session_name))) &&

diff --git a/ext/session/tests/bug71603.phpt b/ext/session/tests/bug71603.phpt
new file mode 100644 (file)
index 0000000..588b1fe
--- /dev/null
+++ b/ext/session/tests/bug71603.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Bug #71683 Null pointer dereference in zend_hash_str_find_bucket
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--INI--
+session.save_handler=files
+session.auto_start=1
+session.use_only_cookies=0
+--FILE--
+<?php
+ob_start();
+echo "ok\n";
+?>
+--EXPECTF--
+ok
+