Fixed #68868 (Segfault in clean_non_persistent_constants() in SugarCRM 6.5.20)

diff --git a/NEWS b/NEWS
index 9d669be89a785e4edd2e11bca44aefd0f9ae41be..417c2ac3ee271fead7988039c90565b46ee3ad30 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,8 @@
   . Update the MIME type list from the one shipped by Apache HTTPD. (Adam)
 
 - Core:
+  . Fixed #68868 (Segfault in clean_non_persistent_constants() in SugarCRM 
+    6.5.20). (Laruence)
   . Fixed bug #68104 (Segfault while pre-evaluating a disabled function).
     (Laruence)
   . Fixed bug #68252 (segfault in Zend/zend_hash.c in function

diff --git a/ext/session/session.c b/ext/session/session.c
index ab328573be6772eaa50ea941e5d6402b073dcb94..7d78b91e54fae54cc6048006db759b4b2b81adac 100644 (file)
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -1401,6 +1401,7 @@ static void ppid2sid(zval *ppid) {
 PHPAPI void php_session_reset_id(void) /* {{{ */
 {
        int module_number = PS(module_number);
+       zval *sid;
 
        if (!PS(id)) {
                php_error_docref(NULL, E_WARNING, "Cannot set session ID - session ID is not initialized");
@@ -1413,7 +1414,9 @@ PHPAPI void php_session_reset_id(void) /* {{{ */
        }
 
        /* if the SID constant exists, destroy it. */
-       zend_hash_str_del(EG(zend_constants), "sid", sizeof("sid") - 1);
+       /* We must not delete any items in EG(zend_contants) */
+       /* zend_hash_str_del(EG(zend_constants), "sid", sizeof("sid") - 1); */
+       sid = zend_get_constant_str("SID", sizeof("SID") - 1);
 
        if (PS(define_sid)) {
                smart_str var = {0};
@@ -1422,10 +1425,20 @@ PHPAPI void php_session_reset_id(void) /* {{{ */
                smart_str_appendc(&var, '=');
                smart_str_appends(&var, PS(id)->val);
                smart_str_0(&var);
-               REGISTER_STRINGL_CONSTANT("SID", var.s->val, var.s->len, 0);
-               smart_str_free(&var);
+               if (sid) {
+                       zend_string_release(Z_STR_P(sid));
+                       ZVAL_STR(sid, var.s);
+               } else {
+                       REGISTER_STRINGL_CONSTANT("SID", var.s->val, var.s->len, 0);
+                       smart_str_free(&var);
+               }
        } else {
-               REGISTER_STRINGL_CONSTANT("SID", "", 0, 0);
+               if (sid) {
+                       zend_string_release(Z_STR_P(sid));
+                       ZVAL_EMPTY_STRING(sid);
+               } else {
+                       REGISTER_STRINGL_CONSTANT("SID", "", 0, 0);
+               }
        }
 
        if (PS(apply_trans_sid)) {

diff --git a/ext/session/tests/session_regenerate_id_fastshutdown.phpt b/ext/session/tests/session_regenerate_id_fastshutdown.phpt
new file mode 100644 (file)
index 0000000..961965f
--- /dev/null
+++ b/ext/session/tests/session_regenerate_id_fastshutdown.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Test session_regenerate_id() function : basic functionality
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--INI--
+opcache.fast_shutdown=1
+--FILE--
+<?php
+session_start();
+define ("user", "foo");
+var_dump(session_regenerate_id());
+?>
+--EXPECT--
+bool(true)