From: Yasuo Ohgaki <yohgaki@php.net>
Date: Fri, 11 Mar 2016 23:15:47 +0000 (+0900)
Subject: Fixed Bug #71683 Null pointer dereference in zend_hash_str_find_bucket
X-Git-Tag: php-7.0.5RC1~11
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=50fca7a02a6dff553b0b8cfbb8bfba39c88fb6ae;p=php

Fixed Bug #71683 Null pointer dereference in zend_hash_str_find_bucket
---

diff --git a/ext/session/session.c b/ext/session/session.c
index 994d76217a..238ae877f8 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -1611,6 +1611,7 @@ PHPAPI void php_session_start(void) /* {{{ */
 		 * '<session-name>=<session-id>' to allow URLs of the form
 		 * http://yoursite/<session-name>=<session-id>/script.php */
 		if (PS(define_sid) && !PS(id) &&
+			zend_is_auto_global_str("_SERVER", sizeof("_SERVER") - 1) == SUCCESS &&
 			(data = zend_hash_str_find(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]), "REQUEST_URI", sizeof("REQUEST_URI") - 1)) &&
 			Z_TYPE_P(data) == IS_STRING &&
 			(p = strstr(Z_STRVAL_P(data), PS(session_name))) &&
diff --git a/ext/session/tests/bug71603.phpt b/ext/session/tests/bug71603.phpt
new file mode 100644
index 0000000000..588b1fecfb
--- /dev/null
+++ b/ext/session/tests/bug71603.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Bug #71683 Null pointer dereference in zend_hash_str_find_bucket
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--INI--
+session.save_handler=files
+session.auto_start=1
+session.use_only_cookies=0
+--FILE--
+<?php
+ob_start();
+echo "ok\n";
+?>
+--EXPECTF--
+ok
+