From 50fca7a02a6dff553b0b8cfbb8bfba39c88fb6ae Mon Sep 17 00:00:00 2001
From: Yasuo Ohgaki <yohgaki@php.net>
Date: Sat, 12 Mar 2016 08:15:47 +0900
Subject: [PATCH] Fixed Bug #71683 Null pointer dereference in
 zend_hash_str_find_bucket

---
 ext/session/session.c           |  1 +
 ext/session/tests/bug71603.phpt | 16 ++++++++++++++++
 2 files changed, 17 insertions(+)
 create mode 100644 ext/session/tests/bug71603.phpt

diff --git a/ext/session/session.c b/ext/session/session.c
index 994d76217a..238ae877f8 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -1611,6 +1611,7 @@ PHPAPI void php_session_start(void) /* {{{ */
 		 * '<session-name>=<session-id>' to allow URLs of the form
 		 * http://yoursite/<session-name>=<session-id>/script.php */
 		if (PS(define_sid) && !PS(id) &&
+			zend_is_auto_global_str("_SERVER", sizeof("_SERVER") - 1) == SUCCESS &&
 			(data = zend_hash_str_find(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]), "REQUEST_URI", sizeof("REQUEST_URI") - 1)) &&
 			Z_TYPE_P(data) == IS_STRING &&
 			(p = strstr(Z_STRVAL_P(data), PS(session_name))) &&
diff --git a/ext/session/tests/bug71603.phpt b/ext/session/tests/bug71603.phpt
new file mode 100644
index 0000000000..588b1fecfb
--- /dev/null
+++ b/ext/session/tests/bug71603.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Bug #71683 Null pointer dereference in zend_hash_str_find_bucket
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--INI--
+session.save_handler=files
+session.auto_start=1
+session.use_only_cookies=0
+--FILE--
+<?php
+ob_start();
+echo "ok\n";
+?>
+--EXPECTF--
+ok
+
-- 
2.40.0