From 856cd5e17a368b5747130afe3e77fc4b2a5e6b4d Mon Sep 17 00:00:00 2001
From: Sascha Schumann <sas@php.net>
Date: Tue, 1 Oct 2002 11:59:45 +0000
Subject: [PATCH] The session extension ensures now that get_session_var can
 rely on the state of $_SESSION/$HTTP_SESSION_VARS. It does not look up
 symbols in the global symbol table anymore.

This was achieved by actually planting references between every
$_SESSION["x"] and $x, not only when restoring a session, but also
when registering a session variable (in a register_globals=1 context).

Upon registering a new variable, this memory leak continues to show
up, regardless of register_globals.

ext/session/session.c(272) :  Freeing 0x0818F01C (12 bytes), script=test

Obviously, the newly allocated empty zval is not properly freed.  If anyone
has any idea on how to fix that, please step forward.
---
 ext/session/php_session.h | 16 +++++------
 ext/session/session.c     | 57 ++++++++++++++++++++++++++++-----------
 2 files changed, 48 insertions(+), 25 deletions(-)

diff --git a/ext/session/php_session.h b/ext/session/php_session.h
index 022f8df342..8cb02bfa64 100644
--- a/ext/session/php_session.h
+++ b/ext/session/php_session.h
@@ -174,6 +174,7 @@ typedef struct ps_serializer_struct {
 
 PHPAPI void session_adapt_url(const char *, size_t, char **, size_t * TSRMLS_DC);
 
+void php_add_session_var(char *name, size_t namelen TSRMLS_DC);
 void php_set_session_var(char *name, size_t namelen, zval *state_val, php_unserialize_data_t *var_hash TSRMLS_DC);
 int php_get_session_var(char *name, size_t namelen, zval ***state_var TSRMLS_DC);
 
@@ -186,22 +187,19 @@ PHPAPI int php_session_register_serializer(const char *name,
 PHPAPI void php_session_set_id(char *id TSRMLS_DC);
 PHPAPI void php_session_start(TSRMLS_D);
 
-#define PS_ADD_VARL(name,namelen)											\
+#define PS_ADD_VARL(name,namelen) do {										\
 	zend_hash_add_empty_element(&PS(vars), name, namelen + 1);				\
-	if (PS(http_session_vars)) {											\
-		zval *empty_var;													\
-																			\
-		ALLOC_INIT_ZVAL(empty_var);											\
-		zend_hash_add(Z_ARRVAL_P(PS(http_session_vars)), name, namelen+1, &empty_var, sizeof(zval *), NULL);	\
-	}
+	php_add_session_var(name, namelen TSRMLS_CC);							\
+} while (0)
 
 #define PS_ADD_VAR(name) PS_ADD_VARL(name, strlen(name))
 
-#define PS_DEL_VARL(name,namelen)											\
+#define PS_DEL_VARL(name,namelen) do {										\
 	zend_hash_del(&PS(vars), name, namelen+1);								\
 	if (PS(http_session_vars)) {											\
 		zend_hash_del(Z_ARRVAL_P(PS(http_session_vars)), name, namelen+1);	\
-	}
+	}																		\
+} while (0)
 
 
 #define PS_ENCODE_VARS 											\
diff --git a/ext/session/session.c b/ext/session/session.c
index 7b47b4581b..b981989f42 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -238,6 +238,43 @@ typedef struct {
 
 #define MAX_STR 512
 
+void php_add_session_var(char *name, size_t namelen TSRMLS_DC)
+{
+	zval **sym_track = NULL;
+	
+	zend_hash_find(Z_ARRVAL_P(PS(http_session_vars)), name, namelen + 1, 
+			(void *) &sym_track);
+
+	/*
+	 * Set up a proper reference between $_SESSION["x"] and $x.
+	 */
+
+	if (PG(register_globals)) {
+		zval **sym_global = NULL;
+		
+		zend_hash_find(&EG(symbol_table), name, namelen + 1, 
+				(void *) &sym_global);
+				
+		if (sym_global == NULL && sym_track == NULL) {
+			zval *empty_var;
+
+			ALLOC_INIT_ZVAL(empty_var);
+			zend_set_hash_symbol(empty_var, name, namelen, 1, 2, Z_ARRVAL_P(PS(http_session_vars)), &EG(symbol_table));
+		} else if (sym_global == NULL) {
+			zend_set_hash_symbol(*sym_track, name, namelen, 1, 1, &EG(symbol_table));
+		} else if (sym_track == NULL) {
+			zend_set_hash_symbol(*sym_global, name, namelen, 1, 1, Z_ARRVAL_P(PS(http_session_vars)));
+		}
+	} else {
+		if (sym_track == NULL) {
+			zval *empty_var;
+	
+			ALLOC_INIT_ZVAL(empty_var);
+			zend_set_hash_symbol(empty_var, name, namelen, 0, 1, Z_ARRVAL_P(PS(http_session_vars)));
+		}
+	}
+}
+
 void php_set_session_var(char *name, size_t namelen, zval *state_val, php_unserialize_data_t *var_hash TSRMLS_DC)
 {
 	if (PG(register_globals)) {
@@ -273,23 +310,11 @@ void php_set_session_var(char *name, size_t namelen, zval *state_val, php_unseri
 
 int php_get_session_var(char *name, size_t namelen, zval ***state_var TSRMLS_DC)
 {
-	/*
-	 * If register_globals is set, the global variable is preferred.
-	 *
-	 * If it is not set and track vars are available, track vars are used.
-	 */
-	
-	if (PG(register_globals)) {
-		return zend_hash_find(&EG(symbol_table), name, namelen+1, (void **) state_var);
-	}
-	
-	if (PS(http_session_vars)) {
-		if (zend_hash_find(Z_ARRVAL_P(PS(http_session_vars)), name, namelen+1, (void **) state_var)==SUCCESS) {
-			return SUCCESS;
-		}
+	if (PS(http_session_vars) && PS(http_session_vars)->type == IS_ARRAY) {
+		return zend_hash_find(Z_ARRVAL_P(PS(http_session_vars)), name, 
+				namelen+1, (void **) state_var);
 	}
 	
-	/* register_globals is disabled, but we don't have http_session_vars */
 	return FAILURE;
 }
 
@@ -588,7 +613,7 @@ static void php_session_save_current_state(TSRMLS_D)
 		for (zend_hash_internal_pointer_reset_ex(Z_ARRVAL_P(PS(http_session_vars)), &pos);
 				zend_hash_get_current_key_ex(Z_ARRVAL_P(PS(http_session_vars)), &variable, &variable_len, &num_key, 0, &pos) == HASH_KEY_IS_STRING;
 				zend_hash_move_forward_ex(Z_ARRVAL_P(PS(http_session_vars)),&pos)) {
-			PS_ADD_VARL(variable,variable_len-1);
+			PS_ADD_VARL(variable, variable_len-1);
 		}
 	}
 
-- 
2.40.0