Skip to content

ext/session: Fix memory leak #21200

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
arshidkv12 wants to merge 1 commit into from
+59 −8
Closed

ext/session: Fix memory leak #21200

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 22 additions & 8 deletions ext/session/session.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@
#include "ext/standard/url_scanner_ex.h"
#include "ext/standard/info.h"
#include "zend_smart_str.h"
#include "zend_exceptions.h"
#include "ext/standard/url.h"
#include "ext/standard/basic_functions.h"
#include "ext/standard/head.h"
Expand Down Expand Up @@ -1723,14 +1724,27 @@ PHPAPI php_session_status php_get_session_status(void)

static bool php_session_abort(void)
{
if (PS(session_status) == php_session_active) {
if (PS(mod_data) || PS(mod_user_implemented)) {
PS(mod)->s_close(&PS(mod_data));
}
PS(session_status) = php_session_none;
return true;
}
return false;
if (PS(session_status) == php_session_active) {

if ((PS(mod_data) || PS(mod_user_implemented)) && PS(mod)->s_close) {
Copy link
Copy Markdown
Member

@ndossche ndossche Mar 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do you check for PS(mod)->s_close here? It didn't happen previously and I don't see similar other checks.


zend_object *old_exception = EG(exception);
Copy link
Copy Markdown
Member

@ndossche ndossche Mar 8, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Temporarily swallowing the exception is a code smell. Now the behaviour changes if the userland code threw an exception.

Also this doesn't fix the issue at all...
Add the following code to the test inside the class and you have the exact same leaks:

    public function close(): bool {
        return false;
    }

EG(exception) = NULL;

PS(mod)->s_close(&PS(mod_data));

if (!EG(exception)) {
EG(exception) = old_exception;
} else if (old_exception) {
zend_exception_set_previous(EG(exception), old_exception);
}
}

PS(session_status) = php_session_none;
return true;
}

return false;
}

static bool php_session_reset(void)
Expand Down
35 changes: 35 additions & 0 deletions ext/session/tests/sessionhandler_validateid_return_type.phpt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
--TEST--
SessionHandler::validateId must return bool
--INI--
session.use_strict_mode=1
--EXTENSIONS--
session
--SKIPIF--
<?php include('skipif.inc'); ?>
--FILE--
<?php
class MySession extends SessionHandler {
public function validateId($key) {
return null;
}
}

$handler = new MySession();

try {
session_set_save_handler($handler);
session_start();
} catch (TypeError $e) {
echo $e->getMessage(), "\n";
}

session_write_close();

try {
session_start();
} catch (Throwable $e) {
echo $e->getMessage(), "\n";
}
?>
--EXPECTF--
Session id must be a string
2 changes: 2 additions & 0 deletions ext/session/tests/user_session_module/session_set_save_handler_class_012.phpt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,8 @@ var_dump(session_id(), $oldHandler, ini_get('session.save_handler'), $handler->i
--EXPECTF--
*** Testing session_set_save_handler() : incorrect arguments for existing handler open ***
Open:

Warning: SessionHandler::close(): Parent session handler is not open in %s on line %d
SessionHandler::open() expects exactly 2 arguments, 0 given

Warning: Undefined global variable $_SESSION in %s on line %d
Expand Down
Loading