1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
--TEST--
Bug #79091 (heap use-after-free in session_create_id())
--EXTENSIONS--
session
--FILE--
<?php
class MySessionHandler implements SessionHandlerInterface, SessionIdInterface, SessionUpdateTimestampHandlerInterface
{
public function close(): bool
{
return true;
}
public function destroy($session_id): bool
{
return true;
}
public function gc($maxlifetime): int|false
{
return true;
}
public function open($save_path, $session_name): bool
{
return true;
}
public function read($session_id): string|false
{
return '';
}
public function write($session_id, $session_data): bool
{
return true;
}
public function create_sid(): string
{
return uniqid();
}
public function updateTimestamp($key, $val): bool
{
return true;
}
public function validateId($key): bool
{
return true;
}
}
ob_start();
var_dump(session_set_save_handler(new MySessionHandler()));
var_dump(session_start());
ob_flush();
session_create_id();
?>
--EXPECTF--
bool(true)
bool(true)
Warning: session_create_id(): Failed to create new ID in %s on line %d
|
