Commit f2d96c84f0a for php.net
commit f2d96c84f0a8f4026c0daaf70cf4a3606483db3c
Merge: 873468c8dfd 10e02b0a4a3
Author: Gina Peter Banyard <girgias@php.net>
Date: Sat Mar 7 13:30:28 2026 +0000
Merge branch 'PHP-8.5'
* PHP-8.5:
ext/session: Fix memory leak due to multiple exception happening during session abort
diff --cc ext/session/session.c
index e790fa074d6,9d2431a2e33..b9b5bfbb025
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@@ -1721,21 -1751,44 +1722,29 @@@ PHPAPI php_session_status php_get_sessi
return PS(session_status);
}
-static zend_result php_session_abort(void)
+static bool php_session_abort(void)
{
if (PS(session_status) == php_session_active) {
- if (PS(mod_data) || PS(mod_user_implemented)) {
+ if ((PS(mod_data) || PS(mod_user_implemented)) && PS(mod)->s_close) {
+ zend_object *old_exception = EG(exception);
+ EG(exception) = NULL;
+
PS(mod)->s_close(&PS(mod_data));
+ if (!EG(exception)) {
+ EG(exception) = old_exception;
+ } else if (old_exception) {
+ zend_exception_set_previous(EG(exception), old_exception);
+ }
}
PS(session_status) = php_session_none;
- return SUCCESS;
- }
- return FAILURE;
-}
-
-static zend_result php_session_reset(void)
-{
- if (PS(session_status) == php_session_active
- && php_session_initialize() == SUCCESS) {
- return SUCCESS;
+ return true;
}
- return FAILURE;
+ return false;
}
-
-/* This API is not used by any PHP modules including session currently.
- session_adapt_url() may be used to set Session ID to target url without
- starting "URL-Rewriter" output handler. */
-PHPAPI void session_adapt_url(const char *url, size_t url_len, char **new_url, size_t *new_len)
+static bool php_session_reset(void)
{
- if (APPLY_TRANS_SID && (PS(session_status) == php_session_active)) {
- *new_url = php_url_scanner_adapt_single_url(url, url_len, ZSTR_VAL(PS(session_name)), ZSTR_VAL(PS(id)), new_len, true);
- }
+ return PS(session_status) == php_session_active && php_session_initialize() == SUCCESS;
}
/* ********************************