xref: /PHP-8.1/ext/session/tests/bug79091.phpt (revision 74859783)
1--TEST--
2Bug #79091 (heap use-after-free in session_create_id())
3--EXTENSIONS--
4session
5--FILE--
6<?php
7class MySessionHandler implements SessionHandlerInterface, SessionIdInterface, SessionUpdateTimestampHandlerInterface
8{
9    public function close(): bool
10    {
11        return true;
12    }
13
14    public function destroy($session_id): bool
15    {
16        return true;
17    }
18
19    public function gc($maxlifetime): int|false
20    {
21        return true;
22    }
23
24    public function open($save_path, $session_name): bool
25    {
26        return true;
27    }
28
29    public function read($session_id): string|false
30    {
31        return '';
32    }
33
34    public function write($session_id, $session_data): bool
35    {
36        return true;
37    }
38
39    public function create_sid(): string
40    {
41        return uniqid();
42    }
43
44    public function updateTimestamp($key, $val): bool
45    {
46        return true;
47    }
48
49    public function validateId($key): bool
50    {
51        return true;
52    }
53}
54
55ob_start();
56var_dump(session_set_save_handler(new MySessionHandler()));
57var_dump(session_start());
58ob_flush();
59session_create_id();
60?>
61--EXPECTF--
62bool(true)
63bool(true)
64
65Warning: session_create_id(): Failed to create new ID in %s on line %d
66