1--TEST-- 2Bug #79091 (heap use-after-free in session_create_id()) 3--SKIPIF-- 4<?php 5if (!extension_loaded('session')) die('skip session extension not available'); 6?> 7--FILE-- 8<?php 9class MySessionHandler implements SessionHandlerInterface, SessionIdInterface, SessionUpdateTimestampHandlerInterface 10{ 11 public function close() 12 { 13 return true; 14 } 15 16 public function destroy($session_id) 17 { 18 return true; 19 } 20 21 public function gc($maxlifetime) 22 { 23 return true; 24 } 25 26 public function open($save_path, $session_name) 27 { 28 return true; 29 } 30 31 public function read($session_id) 32 { 33 return ''; 34 } 35 36 public function write($session_id, $session_data) 37 { 38 return true; 39 } 40 41 public function create_sid() 42 { 43 return uniqid(); 44 } 45 46 public function updateTimestamp($key, $val) 47 { 48 return true; 49 } 50 51 public function validateId($key) 52 { 53 return false; 54 } 55} 56 57ob_start(); 58var_dump(session_set_save_handler(new MySessionHandler())); 59var_dump(session_start()); 60ob_flush(); 61session_create_id(); 62?> 63--EXPECTF-- 64bool(true) 65bool(true) 66 67Warning: session_create_id(): Failed to create new ID in %s on line %d 68
