From fc8eff897bd7fe3fed7f6867d2d6a86117a5278d Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Fri, 28 Aug 2015 21:50:21 -0700
Subject: [PATCH] More fixes for bug #70219

---
 ext/session/session.c                        |  7 +++--
 ext/standard/tests/serialize/bug70219_1.phpt | 46 ++++++++++++++++++++++++++++
 2 files changed, 51 insertions(+), 2 deletions(-)
 create mode 100644 ext/standard/tests/serialize/bug70219_1.phpt

Index: php5-5.6.11+dfsg/ext/session/session.c
===================================================================
--- php5-5.6.11+dfsg.orig/ext/session/session.c	2015-09-28 07:25:30.728110353 -0400
+++ php5-5.6.11+dfsg/ext/session/session.c	2015-09-28 07:25:30.724110309 -0400
@@ -864,7 +864,10 @@
 
 	PHP_VAR_UNSERIALIZE_INIT(var_hash);
 	ALLOC_INIT_ZVAL(session_vars);
-	php_var_unserialize(&session_vars, &val, endptr, &var_hash TSRMLS_CC);
+	if (php_var_unserialize(&session_vars, &val, endptr, &var_hash TSRMLS_CC)) {
+		var_push_dtor(&var_hash, &session_vars);
+	}
+	
 	PHP_VAR_UNSERIALIZE_DESTROY(var_hash);
 	if (PS(http_session_vars)) {
 		zval_ptr_dtor(&PS(http_session_vars));
@@ -873,7 +876,7 @@
 		array_init(session_vars);
 	}
 	PS(http_session_vars) = session_vars;
-	ZEND_SET_GLOBAL_VAR_WITH_LENGTH("_SESSION", sizeof("_SESSION"), PS(http_session_vars), 2, 1);
+	ZEND_SET_GLOBAL_VAR_WITH_LENGTH("_SESSION", sizeof("_SESSION"), PS(http_session_vars), Z_REFCOUNT_P(PS(http_session_vars)) + 1, 1);
 	return SUCCESS;
 }
 /* }}} */