fix #132

check if we actually got a usable zval type after attempting to
deserialize the session

Author: m6w6

msgpack.c

@@ -164,6 +164,7 @@ PS_SERIALIZER_DECODE_FUNC(msgpack) /* {{{ */ {
 
 	msgpack_unserialize_var_init(&var_hash);
 
+	ZVAL_UNDEF(&tmp);
 	mp.user.retval = &tmp;
 	mp.user.var_hash = &var_hash;
 
@@ -175,13 +176,18 @@ PS_SERIALIZER_DECODE_FUNC(msgpack) /* {{{ */ {
 	if (ret == MSGPACK_UNPACK_EXTRA_BYTES || ret == MSGPACK_UNPACK_SUCCESS) {
 		msgpack_unserialize_var_destroy(&var_hash, 0);
 
-		ZEND_HASH_FOREACH_STR_KEY_VAL(HASH_OF(mp.user.retval), key_str, value) {
-			if (key_str) {
-				php_set_session_var(key_str, value, NULL);
-				php_add_session_var(key_str);
-				ZVAL_UNDEF(value);
-			}
-		} ZEND_HASH_FOREACH_END();
+		switch(Z_TYPE_P(mp.user.retval)) {
+		case IS_ARRAY:
+		case IS_OBJECT:
+			ZEND_HASH_FOREACH_STR_KEY_VAL(HASH_OF(mp.user.retval), key_str, value) {
+				if (key_str) {
+					php_set_session_var(key_str, value, NULL);
+					php_add_session_var(key_str);
+					ZVAL_UNDEF(value);
+				}
+			} ZEND_HASH_FOREACH_END();
+			break;
+		}
 
 		zval_ptr_dtor(&tmp);
 	} else {

tests/issue132.phpt

@@ -0,0 +1,23 @@
+--TEST--
+Issue #132 (Segmentation fault when using cloned unpacker)
+--SKIPIF--
+<?php
+if (!extension_loaded("msgpack")) {
+   echo "skip"; 
+}
+if (!extension_loaded("session")) {
+	echo "skip - need ext/session";
+}
+?>
+--FILE--
+<?php
+session_start();
+$_SESSION['a'] = 1;
+session_write_close();
+
+ini_set('session.serialize_handler', 'msgpack');
+session_start();
+?>
+OK
+--EXPECT--
+OK