[2011-09-24 19:21 UTC] grinyad at mail dot ru
// make a Pdo_Mysql statement before
$result = $stmt->fetch(PDO::FETCH_LAZY);
$_SESSION['PDORow'] = $result;
Is crashing on next request after saving PDORow to session on session_start()
[2011-09-24 19:24 UTC] email@example.com
What do you mean by "crashing"? Is the actual PHP process crashing, or
are you just getting an error message because PDO statements aren't
serialisable (which is expected)?
[2011-09-25 08:56 UTC] grinyad at mail dot ru
Is a Apache crash. It gives a CGI/FastCGI Send/Don't Send window.
After few minutes is crashing apache server:
[2011-09-25 12:39 UTC] firstname.lastname@example.org
PDORow objects may not be serialized and therefore not be put in a session. In svn it was fixed to throw a warning and not crash anymore this will be in future releases.
Red Hat does not consider this flaw to be a security issue. The bug can only be triggered by the PHP script author, which does not cross trust boundary.