From 59d936ebdd878d7e6b68145ce4725cf040a8f791 Mon Sep 17 00:00:00 2001
From: Nicolas Grekas <nicolas.grekas@gmail.com>
Date: Fri, 18 May 2018 09:42:46 +0200
Subject: [PATCH] [HttpFoundation] Break infinite loop in PdoSessionHandler
 when MySQL is in loose mode

---
 Session/Storage/Handler/PdoSessionHandler.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/Session/Storage/Handler/PdoSessionHandler.php b/Session/Storage/Handler/PdoSessionHandler.php
index 0825ee6ea..bb000f5c9 100644
--- a/Session/Storage/Handler/PdoSessionHandler.php
+++ b/Session/Storage/Handler/PdoSessionHandler.php
@@ -494,6 +494,7 @@ private function doRead($sessionId)
         $selectSql = $this->getSelectSql();
         $selectStmt = $this->pdo->prepare($selectSql);
         $selectStmt->bindParam(':id', $sessionId, \PDO::PARAM_STR);
+        $insertStmt = null;
 
         do {
             $selectStmt->execute();
@@ -509,6 +510,11 @@ private function doRead($sessionId)
                 return is_resource($sessionRows[0][0]) ? stream_get_contents($sessionRows[0][0]) : $sessionRows[0][0];
             }
 
+            if (null !== $insertStmt) {
+                $this->rollback();
+                throw new \RuntimeException('Failed to read session: INSERT reported a duplicate id but next SELECT did not return any data.');
+            }
+
             if (self::LOCK_TRANSACTIONAL === $this->lockMode && 'sqlite' !== $this->driver) {
                 // Exclusive-reading of non-existent rows does not block, so we need to do an insert to block
                 // until other connections to the session are committed.