--- ext/session/session.c.bak	2019-01-09 10:54:13.000000000 +0100
+++ ext/session/session.c	2026-03-03 19:11:58.987141885 +0100
@@ -859,12 +859,16 @@
 PS_SERIALIZER_DECODE_FUNC(php_serialize) /* {{{ */
 {
 	const char *endptr = val + vallen;
+   const unsigned char *p;
+   const unsigned char *max;
 	zval *session_vars;
 	php_unserialize_data_t var_hash;
 
 	PHP_VAR_UNSERIALIZE_INIT(var_hash);
 	ALLOC_INIT_ZVAL(session_vars);
-	if (php_var_unserialize(&session_vars, &val, endptr, &var_hash TSRMLS_CC)) {
+   p   = (const unsigned char *) val;
+   max = (const unsigned char *) endptr;
+   if (php_var_unserialize(&session_vars, &p, max, &var_hash TSRMLS_CC)) {
 		var_push_dtor(&var_hash, &session_vars);
 	}