diff --git a/ext/opcache/Optimizer/zend_inference.c b/ext/opcache/Optimizer/zend_inference.c
index 529cc2dd2f1..174528f2e11 100644
--- a/ext/opcache/Optimizer/zend_inference.c
+++ b/ext/opcache/Optimizer/zend_inference.c
@@ -3695,12 +3695,14 @@ static zend_bool can_convert_to_double(
 static int zend_type_narrowing(const zend_op_array *op_array, const zend_script *script, zend_ssa *ssa)
 {
 	uint32_t bitset_len = zend_bitset_len(ssa->vars_count);
-	ALLOCA_FLAG(use_heap)
-	zend_bitset visited = ZEND_BITSET_ALLOCA(2 * bitset_len, use_heap);
-	zend_bitset worklist = visited + bitset_len;
+	zend_bitset visited, worklist;
 	int i, v;
 	zend_op *opline;
 	zend_bool narrowed = 0;
+	ALLOCA_FLAG(use_heap)
+
+	visited = ZEND_BITSET_ALLOCA(2 * bitset_len, use_heap);
+	worklist = visited + bitset_len;
 
 	zend_bitset_clear(worklist, bitset_len);
 
diff --git a/ext/session/session.c b/ext/session/session.c
index b303b906530..9668db4c833 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -835,7 +835,6 @@ PS_SERIALIZER_DECODE_FUNC(php_binary) /* {{{ */
 	PHP_VAR_UNSERIALIZE_INIT(var_hash);
 
 	for (p = val; p < endptr; ) {
-		zval *tmp;
 		skip = 0;
 		namelen = ((unsigned char)(*p)) & (~PS_BIN_UNDEF);
 
@@ -850,13 +849,6 @@ PS_SERIALIZER_DECODE_FUNC(php_binary) /* {{{ */
 
 		p += namelen + 1;
 
-		if ((tmp = zend_hash_find(&EG(symbol_table), name))) {
-			if ((Z_TYPE_P(tmp) == IS_ARRAY &&
-				Z_ARRVAL_P(tmp) == &EG(symbol_table)) || tmp == &PS(http_session_vars)) {
-				skip = 1;
-			}
-		}
-
 		if (has_value) {
 			zval *current, rv;
 			current = var_tmp_var(&var_hash);
@@ -933,7 +925,6 @@ PS_SERIALIZER_DECODE_FUNC(php) /* {{{ */
 	p = val;
 
 	while (p < endptr) {
-		zval *tmp;
 		q = p;
 		skip = 0;
 		while (*q != PS_DELIMITER) {
@@ -950,13 +941,6 @@ PS_SERIALIZER_DECODE_FUNC(php) /* {{{ */
 		name = zend_string_init(p, namelen, 0);
 		q++;
 
-		if ((tmp = zend_hash_find(&EG(symbol_table), name))) {
-			if ((Z_TYPE_P(tmp) == IS_ARRAY &&
-				Z_ARRVAL_P(tmp) == &EG(symbol_table)) || tmp == &PS(http_session_vars)) {
-				skip = 1;
-			}
-		}
-
 		if (has_value) {
 			zval *current, rv;
 			current = var_tmp_var(&var_hash);
diff --git a/ext/session/tests/bug72681.phpt b/ext/session/tests/bug72681.phpt
index ceca6ecc33f..4752767d50a 100644
--- a/ext/session/tests/bug72681.phpt
+++ b/ext/session/tests/bug72681.phpt
@@ -6,12 +6,17 @@ Bug #72681: PHP Session Data Injection Vulnerability
 <?php
 ini_set('session.serialize_handler', 'php');
 session_start();
-$GLOBALS['ryat'] = $GLOBALS;
+$GLOBALS['ryat'] = $_SESSION;
 $_SESSION['ryat'] = 'ryat|O:8:"stdClass":0:{}';
 session_write_close();
 session_start();
+var_dump($ryat);
 var_dump($_SESSION);
 ?>
 --EXPECT--
 array(0) {
 }
+array(1) {
+  ["ryat"]=>
+  string(24) "ryat|O:8:"stdClass":0:{}"
+}