diff options
author | Stanislav Malyshev <stas@php.net> | 2016-09-11 21:19:29 -0700 |
---|---|---|
committer | Anatol Belski <ab@php.net> | 2016-09-12 17:53:44 +0200 |
commit | 27876d22ef47cd8efe6230ee5cb52ab5d650c848 (patch) | |
tree | 9fd3118145db60a4a969c7d1b7bbaf43b570560f | |
parent | 022e75cba104c52ccfb494ce224c2c4d0ff2dddc (diff) | |
download | php-git-27876d22ef47cd8efe6230ee5cb52ab5d650c848.tar.gz |
Fix bug #73052 - Memory Corruption in During Deserialized-object Destruction
(cherry picked from commit b6e1e5e0b3e6221c7b14fa10cba30f5c5e719e1b)
Conflicts:
Zend/zend_objects_API.c
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
-rw-r--r-- | ext/standard/tests/serialize/bug73052.phpt | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/ext/standard/tests/serialize/bug73052.phpt b/ext/standard/tests/serialize/bug73052.phpt new file mode 100644 index 0000000000..63b484bf14 --- /dev/null +++ b/ext/standard/tests/serialize/bug73052.phpt @@ -0,0 +1,18 @@ +--TEST-- +Bug #73052: Memory Corruption in During Deserialized-object Destruction +--FILE-- +<?php + +class obj { + var $ryat; + public function __destruct() { + $this->ryat = null; + } +} + +$poc = 'O:3:"obj":1:{'; +var_dump(unserialize($poc)); +?> +--EXPECTF-- +Notice: unserialize(): Error at offset 13 of 13 bytes in %sbug73052.php on line %d +bool(false) |