diff options
author | Nikita Popov <nikita.ppv@gmail.com> | 2018-07-02 17:58:53 +0200 |
---|---|---|
committer | Nikita Popov <nikita.ppv@gmail.com> | 2018-07-02 17:59:15 +0200 |
commit | 3a236d0587aafc762890e61813cb22e63d8b2550 (patch) | |
tree | 6366ac24e03a8d81f3195551fa0c00f3c34d3352 | |
parent | 09bb2527e96bcefa79ae5d5d93038f2a0cc80d0a (diff) | |
parent | 787593b708372f67fdaabbe4ae7667f6ee5b062f (diff) | |
download | php-git-3a236d0587aafc762890e61813cb22e63d8b2550.tar.gz |
Merge branch 'PHP-7.1' into PHP-7.2
-rw-r--r-- | NEWS | 2 | ||||
-rw-r--r-- | ext/standard/tests/serialize/bug70436.phpt (renamed from ext/standard/tests/strings/bug70436.phpt) | 4 |
2 files changed, 2 insertions, 4 deletions
@@ -21,7 +21,7 @@ PHP NEWS non-blocking). (Nikita) - GMP: - . Fixed bug #76470 (Integer Underflow when unserializing GMP and possible + . Fixed bug #74670 (Integer Underflow when unserializing GMP and possible other classes). (Nikita) - intl: diff --git a/ext/standard/tests/strings/bug70436.phpt b/ext/standard/tests/serialize/bug70436.phpt index 7d6d0f18d9..8b0df73d60 100644 --- a/ext/standard/tests/strings/bug70436.phpt +++ b/ext/standard/tests/serialize/bug70436.phpt @@ -25,7 +25,7 @@ $fakezval .= "\x01"; $fakezval .= "\x00"; $fakezval .= "\x00\x00"; -$inner = 'C:3:"obj":3:{ryat'; +$inner = 'C:3:"obj":3:{rya}'; $exploit = 'a:4:{i:0;i:1;i:1;C:3:"obj":'.strlen($inner).':{'.$inner.'}i:2;s:'.strlen($fakezval).':"'.$fakezval.'";i:3;R:5;}'; $data = unserialize($exploit); @@ -48,8 +48,6 @@ DONE --EXPECTF-- Notice: unserialize(): Error at offset 0 of 3 bytes in %sbug70436.php on line %d -Notice: unserialize(): Error at offset 16 of 17 bytes in %sbug70436.php on line %d - Notice: unserialize(): Error at offset 93 of 94 bytes in %sbug70436.php on line %d bool(false) DONE |