summaryrefslogtreecommitdiff
path: root/ext/standard/tests/serialize/bug74103.phpt
diff options
context:
space:
mode:
Diffstat (limited to 'ext/standard/tests/serialize/bug74103.phpt')
-rw-r--r--ext/standard/tests/serialize/bug74103.phpt9
1 files changed, 9 insertions, 0 deletions
diff --git a/ext/standard/tests/serialize/bug74103.phpt b/ext/standard/tests/serialize/bug74103.phpt
new file mode 100644
index 0000000000..3d474b31b1
--- /dev/null
+++ b/ext/standard/tests/serialize/bug74103.phpt
@@ -0,0 +1,9 @@
+--TEST--
+Bug #74103: heap-use-after-free when unserializing invalid array size
+--FILE--
+<?php
+var_dump(unserialize('a:7:{i:0;i:04;s:1:"a";i:2;i:00009617006;i:4;s:1:"a";i:4;s:1:"a";R:5;s:1:"7";R:3;s:1:"a";R:5;;s:18;}}'));
+?>
+--EXPECTF--
+Notice: unserialize(): Error at offset 68 of 100 bytes in %s on line %d
+bool(false)
View Lorry Controller Status