diff options
Diffstat (limited to 'ext/standard')
-rw-r--r-- | ext/standard/tests/serialize/bug70219.phpt | 17 | ||||
-rw-r--r-- | ext/standard/tests/serialize/bug70219_1.phpt | 11 |
2 files changed, 8 insertions, 20 deletions
diff --git a/ext/standard/tests/serialize/bug70219.phpt b/ext/standard/tests/serialize/bug70219.phpt index ddd2f317df..a97caf6c2b 100644 --- a/ext/standard/tests/serialize/bug70219.phpt +++ b/ext/standard/tests/serialize/bug70219.phpt @@ -4,8 +4,6 @@ Bug #70219 Use after free vulnerability in session deserializer <?php if (!extension_loaded('session')) die('skip session extension not available'); ?> ---XFAIL-- -Unfinished merge, needs fix. --FILE-- <?php class obj implements Serializable { @@ -32,15 +30,6 @@ var_dump($data); ?> --EXPECTF-- Warning: session_decode(): Failed to decode session object. Session has been destroyed in %s on line %d -array(2) { - [0]=> - object(obj)#%d (1) { - ["data"]=> - NULL - } - [1]=> - &array(1) { - ["data"]=> - NULL - } -} + +Notice: unserialize(): Error at offset 55 of 56 bytes in %s on line %d +bool(false) diff --git a/ext/standard/tests/serialize/bug70219_1.phpt b/ext/standard/tests/serialize/bug70219_1.phpt index 6bbc593b34..6492a9a21e 100644 --- a/ext/standard/tests/serialize/bug70219_1.phpt +++ b/ext/standard/tests/serialize/bug70219_1.phpt @@ -18,6 +18,7 @@ class obj implements Serializable { } function unserialize($data) { session_decode($data); + return null; } } @@ -33,20 +34,18 @@ for ($i = 0; $i < 5; $i++) { var_dump($data); var_dump($_SESSION); ?> ---EXPECTF-- +--EXPECT-- array(2) { [0]=> - object(obj)#%d (1) { + object(obj)#1 (1) { ["data"]=> NULL } [1]=> - object(obj)#%d (1) { + object(obj)#2 (1) { ["data"]=> NULL } } -object(obj)#1 (1) { - ["data"]=> - NULL +array(0) { } |