Merge branch 'PHP-7.0' into PHP-7.1

* PHP-7.0:
  followup with #73276 merge
  fix test
  Fix bug #73276 - crash in openssl_random_pseudo_bytes function
  Fix bug #73293 - NULL pointer dereference in SimpleXMLElement::asXML()
  Fix for #73240 - Write out of bounds at number_format
  avoid strlen
  Bug #73218: add mitigation for ICU int overflow
  Add more locale length checks, due to ICU bugs.
  Fix bug #73150: missing NULL check in dom_document_save_html
  Clear FG(user_stream_current_filename) when bailing out
  set versions and release date
  sync NEWS
  Revert "Fixed bug #73067 (__debugInfo crashes when throwing an exception)"
  Fix for #73240 - Write out of bounds at number_format
  Fix bug #73257 and bug #73258 - SplObjectStorage unserialize allows use of non-object as key
  set versions
  Fix bug #73091 - Unserializing DateInterval object may lead to __toString invocation

1 files changed, 8 insertions, 6 deletions

diff --git a/ext/spl/spl_observer.c b/ext/spl/spl_observer.c
index 4ad0c6d15e..b94ab401cf 100644
--- a/ext/spl/spl_observer.c
+++ b/ext/spl/spl_observer.c
@@ -788,6 +788,9 @@ SPL_METHOD(SplObjectStorage, unserialize)
 	--p; /* for ';' */
 	count = Z_LVAL_P(pcount);
 
+	ZVAL_UNDEF(&entry);
+	ZVAL_UNDEF(&inf);
+
 	while (count-- > 0) {
 		spl_SplObjectStorageElement *pelement;
 		zend_hash_key key;
@@ -803,18 +806,17 @@ SPL_METHOD(SplObjectStorage, unserialize)
 		if (!php_var_unserialize(&entry, &p, s + buf_len, &var_hash)) {
 			goto outexcept;
 		}
-		if (Z_TYPE(entry) != IS_OBJECT) {
-			zval_ptr_dtor(&entry);
-			goto outexcept;
-		}
 		if (*p == ',') { /* new version has inf */
 			++p;
 			if (!php_var_unserialize(&inf, &p, s + buf_len, &var_hash)) {
 				zval_ptr_dtor(&entry);
 				goto outexcept;
 			}
-		} else {
-			ZVAL_UNDEF(&inf);
+		}
+		if (Z_TYPE(entry) != IS_OBJECT) {
+			zval_ptr_dtor(&entry);
+			zval_ptr_dtor(&inf);
+			goto outexcept;
 		}
 
 		if (spl_object_storage_get_hash(&key, intern, getThis(), &entry) == FAILURE) {