diff options
author | Anatol Belski <ab@php.net> | 2017-07-04 10:42:48 +0200 |
---|---|---|
committer | Anatol Belski <ab@php.net> | 2017-07-04 10:42:48 +0200 |
commit | 2dc24005d9fe1827705276cec52397a57ae66549 (patch) | |
tree | befc37017e606a95586cc0b227b9ea844cd7f442 /ext/standard/tests/serialize | |
parent | 9d1575c4956cd0018ae0a8f7f393600a1de1f05a (diff) | |
parent | d02f953faf4afdd1576acb1380e4cd3c050ac599 (diff) | |
download | php-git-2dc24005d9fe1827705276cec52397a57ae66549.tar.gz |
Merge branch 'PHP-7.0' into PHP-7.1
* PHP-7.0:
Fixed bug #74101 and bug #74614
Diffstat (limited to 'ext/standard/tests/serialize')
-rw-r--r-- | ext/standard/tests/serialize/bug74101.phpt | 10 | ||||
-rw-r--r-- | ext/standard/tests/serialize/bug74614.phpt | 10 |
2 files changed, 20 insertions, 0 deletions
diff --git a/ext/standard/tests/serialize/bug74101.phpt b/ext/standard/tests/serialize/bug74101.phpt new file mode 100644 index 0000000000..a414060f5c --- /dev/null +++ b/ext/standard/tests/serialize/bug74101.phpt @@ -0,0 +1,10 @@ +--TEST-- +Bug #74101: Unserialize Heap Use-After-Free (READ: 1) in zval_get_type +--FILE-- +<?php +$s = 'O:9:"Exception":799999999999999999999999999997:0i:0;a:0:{}i:2;i:0;i:0;R:2;'; +var_dump(unserialize($s)); +?> +--EXPECTF-- +Notice: unserialize(): Error at offset 48 of 74 bytes in %s on line %d +bool(false) diff --git a/ext/standard/tests/serialize/bug74614.phpt b/ext/standard/tests/serialize/bug74614.phpt new file mode 100644 index 0000000000..ae962628e9 --- /dev/null +++ b/ext/standard/tests/serialize/bug74614.phpt @@ -0,0 +1,10 @@ +--TEST-- +Bug #74614: Use-after-free in PHP7's unserialize() +--FILE-- +<?php + +unserialize('a:3020000000000000000000000000000001:{i:0;a:0:{}i:1;i:2;i:2;i:3;i:3;i:4;i:4;i:5;i:5;i:6;i:6;i:7;i:7;i:8;i:8;R:2;}'); + +?> +--EXPECTF-- +Notice: unserialize(): Error at offset 38 of 113 bytes in %s on line %d |