diff options
author | Nikita Popov <nikita.ppv@gmail.com> | 2017-08-12 13:17:24 +0200 |
---|---|---|
committer | Nikita Popov <nikita.ppv@gmail.com> | 2017-08-12 13:17:24 +0200 |
commit | a871badf2a7a28dc3d69b7e165bcf8a83feac706 (patch) | |
tree | b879f63a6d9ec00c9a34e0b5d1724ba5fbc9e39b /ext/standard/tests/serialize | |
parent | f877b86604e9c7e8642e1a6dd44954cb1f21ea34 (diff) | |
parent | 4fb7665c099eb2e2ee75ead8e77479866ab01b2a (diff) | |
download | php-git-a871badf2a7a28dc3d69b7e165bcf8a83feac706.tar.gz |
Merge branch 'PHP-7.1' into PHP-7.2
Diffstat (limited to 'ext/standard/tests/serialize')
-rw-r--r-- | ext/standard/tests/serialize/bug74103.phpt | 9 | ||||
-rw-r--r-- | ext/standard/tests/serialize/bug75054.phpt | 12 |
2 files changed, 21 insertions, 0 deletions
diff --git a/ext/standard/tests/serialize/bug74103.phpt b/ext/standard/tests/serialize/bug74103.phpt new file mode 100644 index 0000000000..3d474b31b1 --- /dev/null +++ b/ext/standard/tests/serialize/bug74103.phpt @@ -0,0 +1,9 @@ +--TEST-- +Bug #74103: heap-use-after-free when unserializing invalid array size +--FILE-- +<?php +var_dump(unserialize('a:7:{i:0;i:04;s:1:"a";i:2;i:00009617006;i:4;s:1:"a";i:4;s:1:"a";R:5;s:1:"7";R:3;s:1:"a";R:5;;s:18;}}')); +?> +--EXPECTF-- +Notice: unserialize(): Error at offset 68 of 100 bytes in %s on line %d +bool(false) diff --git a/ext/standard/tests/serialize/bug75054.phpt b/ext/standard/tests/serialize/bug75054.phpt new file mode 100644 index 0000000000..51f5692f44 --- /dev/null +++ b/ext/standard/tests/serialize/bug75054.phpt @@ -0,0 +1,12 @@ +--TEST-- +Bug #75054: A Denial of Service Vulnerability was found when performing deserialization +--FILE-- +<?php +$poc = 'a:9:{i:0;s:4:"0000";i:0;s:4:"0000";i:0;R:2;s:4:"5003";R:2;s:4:"0000";R:2;s:4:"0000";R:2;s:4:"'; +$poc .= "\x06"; +$poc .= '000";R:2;s:4:"0000";d:0;s:4:"0000";a:9:{s:4:"0000";'; +var_dump(unserialize($poc)); +?> +--EXPECTF-- +Notice: unserialize(): Error at offset 43 of 145 bytes in %s on line %d +bool(false) |