diff options
Diffstat (limited to 'ext/curl/tests/bug73147.phpt')
-rw-r--r-- | ext/curl/tests/bug73147.phpt | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/ext/curl/tests/bug73147.phpt b/ext/curl/tests/bug73147.phpt new file mode 100644 index 0000000000..118177d871 --- /dev/null +++ b/ext/curl/tests/bug73147.phpt @@ -0,0 +1,20 @@ +--TEST-- +Bug #73147: Use After Free in PHP7 unserialize() +--SKIPIF-- +<?php +if (!extension_loaded("curl")) { + exit("skip curl extension not loaded"); +} +?> +--FILE-- +<?php + +$poc = 'a:1:{i:0;O:8:"CURLFile":1:{s:4:"name";R:1;}}'; +try { +var_dump(unserialize($poc)); +} catch(Exception $e) { + echo $e->getMessage(); +} +?> +--EXPECT-- +Unserialization of CURLFile instances is not allowed |