From 7817fc07e150620be38a16dd29e50c71e51948a7 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Mon, 26 Oct 2020 16:50:20 +0100
Subject: Deny cloning of fileinfo objects

Using a cloned finfo object will crash.
---
 ext/fileinfo/fileinfo.c                 |  1 +
 ext/fileinfo/tests/clone_serialize.phpt | 27 +++++++++++++++++++++++++++
 2 files changed, 28 insertions(+)
 create mode 100644 ext/fileinfo/tests/clone_serialize.phpt

diff --git a/ext/fileinfo/fileinfo.c b/ext/fileinfo/fileinfo.c
index 5565964c20..2cb9f91aee 100644
--- a/ext/fileinfo/fileinfo.c
+++ b/ext/fileinfo/fileinfo.c
@@ -218,6 +218,7 @@ PHP_MINIT_FUNCTION(finfo)
 	memcpy(&finfo_object_handlers, &std_object_handlers, sizeof(zend_object_handlers));
 	finfo_object_handlers.offset = XtOffsetOf(finfo_object, zo);
 	finfo_object_handlers.free_obj = finfo_objects_free;
+	finfo_object_handlers.clone_obj = NULL;
 
 	le_fileinfo = zend_register_list_destructors_ex(finfo_resource_destructor, NULL, "file_info", module_number);
 
diff --git a/ext/fileinfo/tests/clone_serialize.phpt b/ext/fileinfo/tests/clone_serialize.phpt
new file mode 100644
index 0000000000..5375526ee4
--- /dev/null
+++ b/ext/fileinfo/tests/clone_serialize.phpt
@@ -0,0 +1,27 @@
+--TEST--
+Cloning and serializing finfo is not supported
+--FILE--
+<?php
+
+$finfo = new finfo;
+var_dump($finfo->buffer("Test string"));
+try {
+    $finfo2 = clone $finfo;
+    var_dump($finfo2->buffer("Test string"));
+} catch (Error $e) {
+    echo $e->getMessage(), "\n";
+}
+try {
+    $finfo3 = unserialize(serialize($finfo));
+    var_dump($finfo3->buffer("Test string"));
+} catch (Error $e) {
+    echo $e->getMessage(), "\n";
+}
+
+?>
+--EXPECTF--
+string(%d) "%s"
+Trying to clone an uncloneable object of class finfo
+
+Warning: finfo::buffer(): The invalid fileinfo object. in %s on line %d
+bool(false)
-- 
cgit v1.2.1