Skip to content
Merged
Show file tree
Hide file tree
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 8 additions & 9 deletions ext/standard/tests/serialize/serialization_objects_009.phpt
Original file line number Diff line number Diff line change
Expand Up @@ -8,17 +8,16 @@ eval('class C {}');
$b = unserialize($ser);

var_dump($a, $b);

echo "Done";
?>
--EXPECTF--
Warning: Class __PHP_Incomplete_Class has no unserializer in %sserialization_objects_009.php on line %d
Warning: Class __PHP_Incomplete_Class has no unserializer in %s on line %d

Warning: unserialize(): Error at offset 11 of 18 bytes in %s on line %d

Warning: Class C has no unserializer in %s on line %d

Warning: Class C has no unserializer in %sserialization_objects_009.php on line %d
object(__PHP_Incomplete_Class)#%d (1) {
["__PHP_Incomplete_Class_Name"]=>
string(1) "C"
}
object(C)#%d (0) {
}
Warning: unserialize(): Error at offset 11 of 18 bytes in %s on line %d
bool(false)
bool(false)
Done
2 changes: 1 addition & 1 deletion ext/standard/var_unserializer.re
Original file line number Diff line number Diff line change
Expand Up @@ -770,7 +770,7 @@ static inline int object_custom(UNSERIALIZE_PARAMETER, zend_class_entry *ce)

if (ce->unserialize == NULL) {
zend_error(E_WARNING, "Class %s has no unserializer", ZSTR_VAL(ce->name));
object_init_ex(rval, ce);
return 0;
} else if (ce->unserialize(rval, ce, (const unsigned char*)*p, datalen, (zend_unserialize_data *)var_hash) != SUCCESS) {
return 0;
}
Expand Down
19 changes: 19 additions & 0 deletions ext/uri/tests/gh22046.phpt
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
--TEST--
GH-22046: The unserialize function can lead to segfault when internal classes are serialized back with the unsupported C format
--FILE--
<?php

$payload = 'C:14:"Uri\WhatWg\Url":0:{}';
unserialize($payload);

$payload = 'C:15:"Uri\Rfc3986\Uri":0:{}';
unserialize($payload);
?>
--EXPECTF--
Warning: Class Uri\WhatWg\Url has no unserializer in %s on line %d

Warning: unserialize(): Error at offset 25 of 26 bytes in %s on line %d

Warning: Class Uri\Rfc3986\Uri has no unserializer in %s on line %d

Warning: unserialize(): Error at offset 26 of 27 bytes in %s on line %d
Loading