Browse Source
Merge branch 'PHP-8.4'
* PHP-8.4:
Leak in failed unserialize() with opcache
pull/17926/merge
Ilija Tovilo
3 months ago
No known key found for this signature in database
GPG Key ID: 5050C66BFCD1015A
2 changed files with
15 additions and
0 deletions
-
ext/standard/tests/serialize/oss_fuzz_433303828.phpt
-
ext/standard/var_unserializer.re
|
|
|
@ -0,0 +1,13 @@ |
|
|
|
--TEST-- |
|
|
|
OSS-Fuzz #433303828 |
|
|
|
--FILE-- |
|
|
|
<?php |
|
|
|
|
|
|
|
unserialize('O:2:"yy": '); |
|
|
|
unserialize('O:2:"yy":: '); |
|
|
|
|
|
|
|
?> |
|
|
|
--EXPECTF-- |
|
|
|
Warning: unserialize(): Error at offset 9 of 10 bytes in %s on line %d |
|
|
|
|
|
|
|
Warning: unserialize(): Error at offset 10 of 11 bytes in %s on line %d |
|
|
|
@ -1312,10 +1312,12 @@ object ":" uiv ":" ["] { |
|
|
|
YYCURSOR = *p; |
|
|
|
|
|
|
|
if (*(YYCURSOR) != ':') { |
|
|
|
zend_string_release_ex(class_name, 0); |
|
|
|
return 0; |
|
|
|
} |
|
|
|
if (*(YYCURSOR+1) != '{') { |
|
|
|
*p = YYCURSOR+1; |
|
|
|
zend_string_release_ex(class_name, 0); |
|
|
|
return 0; |
|
|
|
} |
|
|
|
|
|
|
|
|
