php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-29 11:42:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'PHP-7.2'

Browse Source
This commit is contained in:
Nikita Popov
2018-07-02 17:59:20 +02:00
parent a57b5e82a9 3a236d0587
commit 2cc6922cbf
2 changed files with 2 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
NEWS
View File

@@ -26,7 +26,7 @@ PHP NEWS
non-blocking). (Nikita)
- GMP:
. Fixed bug #76470 (Integer Underflow when unserializing GMP and possible
. Fixed bug #74670 (Integer Underflow when unserializing GMP and possible
other classes). (Nikita)
- intl:

4
ext/standard/tests/strings/bug70436.phpt → ext/standard/tests/serialize/bug70436.phpt
View File

@@ -25,7 +25,7 @@ $fakezval .= "\x01";
$fakezval .= "\x00";
$fakezval .= "\x00\x00";
$inner = 'C:3:"obj":3:{ryat';
$inner = 'C:3:"obj":3:{rya}';
$exploit = 'a:4:{i:0;i:1;i:1;C:3:"obj":'.strlen($inner).':{'.$inner.'}i:2;s:'.strlen($fakezval).':"'.$fakezval.'";i:3;R:5;}';
$data = unserialize($exploit);
@@ -48,8 +48,6 @@ DONE
--EXPECTF--
Notice: unserialize(): Error at offset 0 of 3 bytes in %sbug70436.php on line %d
Notice: unserialize(): Error at offset 16 of 17 bytes in %sbug70436.php on line %d
Notice: unserialize(): Error at offset 93 of 94 bytes in %sbug70436.php on line %d
bool(false)
DONE