mirror of
https://github.com/php/php-src.git
synced 2026-04-22 07:28:09 +02:00
Nikita Popov
50c87e92fc
We should be doing this anyway to prevent stack overflow, but on master this is important for an additional reason: The temporary GC buffer provided for get_gc handlers may get reused if the scan is performed recursively instead of indirected via the GC stack. This fixes oss-fuzz #23350.
45 lines
941 B
PHP
45 lines
941 B
PHP
--TEST--
|
|
GC buffer shouldn't get reused when removing nested data
|
|
--FILE--
|
|
<?php
|
|
$s = <<<'STR'
|
|
O:8:"stdClass":2:{i:5;C:8:"SplStack":29:{i:4;:r:1;:O:8:"stdClass":0:{}}i:0;O:13:"RegexIterator":1:{i:5;C:8:"SplStack":29:{i:4;:r:1;:O:8:"stdClass":0:{}}}}
|
|
STR;
|
|
var_dump(unserialize($s));
|
|
gc_collect_cycles();
|
|
?>
|
|
--EXPECT--
|
|
object(stdClass)#1 (2) {
|
|
["5"]=>
|
|
object(SplStack)#2 (2) {
|
|
["flags":"SplDoublyLinkedList":private]=>
|
|
int(4)
|
|
["dllist":"SplDoublyLinkedList":private]=>
|
|
array(2) {
|
|
[0]=>
|
|
*RECURSION*
|
|
[1]=>
|
|
object(stdClass)#3 (0) {
|
|
}
|
|
}
|
|
}
|
|
["0"]=>
|
|
object(RegexIterator)#4 (2) {
|
|
["replacement"]=>
|
|
NULL
|
|
["5"]=>
|
|
object(SplStack)#5 (2) {
|
|
["flags":"SplDoublyLinkedList":private]=>
|
|
int(4)
|
|
["dllist":"SplDoublyLinkedList":private]=>
|
|
array(2) {
|
|
[0]=>
|
|
*RECURSION*
|
|
[1]=>
|
|
object(stdClass)#6 (0) {
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|