mirror of
https://github.com/php/php-src.git
synced 2026-04-21 15:08:16 +02:00
Nikita Popov
11648c00e9
The object hash is not particularly useful (anymore) and just clutters the output. It encodes the same information as the object ID, which is already part of the output.
35 lines
634 B
PHP
35 lines
634 B
PHP
--TEST--
|
|
SPL: Bug #70168 Use After Free Vulnerability in unserialize() with SplObjectStorage
|
|
--FILE--
|
|
<?php
|
|
$inner = 'x:i:1;O:8:"stdClass":0:{};m:a:0:{}';
|
|
$exploit = 'a:2:{i:0;C:16:"SplObjectStorage":'.strlen($inner).':{'.$inner.'}i:1;R:3;}';
|
|
|
|
$data = unserialize($exploit);
|
|
|
|
for($i = 0; $i < 5; $i++) {
|
|
$v[$i] = 'hi'.$i;
|
|
}
|
|
|
|
var_dump($data);
|
|
?>
|
|
--EXPECTF--
|
|
array(2) {
|
|
[0]=>
|
|
object(SplObjectStorage)#%d (1) {
|
|
["storage":"SplObjectStorage":private]=>
|
|
array(1) {
|
|
[0]=>
|
|
array(2) {
|
|
["obj"]=>
|
|
object(stdClass)#2 (0) {
|
|
}
|
|
["inf"]=>
|
|
NULL
|
|
}
|
|
}
|
|
}
|
|
[1]=>
|
|
int(1)
|
|
}
|