mirror of
https://github.com/php/php-src.git
synced 2026-04-21 23:18:13 +02:00
Nikita Popov
aaae77f7f1
This is a private property, so we are allowed to add a type.
The new declaration of the property is:
private array $trace = [];
This ensures that Exception::getTrace() does indeed return an array.
Userland code that was modifying the property through refleciton
may have to be adjusted to assign an array (instead of null,
for example).
Closes GH-5636.
17 lines
497 B
PHP
17 lines
497 B
PHP
--TEST--
|
|
Bug #69152: Type Confusion Infoleak Vulnerability in unserialize()
|
|
--FILE--
|
|
<?php
|
|
$x = unserialize('O:9:"exception":1:{s:16:"'."\0".'Exception'."\0".'trace";s:4:"ryat";}');
|
|
echo $x;
|
|
$x = unserialize('O:4:"test":1:{s:27:"__PHP_Incomplete_Class_Name";R:1;}');
|
|
$x->test();
|
|
|
|
?>
|
|
--EXPECTF--
|
|
Fatal error: Uncaught TypeError: Cannot assign string to property Exception::$trace of type array in %s:%d
|
|
Stack trace:
|
|
#0 %s(%d): unserialize('O:9:"exception"...')
|
|
#1 {main}
|
|
thrown in %s on line %d
|