mirror of
https://github.com/php/php-src.git
synced 2026-04-17 21:11:02 +02:00
c793885b76
Validate that "C" serialization payload is followed by "}" prior to calling the unserialize() handler. This mitigates issues caused by unserialize() not correctly handling strings that are not NUL terminated. Making sure that there is a "}" at the end avoids the problem.
11 lines
271 B
PHP
11 lines
271 B
PHP
--TEST--
|
|
Bug #74670: Integer Underflow when unserializing GMP and possible other classes
|
|
--FILE--
|
|
<?php
|
|
$str = 'C:3:"GMP":4:{s:6666666666:""}';
|
|
var_dump(unserialize($str));
|
|
?>
|
|
--EXPECTF--
|
|
Notice: unserialize(): Error at offset 13 of 29 bytes in %s on line %d
|
|
bool(false)
|