Merge branch 'PHP-8.3' into PHP-8.4

* PHP-8.3: Leak in failed unserialize() with opcache
2026-03-24 00:02:20 +01:00 · 2025-07-22 15:44:16 +02:00
parent c04f2d2d88 5d1636e40b
commit f0baf3dc11
3 changed files with 19 additions and 0 deletions
--- a/4
+++ b/4
@@ -34,6 +34,10 @@ PHP                                                                        NEWS
 - Sockets:
  . Fix some potential crashes on incorrect argument value. (nielsdos)

+- Standard:
+  . Fixed OSS Fuzz #417078295 (Leak in failed unserialize() with opcache).
+    (ilutov)
+
 31 Jul 2025, PHP 8.4.11

 - Calendar:
--- a/ext/standard/tests/serialize/oss_fuzz_433303828.phpt
+++ b/ext/standard/tests/serialize/oss_fuzz_433303828.phpt
@@ -0,0 +1,13 @@
+--TEST--
+OSS-Fuzz #433303828
+--FILE--
+<?php
+
+unserialize('O:2:"yy": ');
+unserialize('O:2:"yy":: ');
+
+?>
+--EXPECTF--
+Warning: unserialize(): Error at offset 9 of 10 bytes in %s on line %d
+
+Warning: unserialize(): Error at offset 10 of 11 bytes in %s on line %d
--- a/ext/standard/var_unserializer.re
+++ b/ext/standard/var_unserializer.re
@@ -1312,10 +1312,12 @@ object ":" uiv ":" ["]	{
 	YYCURSOR = *p;

 	if (*(YYCURSOR) != ':') {
+		zend_string_release_ex(class_name, 0);
 		return 0;
 	}
 	if (*(YYCURSOR+1) != '{') {
 		*p = YYCURSOR+1;
+		zend_string_release_ex(class_name, 0);
 		return 0;
 	}