1--TEST-- 2Bug #68710 Use after free vulnerability in unserialize() (bypassing the 3CVE-2014-8142 fix) 4--FILE-- 5<?php 6for ($i=4; $i<100; $i++) { 7 $m = new StdClass(); 8 9 $u = array(1); 10 11 $m->aaa = array(1,2,&$u,4,5); 12 $m->bbb = 1; 13 $m->ccc = &$u; 14 $m->ddd = str_repeat("A", $i); 15 16 $z = serialize($m); 17 $z = str_replace("aaa", "123", $z); 18 $z = str_replace("bbb", "123", $z); 19 $y = unserialize($z); 20 $z = serialize($y); 21} 22?> 23===DONE=== 24--EXPECTF-- 25===DONE=== 26
