xref: /PHP-8.0/ext/curl/tests/bug73147.phpt (revision a624c2bd)
1--TEST--
2Bug #73147: Use After Free in PHP7 unserialize()
3--SKIPIF--
4<?php
5if (!extension_loaded("curl")) {
6        exit("skip curl extension not loaded");
7}
8?>
9--FILE--
10<?php
11
12$poc = 'a:1:{i:0;O:8:"CURLFile":1:{s:4:"name";R:1;}}';
13try {
14    var_dump(unserialize($poc));
15} catch(Exception $e) {
16    echo $e->getMessage();
17}
18?>
19--EXPECTF--
20Warning: Erroneous data format for unserializing 'CURLFile' in %s on line %d
21
22Notice: unserialize(): Error at offset 27 of 44 bytes in %s on line %d
23bool(false)
24