1--TEST-- 2Bug #73147: Use After Free in PHP7 unserialize() 3--SKIPIF-- 4<?php 5if (!extension_loaded("curl")) { 6 exit("skip curl extension not loaded"); 7} 8?> 9--FILE-- 10<?php 11 12$poc = 'a:1:{i:0;O:8:"CURLFile":1:{s:4:"name";R:1;}}'; 13try { 14 var_dump(unserialize($poc)); 15} catch(Exception $e) { 16 echo $e->getMessage(); 17} 18?> 19--EXPECTF-- 20Warning: Erroneous data format for unserializing 'CURLFile' in %s on line %d 21 22Notice: unserialize(): Error at offset 27 of 44 bytes in %s on line %d 23bool(false) 24