xref: /PHP-8.2/ext/spl/tests/bug70168.phpt (revision 11648c00) 
1--TEST--
2SPL: Bug #70168 Use After Free Vulnerability in unserialize() with SplObjectStorage
3--FILE--
4<?php
5$inner = 'x:i:1;O:8:"stdClass":0:{};m:a:0:{}';
6$exploit = 'a:2:{i:0;C:16:"SplObjectStorage":'.strlen($inner).':{'.$inner.'}i:1;R:3;}';
7
8$data = unserialize($exploit);
9
10for($i = 0; $i < 5; $i++) {
11    $v[$i] = 'hi'.$i;
12}
13
14var_dump($data);
15?>
16--EXPECTF--
17array(2) {
18  [0]=>
19  object(SplObjectStorage)#%d (1) {
20    ["storage":"SplObjectStorage":private]=>
21    array(1) {
22      [0]=>
23      array(2) {
24        ["obj"]=>
25        object(stdClass)#2 (0) {
26        }
27        ["inf"]=>
28        NULL
29      }
30    }
31  }
32  [1]=>
33  int(1)
34}
35