1--TEST-- 2Bug #68545 Use after free vulnerability in unserialize() 3--FILE-- 4<?php 5for ($i=4; $i<100; $i++) { 6 $m = new StdClass(); 7 8 $u = array(1); 9 10 $m->aaa = array(1,2,&$u,4,5); 11 $m->bbb = 1; 12 // $m->ccc = &$u; 13 $m->ddd = str_repeat("A", $i); 14 15 $z = serialize($m); 16 $z = str_replace("bbb", "aaa", $z); 17 $y = unserialize($z); 18 $z = serialize($y); 19} 20?> 21===DONE=== 22--EXPECT-- 23===DONE=== 24