1--TEST--
2Test unserialize() with extra data at the end of a valid value with Serializable
3--FILE--
4<?php
5
6final class Foo implements Serializable {
7    public $foo;
8
9    public function unserialize(string $foo)
10    {
11        $this->foo = unserialize($foo);
12    }
13
14    public function serialize(): string
15    {
16        return serialize($this->foo) . 'garbage';
17    }
18}
19
20$f = new Foo;
21$f->foo = ['a', 'b', 'c'];
22
23var_dump(unserialize(serialize($f) . 'garbage'));
24
25?>
26--EXPECTF--
27Deprecated: Foo implements the Serializable interface, which is deprecated. Implement __serialize() and __unserialize() instead (or in addition, if support for old PHP versions is necessary) in %s on line %d
28
29Warning: unserialize(): Extra data starting at offset 42 of 49 bytes in %s on line %d
30
31Warning: unserialize(): Extra data starting at offset 64 of 71 bytes in %s on line %d
32object(Foo)#2 (1) {
33  ["foo"]=>
34  array(3) {
35    [0]=>
36    string(1) "a"
37    [1]=>
38    string(1) "b"
39    [2]=>
40    string(1) "c"
41  }
42}
43