1--TEST-- 2Test unserialize() with extra data at the end of a valid value with nested unserialize 3--FILE-- 4<?php 5 6final class Foo { 7 public $foo; 8 9 public function __unserialize(array $foo) 10 { 11 $this->foo = unserialize($foo['bar']); 12 } 13 14 public function __serialize(): array 15 { 16 return [ 17 'bar' => serialize($this->foo) . 'garbage', 18 ]; 19 } 20} 21 22$f = new Foo; 23$f->foo = ['a', 'b', 'c']; 24 25var_dump(unserialize(serialize($f) . 'garbage')); 26 27?> 28--EXPECTF-- 29Warning: unserialize(): Extra data starting at offset 81 of 88 bytes in %s on line %d 30 31Warning: unserialize(): Extra data starting at offset 42 of 49 bytes in %s on line %d 32object(Foo)#2 (1) { 33 ["foo"]=> 34 array(3) { 35 [0]=> 36 string(1) "a" 37 [1]=> 38 string(1) "b" 39 [2]=> 40 string(1) "c" 41 } 42} 43