1--TEST-- 2SPL: Test that serialized blob contains unique elements (CVE-2010-2225) 3--FILE-- 4<?php 5 6$badblobs = array( 7'x:i:2;i:0;,i:1;;i:0;,i:2;;m:a:0:{}', 8'x:i:3;O:8:"stdClass":0:{},O:8:"stdClass":0:{};R:2;,i:1;;O:8:"stdClass":0:{},r:2;;m:a:0:{}', 9'x:i:3;O:8:"stdClass":0:{},O:8:"stdClass":0:{};r:2;,i:1;;O:8:"stdClass":0:{},r:2;;m:a:0:{}', 10'x:i:1;O:8:"stdClass":0:{},N;;m:s:40:"1234567890123456789012345678901234567890"', 11); 12foreach($badblobs as $blob) { 13try { 14 $so = new SplObjectStorage(); 15 $so->unserialize($blob); 16 var_dump($so); 17} catch(UnexpectedValueException $e) { 18 echo $e->getMessage()."\n"; 19} 20} 21echo "DONE\n"; 22--EXPECTF-- 23Error at offset 6 of 34 bytes 24Error at offset 46 of 89 bytes 25object(SplObjectStorage)#2 (1) { 26 ["storage":"SplObjectStorage":private]=> 27 array(2) { 28 ["%s"]=> 29 array(2) { 30 ["obj"]=> 31 object(stdClass)#3 (0) { 32 } 33 ["inf"]=> 34 int(1) 35 } 36 ["%s"]=> 37 array(2) { 38 ["obj"]=> 39 object(stdClass)#1 (0) { 40 } 41 ["inf"]=> 42 object(stdClass)#4 (0) { 43 } 44 } 45 } 46} 47Error at offset 79 of 78 bytes 48DONE 49
