xref: /PHP-7.3/ext/curl/tests/bug73147.phpt (revision 54003ab6)
1--TEST--
2Bug #73147: Use After Free in PHP7 unserialize()
3--SKIPIF--
4<?php
5if (!extension_loaded("curl")) {
6        exit("skip curl extension not loaded");
7}
8?>
9--FILE--
10<?php
11
12$poc = 'a:1:{i:0;O:8:"CURLFile":1:{s:4:"name";R:1;}}';
13try {
14var_dump(unserialize($poc));
15} catch(Exception $e) {
16	echo $e->getMessage();
17}
18?>
19--EXPECT--
20Unserialization of CURLFile instances is not allowed
21