1--TEST-- 2SPL: Test that serialized blob contains unique elements (CVE-2010-2225) 3--FILE-- 4<?php 5 6$badblobs = array( 7'x:i:2;i:0;,i:1;;i:0;,i:2;;m:a:0:{}', 8'x:i:3;O:8:"stdClass":0:{},O:8:"stdClass":0:{};R:2;,i:1;;O:8:"stdClass":0:{},r:2;;m:a:0:{}', 9'x:i:3;O:8:"stdClass":0:{},O:8:"stdClass":0:{};r:2;,i:1;;O:8:"stdClass":0:{},r:2;;m:a:0:{}', 10'x:i:1;O:8:"stdClass":0:{},N;;m:s:40:"1234567890123456789012345678901234567890"', 11); 12foreach($badblobs as $blob) { 13try { 14 $so = new SplObjectStorage(); 15 $so->unserialize($blob); 16 var_dump($so); 17} catch(UnexpectedValueException $e) { 18 echo $e->getMessage()."\n"; 19} 20} 21echo "DONE\n"; 22?> 23--EXPECTF-- 24Error at offset 6 of 34 bytes 25Error at offset 46 of 89 bytes 26object(SplObjectStorage)#2 (1) { 27 ["storage":"SplObjectStorage":private]=> 28 array(2) { 29 ["%s"]=> 30 array(2) { 31 ["obj"]=> 32 object(stdClass)#3 (0) { 33 } 34 ["inf"]=> 35 int(1) 36 } 37 ["%s"]=> 38 array(2) { 39 ["obj"]=> 40 object(stdClass)#1 (0) { 41 } 42 ["inf"]=> 43 object(stdClass)#3 (0) { 44 } 45 } 46 } 47} 48Error at offset 78 of 78 bytes 49DONE 50