1--TEST-- 2Bug #72663: Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization 3--SKIPIF-- 4<?php 5if (!extension_loaded("session")) { 6 die("skip"); 7} 8?> 9--FILE-- 10<?php 11 12ini_set('session.serialize_handler', 'php_serialize'); 13session_start(); 14$sess = 'O:9:"Exception":2:{s:7:"'."\0".'*'."\0".'file";R:1;}'; 15session_decode($sess); 16var_dump($_SESSION); 17?> 18DONE 19--EXPECTF-- 20Notice: session_decode(): Unexpected end of serialized data in %sbug72663_2.php on line %d 21 22Warning: session_decode(): Failed to decode session object. Session has been destroyed in %s on line %d 23array(0) { 24} 25DONE 26