1--TEST--
2Bug #68976 Use After Free Vulnerability in unserialize()
3--FILE--
4<?php
5class evilClass {
6    public $name;
7    function __wakeup() {
8        unset($this->name);
9    }
10}
11
12$fakezval = pack(
13    'IIII',
14    0x00100000,
15    0x00000400,
16    0x00000000,
17    0x00000006
18);
19
20$data = unserialize('a:2:{i:0;O:9:"evilClass":1:{s:4:"name";a:2:{i:0;i:1;i:1;i:2;}}i:1;R:4;}');
21
22for($i = 0; $i < 5; $i++) {
23    $v[$i] = $fakezval.$i;
24}
25
26var_dump($data);
27?>
28--EXPECT--
29array(2) {
30  [0]=>
31  object(evilClass)#1 (0) {
32  }
33  [1]=>
34  int(1)
35}
36