xref: /PHP-8.3/ext/curl/tests/bug73147.phpt (revision 570d9b63)
1--TEST--
2Bug #73147: Use After Free in PHP7 unserialize()
3--EXTENSIONS--
4curl
5--FILE--
6<?php
7$poc = 'a:1:{i:0;O:8:"CURLFile":1:{s:4:"name";R:1;}}';
8try {
9    var_dump(unserialize($poc));
10} catch(Exception $e) {
11    echo $e->getMessage();
12}
13?>
14--EXPECT--
15Unserialization of 'CURLFile' is not allowed
16