1--TEST-- 2Bug #73147: Use After Free in PHP7 unserialize() 3--EXTENSIONS-- 4curl 5--FILE-- 6<?php 7$poc = 'a:1:{i:0;O:8:"CURLFile":1:{s:4:"name";R:1;}}'; 8try { 9 var_dump(unserialize($poc)); 10} catch(Exception $e) { 11 echo $e->getMessage(); 12} 13?> 14--EXPECT-- 15Unserialization of 'CURLFile' is not allowed 16
