xref: /php-src/ext/session/tests/gh16590.phpt (revision cc39bc21)
1--TEST--
2GH-16590 (UAF in session_encode())
3--EXTENSIONS--
4session
5--SKIPIF--
6<?php include('skipif.inc'); ?>
7--INI--
8session.use_cookies=0
9session.cache_limiter=
10session.serialize_handler=php
11session.save_handler=files
12--FILE--
13<?php
14
15class C {
16    function __serialize() {
17        $_SESSION = [];
18        return [];
19    }
20}
21
22session_start();
23
24$_SESSION['Lz'] = new C;
25for ($i = 0; $i < 2; $i++) {
26    $_SESSION[$i] = $i;
27}
28
29var_dump(session_encode());
30
31?>
32--EXPECTF--
33Warning: session_encode(): Skipping numeric key 0 in %s on line %d
34
35Warning: session_encode(): Skipping numeric key 1 in %s on line %d
36string(15) "Lz|O:1:"C":0:{}"
37