File: bug68594.phpt

package info (click to toggle)
php5 5.6.7%2Bdfsg-1
  • links: PTS, VCS
  • area: main
  • in suites: jessie-kfreebsd
  • size: 150,376 kB
  • sloc: ansic: 727,510; php: 21,966; sh: 12,356; cpp: 8,763; xml: 6,105; yacc: 1,551; exp: 1,514; makefile: 1,461; pascal: 1,048; awk: 538; perl: 315; sql: 22
file content (23 lines) | stat: -rw-r--r-- 383 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
 
--TEST--
Bug #68545 Use after free vulnerability in unserialize()
--FILE--
<?php
for ($i=4; $i<100; $i++) {
	$m = new StdClass();

	$u = array(1);

	$m->aaa = array(1,2,&$u,4,5);
	$m->bbb = 1;
	$m->ccc = &$u;
	$m->ddd = str_repeat("A", $i);

	$z = serialize($m);
	$z = str_replace("bbb", "aaa", $z);
	$y = unserialize($z);
	$z = serialize($y);
}
?>
===DONE===
--EXPECTF--
===DONE===