Skip to content

Commit 0d3da6a

Browse files
nikicnikic
committed
Fix segfault when unserializing abstract class
1 parent b29b846 commit 0d3da6a

File tree

2 files changed

+20
-1
lines changed

2 files changed

+20
-1
lines changed

ext/standard/tests/serialize/unserialize_abstract_class.phpt

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
--TEST--
2+
Unserializing an abstract class should fail
3+
--FILE--
4+
<?php
5+
6+
$payload = 'O:23:"RecursiveFilterIterator":0:{}';
7+
try {
8+
var_dump(unserialize($payload));
9+
} catch (Error $e) {
10+
echo $e->getMessage(), "\n";
11+
}
12+
13+
?>
14+
--EXPECT--
15+
Cannot instantiate abstract class RecursiveFilterIterator

ext/standard/var_unserializer.re

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1144,7 +1144,11 @@ object ":" uiv ":" ["] {
11441144
return 0;
11451145
}
11461146

1147-
object_init_ex(rval, ce);
1147+
if (object_init_ex(rval, ce) == FAILURE) {
1148+
zend_string_release_ex(class_name, 0);
1149+
return 0;
1150+
}
1151+
11481152
if (incomplete_class) {
11491153
php_store_class_name(rval, ZSTR_VAL(class_name), len2);
11501154
}

0 commit comments

Comments
 (0)