@- unserialize() now gives a notice when passed invalid data. (Thies)

diff --git a/ext/standard/var.c b/ext/standard/var.c
index 6f82505b2fb9ccd420c4eb54a8d7650416f4fc68..abcf81f06a0b62ffcff976b670acdcacdc7518d5 100644 (file)
--- a/ext/standard/var.c
+++ b/ext/standard/var.c
@@ -487,11 +487,16 @@ PHP_FUNCTION(unserialize)
        }
        if ((*buf)->type == IS_STRING) {
                const char *p = (*buf)->value.str.val;
+               const char *q;
+
+               q = p;
 
                if (!php_var_unserialize(&return_value, &p, p + (*buf)->value.str.len)) {
+                       php_error(E_NOTICE, "unserialize() failed at offset %d",p-q);
                        RETURN_FALSE;
                }
        } else {
+               php_error(E_NOTICE, "argument passed to unserialize() is not an string");
                RETURN_FALSE;
        }
 }