Fix leak on error in new serialization mechanism

diff --git a/ext/standard/tests/serialize/__serialize_006.phpt b/ext/standard/tests/serialize/__serialize_006.phpt
new file mode 100644 (file)
index 0000000..f824787
--- /dev/null
+++ b/ext/standard/tests/serialize/__serialize_006.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Failure while parsing data array for __unserialize()
+--FILE--
+<?php
+
+class Test {
+    public function __unserialize(array $data) { }
+}
+
+var_dump(unserialize('O:4:"Test":1:{}'));
+
+?>
+--EXPECTF--
+Notice: unserialize(): Unexpected end of serialized data in %s on line %d
+
+Notice: unserialize(): Error at offset 14 of 15 bytes in %s on line %d
+bool(false)

diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re
index afb992cca4a5355175d5a20e3e3db2d52cf9aa98..588aa43d8ba3aee88588532cb98ab59953df53d7 100644 (file)
--- a/ext/standard/var_unserializer.re
+++ b/ext/standard/var_unserializer.re
@@ -646,6 +646,7 @@ static inline int object_common(UNSERIALIZE_PARAMETER, zend_long elements, zend_
                if (!process_nested_data(UNSERIALIZE_PASSTHRU, Z_ARRVAL(ary), elements, NULL)) {
                        ZVAL_DEREF(rval);
                        GC_ADD_FLAGS(Z_OBJ_P(rval), IS_OBJ_DESTRUCTOR_CALLED);
+            zval_ptr_dtor(&ary);
                        return 0;
                }