From: Thies C. Arntzen <thies@php.net>
Date: Mon, 18 Oct 1999 17:46:33 +0000 (+0000)
Subject: @- unserialize() now gives a notice when passed invalid data. (Thies)
X-Git-Tag: php-4.0b3_RC2~139
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4f013f8e2dd9556d24e73ec23780ba37e25a0a06;p=php

@- unserialize() now gives a notice when passed invalid data. (Thies)
---

diff --git a/ext/standard/var.c b/ext/standard/var.c
index 6f82505b2f..abcf81f06a 100644
--- a/ext/standard/var.c
+++ b/ext/standard/var.c
@@ -487,11 +487,16 @@ PHP_FUNCTION(unserialize)
 	}
 	if ((*buf)->type == IS_STRING) {
 		const char *p = (*buf)->value.str.val;
+		const char *q;
+
+		q = p;
 
 		if (!php_var_unserialize(&return_value, &p, p + (*buf)->value.str.len)) {
+			php_error(E_NOTICE, "unserialize() failed at offset %d",p-q);
 			RETURN_FALSE;
 		}
 	} else {
+		php_error(E_NOTICE, "argument passed to unserialize() is not an string");
 		RETURN_FALSE;
 	}
 }