Bump a bit the coverage

* `setcookie` doesn't always return `true` anymore
* clang-format
* Cookies with invalid decryption are dropped, but the request isn't anymore
* faulty unserialize are now dumpable

30 files changed, 261 insertions, 157 deletions

diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c
index 6bb7130..04a3f41 100644
--- a/src/sp_config_keywords.c
+++ b/src/sp_config_keywords.c
@@ -52,12 +52,11 @@ int parse_session(char *line) {
       return -1;
     } else if (0 ==
                (SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key)) {
-      sp_log_err(
-          "config",
-          "You're trying to use the session cookie encryption feature "
-          "on line %zu without having set the `.encryption_key` option in"
-          "`sp.global`: please set it first",
-          sp_line_no);
+      sp_log_err("config",
+                 "You're trying to use the session cookie encryption feature "
+                 "on line %zu without having set the `.secret_key` option in"
+                 "`sp.global`: please set it first",
+                 sp_line_no);
       pefree(session, 0);
       return -1;
     }
@@ -166,7 +165,6 @@ int parse_global(char *line) {
 }
 
 static int parse_eval_filter_conf(char *line, sp_list_node **list) {
-  zend_string *rest = NULL;
   sp_config_eval *eval = SNUFFLEUPAGUS_G(config).config_eval;
 
   sp_config_functions sp_config_funcs[] = {
@@ -183,9 +181,6 @@ static int parse_eval_filter_conf(char *line, sp_list_node **list) {
     return ret;
   }
 
-  if (rest != NULL) {
-    pefree(rest, 1);
-  }
   return SUCCESS;
 }
 
@@ -286,8 +281,7 @@ int parse_cookie(char *line) {
       return -1;
     }
   }
-  SNUFFLEUPAGUS_G(config)
-      .config_cookie->cookies =
+  SNUFFLEUPAGUS_G(config).config_cookie->cookies =
       sp_list_insert(SNUFFLEUPAGUS_G(config).config_cookie->cookies, cookie);
   return SUCCESS;
 }
@@ -350,7 +344,7 @@ int parse_disabled_functions(char *line) {
   if (X && Y) {                                                          \
     sp_log_err("config",                                                 \
                "Invalid configuration line: 'sp.disabled_functions%s': " \
-               "'.%s' and '.%s' are mutually exclusive on line %zu",    \
+               "'.%s' and '.%s' are mutually exclusive on line %zu",     \
                line, STR1, STR2, sp_line_no);                            \
     return 1;                                                            \
   }
diff --git a/src/sp_cookie_encryption.c b/src/sp_cookie_encryption.c
index 31dde95..4e5242d 100644
--- a/src/sp_cookie_encryption.c
+++ b/src/sp_cookie_encryption.c
@@ -43,11 +43,12 @@ static zend_string *encrypt_data(zend_string *data) {
 }
 
 PHP_FUNCTION(sp_setcookie) {
-  zend_string *name = NULL, *value = NULL, *path = NULL, *domain = NULL, *value_enc = NULL,
+  zend_string *name = NULL, *value = NULL, *path = NULL, *domain = NULL,
+              *value_enc = NULL,
 #if PHP_VERSION_ID < 70300
-  *path_samesite = NULL;
+              *path_samesite = NULL;
 #else
-  *samesite = NULL;
+              *samesite = NULL;
 #endif
 
   zend_long expires = 0;
@@ -95,7 +96,6 @@ PHP_FUNCTION(sp_setcookie) {
     value_enc = encrypt_data(value);
   }
 
-
   if (cookie_node && cookie_node->samesite) {
     if (!path) {
       path = zend_string_init("", 0, 0);
@@ -112,19 +112,20 @@ PHP_FUNCTION(sp_setcookie) {
     memcpy(ZSTR_VAL(path_samesite) + ZSTR_LEN(path), cookie_samesite,
            strlen(cookie_samesite) + 1);
 #else
-    cookie_samesite = (cookie_node->samesite == lax)
-                          ? SP_TOKEN_SAMESITE_LAX
-                          : SP_TOKEN_SAMESITE_STRICT;
+    cookie_samesite = (cookie_node->samesite == lax) ? SP_TOKEN_SAMESITE_LAX
+                                                     : SP_TOKEN_SAMESITE_STRICT;
 
     samesite = zend_string_init(cookie_samesite, strlen(cookie_samesite), 0);
 #endif
   }
 
-
 #if PHP_VERSION_ID < 70300
-  if (php_setcookie(name, (value_enc ? value_enc : value), expires, (path_samesite ? path_samesite : path), domain, secure, 1, httponly)) {
+  if (php_setcookie(name, (value_enc ? value_enc : value), expires,
+                    (path_samesite ? path_samesite : path), domain, secure, 1,
+                    httponly) == SUCCESS) {
 #else
-  if (php_setcookie(name, (value_enc ? value_enc : value), expires, path, domain, secure, httponly, samesite, 1)) {
+  if (php_setcookie(name, (value_enc ? value_enc : value), expires, path,
+                    domain, secure, httponly, samesite, 1) == SUCCESS) {
 #endif
     RETVAL_TRUE;
   } else {
@@ -139,7 +140,6 @@ PHP_FUNCTION(sp_setcookie) {
     zend_string_release(path_samesite);
   }
 #endif
-  RETURN_TRUE; // TODO why always true ?
 }
 
 int hook_cookies() {
diff --git a/src/sp_crypt.c b/src/sp_crypt.c
index 96a0cc0..b6eaa59 100644
--- a/src/sp_crypt.c
+++ b/src/sp_crypt.c
@@ -27,11 +27,10 @@ void generate_key(unsigned char *key) {
   if (env_var) {
     PHP_SHA256Update(&ctx, (unsigned char *)env_var, strlen(env_var));
   } else {
-    sp_log_warn(
-        "cookie_encryption",
-        "The environment variable '%s' "
-        "is empty, cookies are weakly encrypted",
-        ZSTR_VAL(env_var_zend));
+    sp_log_warn("cookie_encryption",
+                "The environment variable '%s' "
+                "is empty, cookies are weakly encrypted",
+                ZSTR_VAL(env_var_zend));
   }
 
   if (encryption_key) {
@@ -61,14 +60,16 @@ int decrypt_zval(zval *pDest, bool simulation, zend_hash_key *hash_key) {
           hash_key ? ZSTR_VAL(hash_key->key) : "the session");
       return ZEND_HASH_APPLY_KEEP;
     } else {
+      // LCOV_EXCL_START
       sp_log_msg(
           "cookie_encryption", SP_LOG_DROP,
           "Buffer underflow tentative detected in cookie encryption handling");
       return ZEND_HASH_APPLY_REMOVE;
+      // LCOV_EXCL_STOP
     }
   }
 
-        // LCOV_EXCL_START
+  // LCOV_EXCL_START
   if (ZSTR_LEN(debase64) + (size_t)crypto_secretbox_ZEROBYTES <
       ZSTR_LEN(debase64)) {
     if (true == simulation) {
@@ -85,7 +86,7 @@ int decrypt_zval(zval *pDest, bool simulation, zend_hash_key *hash_key) {
       return ZEND_HASH_APPLY_REMOVE;
     }
   }
-        // LCOV_EXCL_END
+  // LCOV_EXCL_STOP
 
   generate_key(key);
 
@@ -106,7 +107,7 @@ int decrypt_zval(zval *pDest, bool simulation, zend_hash_key *hash_key) {
           hash_key ? ZSTR_VAL(hash_key->key) : "the session");
       return ZEND_HASH_APPLY_KEEP;
     } else {
-      sp_log_msg("cookie_encryption", SP_LOG_DROP,
+      sp_log_msg("cookie_encryption", SP_LOG_WARN,
                  "Something went wrong with the decryption of %s",
                  hash_key ? ZSTR_VAL(hash_key->key) : "the session");
       return ZEND_HASH_APPLY_REMOVE;
diff --git a/src/sp_disabled_functions.c b/src/sp_disabled_functions.c
index 1589cd4..79dc5a7 100644
--- a/src/sp_disabled_functions.c
+++ b/src/sp_disabled_functions.c
@@ -106,12 +106,12 @@ static bool is_param_matching(zend_execute_data* execute_data,
     if (config_node->pos > nb_param - 1) {
       char* complete_function_path = get_complete_function_path(execute_data);
       sp_log_warn("config",
-                 "It seems that you wrote a rule filtering on the "
-                 "%d%s argument of the function '%s', but it takes only %d "
-                 "arguments. "
-                 "Matching on _all_ arguments instead.",
-                 config_node->pos, GET_SUFFIX(config_node->pos),
-                 complete_function_path, nb_param);
+                  "It seems that you wrote a rule filtering on the "
+                  "%d%s argument of the function '%s', but it takes only %d "
+                  "arguments. "
+                  "Matching on _all_ arguments instead.",
+                  config_node->pos, GET_SUFFIX(config_node->pos),
+                  complete_function_path, nb_param);
       efree(complete_function_path);
     } else {
       i = config_node->pos;
@@ -209,12 +209,12 @@ static zend_execute_data* is_file_matching(
   zend_execute_data* ex = execute_data;
   if (config_node->filename) {
     if (sp_zend_string_equals(current_filename, config_node->filename)) {
-      return ex;
+      return ex;  // LCOV_EXCL_LINE
     }
     ITERATE(ex);
     if (zend_string_equals(ex->func->op_array.filename,
-                                   config_node->filename)) {
-      return ex;
+                           config_node->filename)) {
+      return ex;  // LCOV_EXCL_LINE
     }
   } else if (config_node->r_filename) {
     if (sp_is_regexp_matching_zend(config_node->r_filename, current_filename)) {
@@ -415,8 +415,8 @@ bool should_drop_on_ret_ht(const zval* return_value, const char* function_name,
 
   ht_entry = zend_hash_str_find_ptr(ht, function_name, strlen(function_name));
 
-  if (ht_entry && should_drop_on_ret(return_value, ht_entry, function_name,
-        execute_data)) {
+  if (ht_entry &&
+      should_drop_on_ret(return_value, ht_entry, function_name, execute_data)) {
     ret = true;
   } else if (config && config->data) {
     ret = should_drop_on_ret(return_value, config, function_name, execute_data);
@@ -516,13 +516,12 @@ ZEND_FUNCTION(check_disabled_function) {
       SNUFFLEUPAGUS_G(disabled_functions_hook), current_function_name,
       strlen(current_function_name));
   orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
-  if (true ==
-      should_drop_on_ret_ht(
-          return_value, current_function_name,
-          SNUFFLEUPAGUS_G(config)
-              .config_disabled_functions_reg_ret->disabled_functions,
-          SNUFFLEUPAGUS_G(config).config_disabled_functions_ret_hooked,
-          execute_data)) {
+  if (true == should_drop_on_ret_ht(
+                  return_value, current_function_name,
+                  SNUFFLEUPAGUS_G(config)
+                      .config_disabled_functions_reg_ret->disabled_functions,
+                  SNUFFLEUPAGUS_G(config).config_disabled_functions_ret_hooked,
+                  execute_data)) {
     zend_bailout();
   }
 }
@@ -584,7 +583,7 @@ ZEND_FUNCTION(eval_blacklist_callback) {
 
     if (config_eval->dump) {
       sp_log_request(config_eval->dump, config_eval->textual_representation,
-          SP_TOKEN_EVAL_BLACKLIST);
+                     SP_TOKEN_EVAL_BLACKLIST);
     }
     if (config_eval->simulation) {
       sp_log_msg("eval", SP_LOG_SIMULATION,
diff --git a/src/sp_disabled_functions.h b/src/sp_disabled_functions.h
index ae1500a..b7901dd 100644
--- a/src/sp_disabled_functions.h
+++ b/src/sp_disabled_functions.h
@@ -9,8 +9,9 @@ bool should_disable(zend_execute_data *, const char *, const zend_string *,
                     const char *, const sp_list_node *, const zend_string *);
 bool should_disable_ht(zend_execute_data *, const char *, const zend_string *,
                        const char *, const sp_list_node *, const HashTable *);
-bool should_drop_on_ret_ht(const zval *, const char *, const sp_list_node *config,
-                           const HashTable *, zend_execute_data *);
+bool should_drop_on_ret_ht(const zval *, const char *,
+                           const sp_list_node *config, const HashTable *,
+                           zend_execute_data *);
 bool should_drop_on_ret(const zval *, const sp_list_node *config, const char *,
                         zend_execute_data *);
 char *get_complete_function_path(zend_execute_data const *const);
diff --git a/src/sp_execute.c b/src/sp_execute.c
index 6ed87cb..6def91b 100644
--- a/src/sp_execute.c
+++ b/src/sp_execute.c
@@ -13,13 +13,14 @@ static int (*orig_zend_stream_open)(const char *filename,
 
 // FIXME handle symlink
 ZEND_COLD static inline void terminate_if_writable(const char *filename) {
-  const sp_config_readonly_exec* config_ro_exec =
+  const sp_config_readonly_exec *config_ro_exec =
       SNUFFLEUPAGUS_G(config).config_readonly_exec;
 
   if (0 == access(filename, W_OK)) {
     if (config_ro_exec->dump) {
-      sp_log_request(config_ro_exec->dump, config_ro_exec->textual_representation,
-          SP_TOKEN_READONLY_EXEC);
+      sp_log_request(config_ro_exec->dump,
+                     config_ro_exec->textual_representation,
+                     SP_TOKEN_READONLY_EXEC);
     }
     if (true == config_ro_exec->simulation) {
       sp_log_msg("readonly_exec", SP_LOG_SIMULATION,
@@ -31,8 +32,10 @@ ZEND_COLD static inline void terminate_if_writable(const char *filename) {
     }
   } else {
     if (EACCES != errno) {
+      // LCOV_EXCL_START
       sp_log_err("Writable execution", "Error while accessing %s: %s", filename,
                  strerror(errno));
+      // LCOV_EXCL_STOP
     }
   }
 }
@@ -82,7 +85,7 @@ is_in_eval_and_whitelisted(const zend_execute_data *execute_data) {
     if (UNEXPECTED(false == check_is_in_eval_whitelist(current_function))) {
       if (config_eval->dump) {
         sp_log_request(config_eval->dump, config_eval->textual_representation,
-            SP_TOKEN_EVAL_WHITELIST);
+                       SP_TOKEN_EVAL_WHITELIST);
       }
       if (config_eval->simulation) {
         sp_log_msg(
@@ -123,7 +126,7 @@ zend_string *get_eval_filename(const char *const filename) {
 
 static void sp_execute_ex(zend_execute_data *execute_data) {
   is_in_eval_and_whitelisted(execute_data);
-  const HashTable* config_disabled_functions =
+  const HashTable *config_disabled_functions =
       SNUFFLEUPAGUS_G(config).config_disabled_functions;
 
   if (!execute_data) {
@@ -131,11 +134,12 @@ static void sp_execute_ex(zend_execute_data *execute_data) {
   }
 
   if (UNEXPECTED(EX(func)->op_array.type == ZEND_EVAL_CODE)) {
-    const sp_list_node * config = zend_hash_str_find_ptr(
+    const sp_list_node *config = zend_hash_str_find_ptr(
         config_disabled_functions, "eval", sizeof("eval") - 1);
 
     zend_string *filename = get_eval_filename(zend_get_executed_filename());
-    is_builtin_matching(filename, "eval", NULL, config, config_disabled_functions);
+    is_builtin_matching(filename, "eval", NULL, config,
+                        config_disabled_functions);
     zend_string_release(filename);
 
     SNUFFLEUPAGUS_G(in_eval)++;
@@ -153,9 +157,9 @@ static void sp_execute_ex(zend_execute_data *execute_data) {
   if (SNUFFLEUPAGUS_G(config).hook_execute) {
     char *function_name = get_complete_function_path(execute_data);
     zval ret_val;
-    const sp_list_node* config_disabled_functions_reg =
-        SNUFFLEUPAGUS_G(config).config_disabled_functions_reg
-        ->disabled_functions;
+    const sp_list_node *config_disabled_functions_reg =
+        SNUFFLEUPAGUS_G(config)
+            .config_disabled_functions_reg->disabled_functions;
 
     if (!function_name) {
       orig_execute_ex(execute_data);
@@ -166,10 +170,10 @@ static void sp_execute_ex(zend_execute_data *execute_data) {
         !execute_data->prev_execute_data->func ||
         !ZEND_USER_CODE(execute_data->prev_execute_data->func->type) ||
         !execute_data->prev_execute_data->opline) {
-      if (UNEXPECTED(true ==
-                     should_disable_ht(execute_data, function_name, NULL, NULL,
-                         config_disabled_functions_reg,
-                         config_disabled_functions))) {
+      if (UNEXPECTED(true == should_disable_ht(execute_data, function_name,
+                                               NULL, NULL,
+                                               config_disabled_functions_reg,
+                                               config_disabled_functions))) {
         zend_bailout();
       }
     } else if ((execute_data->prev_execute_data->opline->opcode ==
@@ -178,16 +182,17 @@ static void sp_execute_ex(zend_execute_data *execute_data) {
                     ZEND_DO_UCALL ||
                 execute_data->prev_execute_data->opline->opcode ==
                     ZEND_DO_FCALL_BY_NAME)) {
-      if (UNEXPECTED(true ==
-                     should_disable_ht(execute_data, function_name, NULL, NULL,
-                         config_disabled_functions_reg,
-                         config_disabled_functions))) {
+      if (UNEXPECTED(true == should_disable_ht(execute_data, function_name,
+                                               NULL, NULL,
+                                               config_disabled_functions_reg,
+                                               config_disabled_functions))) {
         zend_bailout();
       }
     }
 
-    // When a function's return value isn't used, php doesn't store it in the execute_data,
-    // so we need to use a local variable to be able to match on it later.
+    // When a function's return value isn't used, php doesn't store it in the
+    // execute_data, so we need to use a local variable to be able to match on
+    // it later.
     if (EX(return_value) == NULL) {
       memset(&ret_val, 0, sizeof(ret_val));
       EX(return_value) = &ret_val;
@@ -196,13 +201,13 @@ static void sp_execute_ex(zend_execute_data *execute_data) {
     orig_execute_ex(execute_data);
 
     if (UNEXPECTED(
-          true ==
-          should_drop_on_ret_ht(
-            EX(return_value), function_name,
-            SNUFFLEUPAGUS_G(config)
-            .config_disabled_functions_reg_ret->disabled_functions,
-            SNUFFLEUPAGUS_G(config).config_disabled_functions_ret,
-            execute_data))) {
+            true ==
+            should_drop_on_ret_ht(
+                EX(return_value), function_name,
+                SNUFFLEUPAGUS_G(config)
+                    .config_disabled_functions_reg_ret->disabled_functions,
+                SNUFFLEUPAGUS_G(config).config_disabled_functions_ret,
+                execute_data))) {
       zend_bailout();
     }
     efree(function_name);
@@ -213,14 +218,14 @@ static void sp_execute_ex(zend_execute_data *execute_data) {
   } else {
     orig_execute_ex(execute_data);
   }
-
 }
 
 static void sp_zend_execute_internal(INTERNAL_FUNCTION_PARAMETERS) {
   is_in_eval_and_whitelisted(execute_data);
 
   if (UNEXPECTED(NULL != orig_zend_execute_internal)) {
-    orig_zend_execute_internal(INTERNAL_FUNCTION_PARAM_PASSTHRU);
+    orig_zend_execute_internal(
+        INTERNAL_FUNCTION_PARAM_PASSTHRU);  // LCOV_EXCL_LINE
   } else {
     EX(func)->internal_function.handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
   }
@@ -235,7 +240,7 @@ static int sp_stream_open(const char *filename, zend_file_handle *handle) {
   }
 
   zend_string *zend_filename = zend_string_init(filename, strlen(filename), 0);
-  const HashTable* disabled_functions_hooked =
+  const HashTable *disabled_functions_hooked =
       SNUFFLEUPAGUS_G(config).config_disabled_functions_hooked;
 
   switch (data->opline->opcode) {
@@ -247,32 +252,32 @@ static int sp_stream_open(const char *filename, zend_file_handle *handle) {
         case ZEND_INCLUDE:
           is_builtin_matching(
               zend_filename, "include", "inclusion path",
-              zend_hash_str_find_ptr(disabled_functions_hooked,
-                    "include", sizeof("include") - 1),
+              zend_hash_str_find_ptr(disabled_functions_hooked, "include",
+                                     sizeof("include") - 1),
               disabled_functions_hooked);
           break;
         case ZEND_REQUIRE:
           is_builtin_matching(
               zend_filename, "require", "inclusion path",
-              zend_hash_str_find_ptr(disabled_functions_hooked,
-                  "require", sizeof("require") - 1),
+              zend_hash_str_find_ptr(disabled_functions_hooked, "require",
+                                     sizeof("require") - 1),
               disabled_functions_hooked);
           break;
         case ZEND_REQUIRE_ONCE:
           is_builtin_matching(
               zend_filename, "require_once", "inclusion path",
-              zend_hash_str_find_ptr(disabled_functions_hooked,
-                  "require_once", sizeof("require_once") - 1),
+              zend_hash_str_find_ptr(disabled_functions_hooked, "require_once",
+                                     sizeof("require_once") - 1),
               disabled_functions_hooked);
           break;
         case ZEND_INCLUDE_ONCE:
           is_builtin_matching(
               zend_filename, "include_once", "inclusion path",
-              zend_hash_str_find_ptr(disabled_functions_hooked,
-                  "include_once", sizeof("include_once") - 1),
+              zend_hash_str_find_ptr(disabled_functions_hooked, "include_once",
+                                     sizeof("include_once") - 1),
               disabled_functions_hooked);
           break;
-          EMPTY_SWITCH_DEFAULT_CASE();
+          EMPTY_SWITCH_DEFAULT_CASE();  // LCOV_EXCL_LINE
       }
   }
   efree(zend_filename);
diff --git a/src/sp_pcre_compat.c b/src/sp_pcre_compat.c
index d58d0c4..233ddc0 100644
--- a/src/sp_pcre_compat.c
+++ b/src/sp_pcre_compat.c
@@ -10,7 +10,7 @@ sp_pcre* sp_pcre_compile(const char* const pattern) {
   PCRE2_SIZE erroroffset;
   ret = pcre2_compile((PCRE2_SPTR)pattern, PCRE2_ZERO_TERMINATED,
                       PCRE2_CASELESS, &errornumber, &erroroffset, NULL);
-        pcre2_get_error_message(errornumber, pcre_error, sizeof(pcre_error));
+  pcre2_get_error_message(errornumber, pcre_error, sizeof(pcre_error));
 #else
   const char* pcre_error = NULL;
   int erroroffset;
@@ -46,7 +46,9 @@ bool ZEND_HOT sp_is_regexp_matching_len(const sp_pcre* regexp, const char* str,
 #else
     if (ret != PCRE_ERROR_NOMATCH) {
 #endif
+      // LCOV_EXCL_START
       sp_log_err("regexp", "Something went wrong with a regexp (%d).", ret);
+      // LCOV_EXCL_STOP
     }
     return false;
   }
diff --git a/src/sp_session.c b/src/sp_session.c
index 0f1c0b8..73fda22 100644
--- a/src/sp_session.c
+++ b/src/sp_session.c
@@ -27,10 +27,11 @@ static ZEND_INI_MH((*old_OnUpdateSaveHandler)) = NULL;
 
 static int sp_hook_s_read(PS_READ_ARGS) {
   int r = old_s_read(mod_data, key, val, maxlifetime);
-  const sp_config_session* config_session = SNUFFLEUPAGUS_G(config).config_session;
+  const sp_config_session *config_session =
+      SNUFFLEUPAGUS_G(config).config_session;
 
-  if (r == SUCCESS && config_session->encrypt &&
-      val != NULL && *val != NULL && ZSTR_LEN(*val)) {
+  if (r == SUCCESS && config_session->encrypt && val != NULL && *val != NULL &&
+      ZSTR_LEN(*val)) {
     zend_string *orig_val = *val;
     zval val_zval;
     ZVAL_PSTRINGL(&val_zval, ZSTR_VAL(*val), ZSTR_LEN(*val));
@@ -40,7 +41,7 @@ static int sp_hook_s_read(PS_READ_ARGS) {
       if (config_session->simulation) {
         return ret;
       } else {
-        sp_terminate();
+        zend_bailout();
       }
     }
 
diff --git a/src/sp_sloppy.c b/src/sp_sloppy.c
index 695d2a3..d510181 100644
--- a/src/sp_sloppy.c
+++ b/src/sp_sloppy.c
@@ -36,7 +36,6 @@ ZEND_API zend_op_array* sp_compile_file(zend_file_handle* file_handle,
   return opline;
 }
 
-
 static void array_handler(INTERNAL_FUNCTION_PARAMETERS, const char* name,
                           size_t size, zif_handler orig_handler,
                           const char* spec) {
@@ -55,8 +54,8 @@ static void array_handler(INTERNAL_FUNCTION_PARAMETERS, const char* name,
     ZVAL_COPY(&params[1], array);
     ZVAL_BOOL(&params[2], 1);
   } else {
-                // if there is no array as parameter, don't set strict mode.
-                // check php's implementation for details.
+    // if there is no array as parameter, don't set strict mode.
+    // check php's implementation for details.
     ZVAL_BOOL(&params[2], 0);
   }
 
diff --git a/src/sp_unserialize.c b/src/sp_unserialize.c
index 1b47416..fe738e6 100644
--- a/src/sp_unserialize.c
+++ b/src/sp_unserialize.c
@@ -6,9 +6,9 @@ PHP_FUNCTION(sp_serialize) {
   zif_handler orig_handler;
 
   /* Call the original `serialize` function. */
-  orig_handler = zend_hash_str_find_ptr(
-      SNUFFLEUPAGUS_G(sp_internal_functions_hook), "serialize",
-      sizeof("serialize") - 1);
+  orig_handler =
+      zend_hash_str_find_ptr(SNUFFLEUPAGUS_G(sp_internal_functions_hook),
+                             "serialize", sizeof("serialize") - 1);
   orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
 
   /* Compute the HMAC of the textual representation of the serialized data*/
@@ -26,9 +26,11 @@ PHP_FUNCTION(sp_serialize) {
 
   size_t len = Z_STRLEN_P(return_value) + Z_STRLEN(hmac);
   if (len < Z_STRLEN_P(return_value)) {
+    // LCOV_EXCL_START
     sp_log_err("overflow_error",
                "Overflow tentative detected in sp_serialize.");
     zend_bailout();
+    // LCOV_EXCL_STOP
   }
   zend_string *res = zend_string_alloc(len, 0);
 
@@ -51,7 +53,7 @@ PHP_FUNCTION(sp_unserialize) {
   size_t buf_len = 0;
   zval *opts = NULL;
 
-  const sp_config_unserialize* config_unserialize =
+  const sp_config_unserialize *config_unserialize =
       SNUFFLEUPAGUS_G(config).config_unserialize;
 
   if (zend_parse_parameters(ZEND_NUM_ARGS(), "s|a", &buf, &buf_len, &opts) ==
@@ -63,7 +65,6 @@ PHP_FUNCTION(sp_unserialize) {
   if (buf_len < 64) {
     sp_log_msg("unserialize", SP_LOG_DROP,
                "The serialized object is too small.");
-    RETURN_FALSE;
   }
 
   hmac = buf + buf_len - 64;
@@ -94,6 +95,11 @@ PHP_FUNCTION(sp_unserialize) {
       orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
     }
   } else {
+    if (config_unserialize->dump) {
+      sp_log_request(config_unserialize->dump,
+                    config_unserialize->textual_representation,
+                    SP_TOKEN_UNSERIALIZE_HMAC);
+    }
     if (true == config_unserialize->simulation) {
       sp_log_msg("unserialize", SP_LOG_SIMULATION, "Invalid HMAC for %s",
                  serialized_str);
@@ -107,11 +113,6 @@ PHP_FUNCTION(sp_unserialize) {
                  serialized_str);
     }
   }
-  if (config_unserialize->dump) {
-    sp_log_request(config_unserialize->dump,
-        config_unserialize->textual_representation,
-        SP_TOKEN_UNSERIALIZE_HMAC);
-  }
   efree(serialized_str);
   return;
 }
diff --git a/src/sp_upload_validation.c b/src/sp_upload_validation.c
index d04dce4..086723d 100644
--- a/src/sp_upload_validation.c
+++ b/src/sp_upload_validation.c
@@ -21,31 +21,31 @@ int sp_rfc1867_callback(unsigned int event, void *event_data, void **extra) {
 
   if (event == MULTIPART_EVENT_END) {
     zend_string *file_key __attribute__((unused)) = NULL;
-    const sp_config_upload_validation* config_upload =
+    const sp_config_upload_validation *config_upload =
         SNUFFLEUPAGUS_G(config).config_upload_validation;
     zval *file;
     pid_t pid;
 
-    sp_log_debug("Got %d files",
+    sp_log_debug(
+        "Got %d files",
         zend_hash_num_elements(Z_ARRVAL(PG(http_globals)[TRACK_VARS_FILES])));
 
     ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL(PG(http_globals)[TRACK_VARS_FILES]),
                                   file_key, file) {  // for each uploaded file
 
-      char *filename =
-          Z_STRVAL_P(zend_hash_str_find(Z_ARRVAL_P(file), "name", sizeof("name") - 1));
-      char *tmp_name =
-          Z_STRVAL_P(zend_hash_str_find(Z_ARRVAL_P(file), "tmp_name", sizeof("tmp_name") - 1));
-      size_t filesize =
-          Z_LVAL_P(zend_hash_str_find(Z_ARRVAL_P(file), "size", sizeof("size") - 1));
+      char *filename = Z_STRVAL_P(
+          zend_hash_str_find(Z_ARRVAL_P(file), "name", sizeof("name") - 1));
+      char *tmp_name = Z_STRVAL_P(zend_hash_str_find(
+          Z_ARRVAL_P(file), "tmp_name", sizeof("tmp_name") - 1));
+      size_t filesize = Z_LVAL_P(
+          zend_hash_str_find(Z_ARRVAL_P(file), "size", sizeof("size") - 1));
       char *cmd[3] = {0};
       char *env[5] = {0};
 
-      sp_log_debug(
-          "Filename: %s\nTmpname: %s\nSize: %d\nError: %d\nScript: %s",
-          filename, tmp_name, filesize,
-          Z_LVAL_P(zend_hash_str_find(Z_ARRVAL_P(file), "error", 5)),
-          ZSTR_VAL(config_upload->script));
+      sp_log_debug("Filename: %s\nTmpname: %s\nSize: %d\nError: %d\nScript: %s",
+                   filename, tmp_name, filesize,
+                   Z_LVAL_P(zend_hash_str_find(Z_ARRVAL_P(file), "error", 5)),
+                   ZSTR_VAL(config_upload->script));
 
       cmd[0] = ZSTR_VAL(config_upload->script);
       cmd[1] = tmp_name;
@@ -60,10 +60,8 @@ int sp_rfc1867_callback(unsigned int event, void *event_data, void **extra) {
 
       if ((pid = fork()) == 0) {
         if (execve(ZSTR_VAL(config_upload->script), cmd, env) == -1) {
-          sp_log_warn(
-              "upload_validation", "Could not call '%s' : %s",
-              ZSTR_VAL(config_upload->script),
-              strerror(errno));
+          sp_log_warn("upload_validation", "Could not call '%s' : %s",
+                      ZSTR_VAL(config_upload->script), strerror(errno));
           EFREE_3(env);
           exit(1);
         }
diff --git a/src/sp_utils.c b/src/sp_utils.c
index 3e542f7..6634a8e 100644
--- a/src/sp_utils.c
+++ b/src/sp_utils.c
@@ -9,8 +9,7 @@
 
 ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
 
-bool sp_zend_string_equals(const zend_string* s1,
-                           const zend_string* s2) {
+bool sp_zend_string_equals(const zend_string* s1, const zend_string* s2) {
   // We can't use `zend_string_equals` here because it doesn't work on
   // `const` zend_string.
   return ZSTR_LEN(s1) == ZSTR_LEN(s2) &&
@@ -37,9 +36,11 @@ int compute_hash(const char* const filename, char* file_hash) {
   php_stream* stream =
       php_stream_open_wrapper(filename, "rb", REPORT_ERRORS, NULL);
   if (!stream) {
+    // LCOV_EXCL_START
     sp_log_err("hash_computation",
                "Can not open the file %s to compute its hash", filename);
     return FAILURE;
+    // LCOV_EXCL_STOP
   }
 
   PHP_SHA256Init(&context);
@@ -133,9 +134,11 @@ static char* zend_string_to_char(const zend_string* zs) {
   // Remove all \0 in a zend_string and replace them with '0' instead.
 
   if (ZSTR_LEN(zs) + 1 < ZSTR_LEN(zs)) {
+    // LCOV_EXCL_START
     sp_log_err("overflow_error",
                "Overflow tentative detected in zend_string_to_char");
     zend_bailout();
+    // LCOV_EXCL_STOP
   }
 
   char* copy = ecalloc(ZSTR_LEN(zs) + 1, 1);
@@ -180,8 +183,9 @@ const zend_string* sp_zval_to_zend_string(const zval* zv) {
       return zend_string_init("ARRAY", sizeof("ARRAY") - 1, 0);
     case IS_RESOURCE:
       return zend_string_init("RESOURCE", sizeof("RESOURCE") - 1, 0);
+    default:
+      return zend_string_init("", 0, 0);  // LCOV_EXCL_LINE
   }
-  return zend_string_init("", 0, 0);
 }
 
 bool sp_match_value(const zend_string* value, const zend_string* to_match,
@@ -216,12 +220,10 @@ void sp_log_disable(const char* restrict path, const char* restrict arg_name,
       char_repr = zend_string_to_char(arg_value);
     }
     if (alias) {
-      sp_log_msg(
-          "disabled_function", sim ? SP_LOG_SIMULATION : SP_LOG_DROP,
-          "Aborted execution on call of the function '%s', "
-          "because its argument '%s' content (%s) matched the rule '%s'",
-          path, arg_name, char_repr ? char_repr : "?",
-          ZSTR_VAL(alias));
+      sp_log_msg("disabled_function", sim ? SP_LOG_SIMULATION : SP_LOG_DROP,
+                 "Aborted execution on call of the function '%s', "
+                 "because its argument '%s' content (%s) matched the rule '%s'",
+                 path, arg_name, char_repr ? char_repr : "?", ZSTR_VAL(alias));
     } else {
       sp_log_msg("disabled_function", sim ? SP_LOG_SIMULATION : SP_LOG_DROP,
                  "Aborted execution on call of the function '%s', "
@@ -237,8 +239,7 @@ void sp_log_disable(const char* restrict path, const char* restrict arg_name,
                  path, ZSTR_VAL(alias));
     } else {
       sp_log_msg("disabled_function", sim ? SP_LOG_SIMULATION : SP_LOG_DROP,
-                 "Aborted execution on call of the function '%s'",
-                 path);
+                 "Aborted execution on call of the function '%s'", path);
     }
   }
 }
@@ -263,8 +264,7 @@ void sp_log_disable_ret(const char* restrict path,
         "disabled_function", sim ? SP_LOG_SIMULATION : SP_LOG_DROP,
         "Aborted execution on return of the function '%s', "
         "because the function returned '%s', which matched the rule '%s'",
-        path, char_repr ? char_repr : "?",
-        ZSTR_VAL(alias));
+        path, char_repr ? char_repr : "?", ZSTR_VAL(alias));
   } else {
     sp_log_msg("disabled_function", sim ? SP_LOG_SIMULATION : SP_LOG_DROP,
                "Aborted execution on return of the function '%s', "
@@ -331,9 +331,11 @@ int hook_function(const char* original_name, HashTable* hook_table,
     if (func->handler != new_function) {
       if (zend_hash_str_add_new_ptr((hook_table), VAR_AND_LEN(original_name),
                                     func->handler) == NULL) {
+        // LCOV_EXCL_START
         sp_log_err("function_pointer_saving",
                    "Could not save function pointer for %s", original_name);
         return FAILURE;
+        // LCOV_EXCL_STOP
       }
       func->handler = new_function;
       ret = SUCCESS;
diff --git a/src/sp_utils.h b/src/sp_utils.h
index d835905..200e82c 100644
--- a/src/sp_utils.h
+++ b/src/sp_utils.h
@@ -59,6 +59,6 @@ int hook_regexp(const sp_pcre *, HashTable *, zif_handler);
 bool check_is_in_eval_whitelist(const zend_string *const function_name);
 int sp_log_request(const zend_string *folder, const zend_string *text_repr,
                    char *from);
-bool sp_zend_string_equals(const zend_string* s1, const zend_string* s2);
+bool sp_zend_string_equals(const zend_string *s1, const zend_string *s2);
 
 #endif /* SP_UTILS_H */
diff --git a/src/sp_var_parser.c b/src/sp_var_parser.c
index b57386e..72cbc12 100644
--- a/src/sp_var_parser.c
+++ b/src/sp_var_parser.c
@@ -31,7 +31,7 @@ static bool is_var_name_valid(const char *name) {
     regexp_const = sp_pcre_compile(REGEXP_CONST);
   }
   if (NULL == regexp_var || NULL == regexp_const) {
-    return false;
+    return false;  // LCOV_EXCL_LINE
   }
   if ((false == sp_is_regexp_matching(regexp_var, name)) &&
       (false == sp_is_regexp_matching(regexp_const, name))) {
@@ -64,8 +64,10 @@ static int create_var(sp_tree *tree, const char *restrict value,
     var_node->type = VAR;
   }
   if (!(var_node->value = pestrndup(value, value_len, 1))) {
+    // LCOV_EXCL_START
     sp_log_err("config", "Can't allocate a strndup");
     return -1;
+    // LCOV_EXCL_STOP
   }
   if (var_node->type != INTERPRETED_STRING &&
       !is_var_name_valid(var_node->value)) {
diff --git a/src/sp_wrapper.c b/src/sp_wrapper.c
index e336a87..fd47dd6 100644
--- a/src/sp_wrapper.c
+++ b/src/sp_wrapper.c
@@ -7,11 +7,11 @@ static bool wrapper_is_whitelisted(const zend_string *zs) {
   const sp_list_node *list = SNUFFLEUPAGUS_G(config).config_wrapper->whitelist;
 
   if (!zs) {
-    return false;
+    return false;  // LCOV_EXCL_LINE
   }
 
   while (list) {
-    if (zend_string_equals_ci(zs, (const zend_string*)list->data)) {
+    if (zend_string_equals_ci(zs, (const zend_string *)list->data)) {
       return true;
     }
     list = list->next;
@@ -41,23 +41,24 @@ void sp_disable_wrapper() {
 
   zend_hash_destroy(orig_complete);
   pefree(orig_complete, 1);
-  SNUFFLEUPAGUS_G(config).config_wrapper->num_wrapper = zend_hash_num_elements(orig);
+  SNUFFLEUPAGUS_G(config).config_wrapper->num_wrapper =
+      zend_hash_num_elements(orig);
 }
 
 PHP_FUNCTION(sp_stream_wrapper_register) {
   zif_handler orig_handler;
   zend_string *protocol_name = NULL;
 
-        // LCOV_EXCL_BR_START
+  // LCOV_EXCL_BR_START
   ZEND_PARSE_PARAMETERS_START_EX(ZEND_PARSE_PARAMS_QUIET, 2, EX_NUM_ARGS());
   Z_PARAM_STR(protocol_name);
   ZEND_PARSE_PARAMETERS_END_EX((void)0);
-        // LCOV_EXCL_BR_END
+  // LCOV_EXCL_BR_END
 
   if (wrapper_is_whitelisted(protocol_name)) {
     orig_handler = zend_hash_str_find_ptr(
-        SNUFFLEUPAGUS_G(sp_internal_functions_hook),
-        "stream_wrapper_register", sizeof("stream_wrapper_register") - 1);
+        SNUFFLEUPAGUS_G(sp_internal_functions_hook), "stream_wrapper_register",
+        sizeof("stream_wrapper_register") - 1);
     orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
   }
 }
diff --git a/src/tests/broken_conf_cookie_encryption_without_encryption_key.phpt b/src/tests/broken_conf_cookie_encryption_without_encryption_key.phpt
new file mode 100644
index 0000000..d0b7c0d
--- /dev/null
+++ b/src/tests/broken_conf_cookie_encryption_without_encryption_key.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Borken configuration - encrypted cookie without encryption key
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/broken_conf_cookie_encryption_without_encryption_key.ini
+--FILE--
+--EXPECT--
+PHP Fatal error:  [snuffleupagus][config] You're trying to use the cookie encryption featureon line 2 without having set the `.encryption_key` option in`sp.global`: please set it first in Unknown on line 0
+
+Fatal error: [snuffleupagus][config] You're trying to use the cookie encryption featureon line 2 without having set the `.encryption_key` option in`sp.global`: please set it first in Unknown on line 0
+
+Fatal error: [snuffleupagus][config] Invalid configuration file in Unknown on line 0
+Could not startup.
diff --git a/src/tests/broken_conf_cookie_encryption_without_env_var.phpt b/src/tests/broken_conf_cookie_encryption_without_env_var.phpt
new file mode 100644
index 0000000..af5d471
--- /dev/null
+++ b/src/tests/broken_conf_cookie_encryption_without_env_var.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Borken configuration - encrypted cookie with without cookie env var
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/broken_conf_cookie_encryption_without_env_var.ini
+--FILE--
+--EXPECT--
+PHP Fatal error:  [snuffleupagus][config] You're trying to use the cookie encryption featureon line 2 without having set the `.cookie_env_var` option in`sp.global`: please set it first in Unknown on line 0
+
+Fatal error: [snuffleupagus][config] You're trying to use the cookie encryption featureon line 2 without having set the `.cookie_env_var` option in`sp.global`: please set it first in Unknown on line 0
+
+Fatal error: [snuffleupagus][config] Invalid configuration file in Unknown on line 0
+Could not startup.
diff --git a/src/tests/broken_conf_mutually_exclusive11.phpt b/src/tests/broken_conf_mutually_exclusive11.phpt
new file mode 100644
index 0000000..507d7fa
--- /dev/null
+++ b/src/tests/broken_conf_mutually_exclusive11.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Broken configuration - ret and var are mutually exclusives
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive11.ini
+--FILE--
+--EXPECT--
+PHP Fatal error:  [snuffleupagus][config] Invalid configuration line: 'sp.disabled_functions.function("strcmp").drop().ret("hip").var("hop");':`ret` and `var` are mutually exclusive on line 1 in Unknown on line 0
+
+Fatal error: [snuffleupagus][config] Invalid configuration line: 'sp.disabled_functions.function("strcmp").drop().ret("hip").var("hop");':`ret` and `var` are mutually exclusive on line 1 in Unknown on line 0
+
+Fatal error: [snuffleupagus][config] Invalid configuration file in Unknown on line 0
+Could not startup.
diff --git a/src/tests/broken_conf_mutually_exclusive12.phpt b/src/tests/broken_conf_mutually_exclusive12.phpt
new file mode 100644
index 0000000..d823de9
--- /dev/null
+++ b/src/tests/broken_conf_mutually_exclusive12.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Broken configuration - ret and value are mutually exclusive
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive12.ini
+--FILE--
+--EXPECT--
+PHP Fatal error:  [snuffleupagus][config] Invalid configuration line: 'sp.disabled_functions.function("strcmp").drop().ret("hip").value("hop");':`ret` and `value` are mutually exclusive on line 1 in Unknown on line 0
+
+Fatal error: [snuffleupagus][config] Invalid configuration line: 'sp.disabled_functions.function("strcmp").drop().ret("hip").value("hop");':`ret` and `value` are mutually exclusive on line 1 in Unknown on line 0
+
+Fatal error: [snuffleupagus][config] Invalid configuration file in Unknown on line 0
+Could not startup.
diff --git a/src/tests/broken_conf_wrapper_whitelist.phpt b/src/tests/broken_conf_wrapper_whitelist.phpt
new file mode 100644
index 0000000..ea147ac
--- /dev/null
+++ b/src/tests/broken_conf_wrapper_whitelist.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Broken configuration with invalid token for wrapper whitelist
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/broken_conf_wrapper_whitelist.ini
+sp.allow_broken_configuration=Off
+--FILE--
+<?php
+echo 1337;
+?>
+--EXPECT--
+PHP Fatal error:  [snuffleupagus][config] Trailing chars '.invalid_param();' at the end of '.invalid_param();' on line 1 in Unknown on line 0
+
+Fatal error: [snuffleupagus][config] Trailing chars '.invalid_param();' at the end of '.invalid_param();' on line 1 in Unknown on line 0
+
+Fatal error: [snuffleupagus][config] Invalid configuration file in Unknown on line 0
+Could not startup.
diff --git a/src/tests/config/broken_conf_cookie_encryption_without_encryption_key.ini b/src/tests/config/broken_conf_cookie_encryption_without_encryption_key.ini
new file mode 100644
index 0000000..a100bd8
--- /dev/null
+++ b/src/tests/config/broken_conf_cookie_encryption_without_encryption_key.ini
@@ -0,0 +1,2 @@
+sp.global.cookie_env_var("MY_SUPER_ENV_VAR_YAY");
+sp.cookie.name("my_cookie_name").encrypt();
diff --git a/src/tests/config/broken_conf_cookie_encryption_without_env_var.ini b/src/tests/config/broken_conf_cookie_encryption_without_env_var.ini
new file mode 100644
index 0000000..54cb101
--- /dev/null
+++ b/src/tests/config/broken_conf_cookie_encryption_without_env_var.ini
@@ -0,0 +1,2 @@
+sp.global.secret_key("super secret encryption key");
+sp.cookie.name("my_cookie_name").encrypt();
diff --git a/src/tests/config/broken_conf_mutually_exclusive11.ini b/src/tests/config/broken_conf_mutually_exclusive11.ini
new file mode 100644
index 0000000..cab163f
--- /dev/null
+++ b/src/tests/config/broken_conf_mutually_exclusive11.ini
@@ -0,0 +1 @@
+sp.disable_function.function("strcmp").drop().ret("hip").var("hop");
diff --git a/src/tests/config/broken_conf_mutually_exclusive12.ini b/src/tests/config/broken_conf_mutually_exclusive12.ini
new file mode 100644
index 0000000..fe140db
--- /dev/null
+++ b/src/tests/config/broken_conf_mutually_exclusive12.ini
@@ -0,0 +1 @@
+sp.disable_function.function("strcmp").drop().ret("hip").value("hop");
diff --git a/src/tests/config/broken_conf_wrapper_whitelist.ini b/src/tests/config/broken_conf_wrapper_whitelist.ini
new file mode 100644
index 0000000..b8e08a8
--- /dev/null
+++ b/src/tests/config/broken_conf_wrapper_whitelist.ini
@@ -0,0 +1 @@
+sp.wrappers_whitelist.invalid_param();
diff --git a/src/tests/crypt_session_invalid.phpt b/src/tests/crypt_session_invalid.phpt
index cc6e80e..4b0f4d2 100644
--- a/src/tests/crypt_session_invalid.phpt
+++ b/src/tests/crypt_session_invalid.phpt
@@ -21,4 +21,4 @@ session_start(); 			// Re start the session, It will read and decrypt the non em
 var_dump($_SESSION);            // Dump the session
 ?>
 --EXPECTF--
-Fatal error: [snuffleupagus][cookie_encryption] Something went wrong with the decryption of the session in %s/tests/crypt_session_invalid.php on line %d
+Warning: [snuffleupagus][cookie_encryption] Something went wrong with the decryption of the session in %s/tests/crypt_session_invalid.php on line %d
diff --git a/src/tests/encrypt_cookies4.phpt b/src/tests/encrypt_cookies4.phpt
index 14d737a..04d4076 100644
--- a/src/tests/encrypt_cookies4.phpt
+++ b/src/tests/encrypt_cookies4.phpt
@@ -16,8 +16,13 @@ EOF;
 setcookie("super_cookie", "super_value");
 setcookie("awful_cookie", "awful_value");
 setcookie("nice_cookie", "nice_value", 1, "1", "1", true, true);
+$ret = setcookie("", "Cookie with no name", 1, "1", "1", true, true);
+if ($ret == TRUE) {
+        echo "fail :/";
+}
 var_dump($_COOKIE);
 ?>
---EXPECT--
+--EXPECTF--
+Warning: Cookie names must not be empty in %a/tests/encrypt_cookies4.php on line %d
 array(0) {
 }
diff --git a/src/tests/encrypt_cookies_empty_env.phpt b/src/tests/encrypt_cookies_empty_env.phpt
index 252f831..23f1759 100644
--- a/src/tests/encrypt_cookies_empty_env.phpt
+++ b/src/tests/encrypt_cookies_empty_env.phpt
@@ -14,4 +14,5 @@ super_cookie=cGFkZGluZ3BhZGRpbmdwYWRkaW5ncGFkZGluZ3BhZGRpbmdwYWRkaW5ncGFkZGluZ3B
 --EXPECT--
 Warning: [snuffleupagus][cookie_encryption] The environment variable 'SUPER_ENV_VAR' is empty, cookies are weakly encrypted in Unknown on line 0
 
-Fatal error: [snuffleupagus][cookie_encryption] Something went wrong with the decryption of super_cookie in Unknown on line 0
+Warning: [snuffleupagus][cookie_encryption] Something went wrong with the decryption of super_cookie in Unknown on line 0
+1
diff --git a/src/tests/encrypt_cookies_invalid_decryption.phpt b/src/tests/encrypt_cookies_invalid_decryption.phpt
index c64675d..d4a0b0f 100644
--- a/src/tests/encrypt_cookies_invalid_decryption.phpt
+++ b/src/tests/encrypt_cookies_invalid_decryption.phpt
@@ -1,5 +1,5 @@
 --TEST--
-Cookie encryption
+Cookie encryption - invalid decryption
 --SKIPIF--
 <?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
 --INI--
@@ -8,12 +8,19 @@ display_errors=1
 display_startup_errors=1
 error_reporting=E_ALL
 --COOKIE--
-super_cookie=jWjORGsgZyqzk3WA63XZBmUoSknXWnXDfAAAAAAAAAAAAAAAAAAAAAA7LiMDfkpP94jDnMVH%2Fm41GeL0Y00q3mbOFYz%2FS9mQGySu;awful_cookie=awful_cookie_value;
+super_cookie=Wk9NR1RISVNJU05PVEVOQ1JZUFRFREFUQUxMV0hBVFRIRUhFTExJU0hIRUxMQVJFWU9VRE9JTkdaT01Hb2htYXliZXRoaXNpc2Fub2xkc2Vzc2lvbmNvb2tpZQo=;awfulcookie=awfulcookievalue;
 --ENV--
 return <<<EOF
 REMOTE_ADDR=127.0.0.1
 EOF;
 --FILE--
-<?php var_dump($_COOKIE); ?>
+<?php
+echo "1337\n";
+var_dump($_COOKIE); ?>
 --EXPECT--
-Fatal error: [snuffleupagus][cookie_encryption] Something went wrong with the decryption of super_cookie in Unknown on line 0
\ No newline at end of file
+Warning: [snuffleupagus][cookie_encryption] Something went wrong with the decryption of super_cookie in Unknown on line 0
+1337
+array(1) {
+  ["awfulcookie"]=>
+  string(16) "awfulcookievalue"
+}
diff --git a/src/tests/encrypt_regexp_cookies_invalid_decryption.phpt b/src/tests/encrypt_regexp_cookies_invalid_decryption.phpt
index 0c02806..d2f9e3c 100644
--- a/src/tests/encrypt_regexp_cookies_invalid_decryption.phpt
+++ b/src/tests/encrypt_regexp_cookies_invalid_decryption.phpt
@@ -16,4 +16,8 @@ EOF;
 --FILE--
 <?php var_dump($_COOKIE); ?>
 --EXPECT--
-Fatal error: [snuffleupagus][cookie_encryption] Something went wrong with the decryption of super_cookie in Unknown on line 0
\ No newline at end of file
+Warning: [snuffleupagus][cookie_encryption] Something went wrong with the decryption of super_cookie in Unknown on line 0
+array(1) {
+  ["awful_cookie"]=>
+  string(18) "awful_cookie_value"
+}