From 78668b6ef599f700ba939017dc805485452f5319 Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Sun, 25 Jun 2023 14:56:43 +0200
Subject: Fix an unserialize-related warning

This should fix `Warning: unserialize(): Extra data starting at offset 8 of 72 bytes in unserialize.php on line 4`.
On the flip side, it's not longer possible in PHP8.3 and above, when using
Snuffleupagus, to have other extensions hooking unserialize().
---
 src/sp_unserialize.c | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

(limited to 'src')

diff --git a/src/sp_unserialize.c b/src/sp_unserialize.c
index 641d989..ab0d9ed 100644
--- a/src/sp_unserialize.c
+++ b/src/sp_unserialize.c
@@ -50,8 +50,6 @@ static zend_string *sp_do_hash_hmac_sha256(char* restrict data, size_t data_len,
   return hex_digest;
 }
 
-// ------------------
-
 PHP_FUNCTION(sp_serialize) {
   zif_handler orig_handler;
 
@@ -130,11 +128,16 @@ PHP_FUNCTION(sp_unserialize) {
     }
   } else { status = 1; }
 
-  zif_handler orig_handler;
+  zif_handler orig_handler = zend_hash_str_find_ptr(SPG(sp_internal_functions_hook), ZEND_STRL("unserialize"));
   if (0 == status) {
-    if ((orig_handler = zend_hash_str_find_ptr(SPG(sp_internal_functions_hook), ZEND_STRL("unserialize")))) {
+#if PHP_VERSION_ID >= 80300
+      // PHP8.3 gives a warning about trailing data in unserialize strings.
+      php_unserialize_with_options(return_value, buf, buf_len - 64, opts, "unserialize");
+#else
+    if ((orig_handler)) {
       orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
     }
+#endif
   } else {
     const sp_config_unserialize *config_unserialize = &(SPCFG(unserialize));
     if (config_unserialize->dump) {
@@ -143,9 +146,14 @@ PHP_FUNCTION(sp_unserialize) {
     }
     if (true == config_unserialize->simulation) {
       sp_log_simulation("unserialize", "Invalid HMAC for %s", serialized_str);
-      if ((orig_handler = zend_hash_str_find_ptr(SPG(sp_internal_functions_hook), ZEND_STRL("unserialize")))) {
+#if PHP_VERSION_ID >= 80300
+      // PHP8.3 gives a warning about trailing data in unserialize strings.
+      php_unserialize_with_options(return_value, buf, buf_len - 64, opts, "unserialize");
+#else
+      if ((orig_handler)) {
         orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
       }
+#endif
     } else {
       sp_log_drop("unserialize", "Invalid HMAC for %s", serialized_str);
     }
-- 
cgit v1.3