[Config] ConfigCache::isFresh() should return false when unserialize() fails

nicolas-grekas · nicolas-grekas · commit 36e4ec69fece · 2016-11-28T14:20:18.000+01:00
diff --git a/src/Symfony/Component/Config/ConfigCache.php b/src/Symfony/Component/Config/ConfigCache.php
@@ -86,7 +86,26 @@ public function isFresh()
         }
 
         $time = filemtime($this->file);
-        $meta = unserialize(file_get_contents($metadata));
+        try {
+            $unserializeCallbackHandler = ini_set('unserialize_callback_func', '');
+            $signalingException = new \UnexpectedValueException();
+            set_error_handler(function () use ($signalingException) { throw $signalingException; });
+
+            $e = null;
+            $meta = false;
+            $meta = unserialize(file_get_contents($metadata));
+        } catch (\Error $e) {
+        } catch (\Exception $e) {
+        }
+        restore_error_handler();
+        ini_set('unserialize_callback_func', $unserializeCallbackHandler);
+        if (null !== $e && $e !== $signalingException) {
+            throw $e;
+        }
+        if (false === $meta) {
+            return false;
+        }
+
         foreach ($meta as $resource) {
             if (!$resource->isFresh($time)) {
                 return false;
diff --git a/src/Symfony/Component/Config/Tests/ConfigCacheTest.php b/src/Symfony/Component/Config/Tests/ConfigCacheTest.php
@@ -93,6 +93,15 @@ public function testCacheIsNotFreshIfOneOfTheResourcesIsNotFresh()
         $this->assertFalse($cache->isFresh());
     }
 
+    public function testCacheIsNotFreshWhenUnserializeFails()
+    {
+        file_put_contents($this->metaFile, substr(file_get_contents($this->metaFile), 2));
+
+        $cache = new ConfigCache($this->cacheFile, true);
+
+        $this->assertFalse($cache->isFresh());
+    }
+
     public function testWriteDumpsFile()
     {
         unlink($this->cacheFile);
