From 50cf5a89b0454e69d86e400fa6f7ed1733c20f28 Mon Sep 17 00:00:00 2001
From: Michael Wallner <mike@php.net>
Date: Thu, 19 May 2022 10:21:09 +0200
Subject: [PATCH] fix crash caused by uninitialized zval when unserializing
 properties

---
 ion_private.h                           |  1 +
 tests/unserialize/executor_globals.phpt | 22 ++++++++++++++++++++++
 2 files changed, 23 insertions(+)
 create mode 100644 tests/unserialize/executor_globals.phpt

diff --git a/ion_private.h b/ion_private.h
index 21e3558..27c2670 100644
--- a/ion_private.h
+++ b/ion_private.h
@@ -2360,6 +2360,7 @@ static void php_ion_unserialize_props(php_ion_unserializer *ser, zval *return_va
 		ION_CATCH();
 
 		zval zvalue;
+		ZVAL_UNDEF(&zvalue);
 		php_ion_unserialize_zval(ser, &zvalue, &typ);
 		ION_CATCH(zend_string_release(key));
 
diff --git a/tests/unserialize/executor_globals.phpt b/tests/unserialize/executor_globals.phpt
new file mode 100644
index 0000000..5d23d17
--- /dev/null
+++ b/tests/unserialize/executor_globals.phpt
@@ -0,0 +1,22 @@
+--TEST--
+ion\unserialize/executor_globals
+--EXTENSIONS--
+ion
+--FILE--
+TEST
+<?php
+class test_class {
+	public $s;
+	public $u;
+}
+$c = new test_class;
+$c->s = new ion\Serializer\Serializer;
+
+$c->u = new ion\Unserializer\Unserializer;
+$d = $c->s->serialize($c);
+$c->u->unserialize($d);
+?>
+DONE
+--EXPECT--
+TEST
+DONE
-- 
2.30.2