From 8c54077980d8b7da2a47c6fe0e79989778b48229 Mon Sep 17 00:00:00 2001
From: Michael Wallner <mike@php.net>
Date: Tue, 14 Dec 2021 12:39:12 +0100
Subject: [PATCH] sort of correct unserialize input arg type

---
 ion.stub.php  |  2 +-
 ion_arginfo.h |  4 ++--
 ion_private.h | 25 +++++++++++++------------
 3 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/ion.stub.php b/ion.stub.php
index dcf0cfa..f3f81f3 100644
--- a/ion.stub.php
+++ b/ion.stub.php
@@ -481,4 +481,4 @@ class PHP implements \ion\Unserializer {
 namespace ion;
 function serialize(mixed $data, ?Serializer $serializer = null) : string {}
 /** @param string|resource $data */
-function unserialize(mixed $data, ?Unserializer $unserializer = null) : mixed {}
+function unserialize($data, ?Unserializer $unserializer = null) : mixed {}
diff --git a/ion_arginfo.h b/ion_arginfo.h
index da22a4b..4d5bc27 100644
--- a/ion_arginfo.h
+++ b/ion_arginfo.h
@@ -1,5 +1,5 @@
 /* This is a generated file, edit the .stub.php file instead.
- * Stub hash: f2b34e7e90a3fcb65ad470c6acce7cc31b804716 */
+ * Stub hash: 5dc8abb809cd14ed4c542ca5114bd4ceda42d70b */
 
 ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_ion_serialize, 0, 1, IS_STRING, 0)
 	ZEND_ARG_TYPE_INFO(0, data, IS_MIXED, 0)
@@ -7,7 +7,7 @@ ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_ion_serialize, 0, 1, IS_STRING,
 ZEND_END_ARG_INFO()
 
 ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_ion_unserialize, 0, 1, IS_MIXED, 0)
-	ZEND_ARG_TYPE_INFO(0, data, IS_MIXED, 0)
+	ZEND_ARG_INFO(0, data)
 	ZEND_ARG_OBJ_INFO_WITH_DEFAULT_VALUE(0, unserializer, ion\\Unserializer, 1, "null")
 ZEND_END_ARG_INFO()
 
diff --git a/ion_private.h b/ion_private.h
index 5ca03da..1765d62 100644
--- a/ion_private.h
+++ b/ion_private.h
@@ -1891,23 +1891,24 @@ void php_ion_unserialize(php_ion_unserializer *ser, zval *zdata, zval *return_va
 	zend_object *zo_reader;
 	php_ion_reader *reader;
 	ZVAL_DEREF(zdata);
-	switch (Z_TYPE_P(zdata)) {
-	case IS_STRING:
-		zo_reader = create_ion_Reader_Reader(ce_Reader_Buffer_Reader);
-		reader = php_ion_obj(reader, zo_reader);
-		reader->type = BUFFER_READER;
-		reader->buffer = zend_string_copy(Z_STR_P(zdata));
-		break;
 
-	case IS_RESOURCE:
+	if (Z_TYPE_P(zdata) == IS_RESOURCE) {
 		zo_reader = create_ion_Reader_Reader(ce_Reader_Stream_Reader);
 		reader = php_ion_obj(reader, zo_reader);
 		reader->type = STREAM_READER;
 		php_stream_from_zval_no_verify(reader->stream.ptr, zdata);
-		break;
-
-	default:
-		ZEND_ASSERT(!IS_STRING && !IS_RESOURCE);
+	} else if (Z_TYPE_P(zdata) <= IS_STRING) {
+		zo_reader = create_ion_Reader_Reader(ce_Reader_Buffer_Reader);
+		reader = php_ion_obj(reader, zo_reader);
+		reader->type = BUFFER_READER;
+		reader->buffer = zval_get_string(zdata);
+	} else {
+		zend_throw_exception_ex(spl_ce_InvalidArgumentException, IERR_INVALID_ARG,
+				"Invalid source to unserialize; expected string or resource");
+		if (zo_ser) {
+			OBJ_RELEASE(zo_ser);
+		}
+		return;
 	}
 
 	if (ser->options) {
-- 
2.30.2