6 files changed, 61 insertions, 4 deletions

diff --git a/ext/standard/tests/serialize/bug68545.phpt b/ext/standard/tests/serialize/bug68545.phpt
new file mode 100644
index 000000000..e7250b37b
--- /dev/null
+++ b/ext/standard/tests/serialize/bug68545.phpt
@@ -0,0 +1,11 @@
+--TEST--
+Bug #68545 NULL pointer dereference in unserialize.c:var_push_dtor
+--FILE--
+<?php 
+var_dump(unserialize('a:6:{a:6:{s:3:"322";s:3:"bar";s:3:"bar";s:3:"foo";a:6:{a:6:{s:3:"322";s:3:"bar";s:3:"bar";s:3:"foo";s:3:"bar";a:6:{a:6:{s:3:"322";s:3:"bar";s:3:"bar";s:3:"foo";a:6:{a:6:{s:3:"322";s:3:"bar";s:3:"b22";s:3:"bar";s:3:"bar";s:3:"foo";s:3:"bar";a:6:{a:6:{s:3:"322";s:3:"bar";s:3:"bar";s:3:"foo";s:3:"bar";s:3:"bar";')); 
+?>
+===DONE===
+--EXPECTF--
+Notice: unserialize(): Error at offset %d of %d bytes in %sbug68545.php on line %d
+bool(false)
+===DONE===
diff --git a/ext/standard/tests/serialize/bug68594.phpt b/ext/standard/tests/serialize/bug68594.phpt
new file mode 100644
index 000000000..60fc7a76a
--- /dev/null
+++ b/ext/standard/tests/serialize/bug68594.phpt
@@ -0,0 +1,23 @@
+--TEST--
+Bug #68545 Use after free vulnerability in unserialize()
+--FILE--
+<?php
+for ($i=4; $i<100; $i++) {
+	$m = new StdClass();
+
+	$u = array(1);
+
+	$m->aaa = array(1,2,&$u,4,5);
+	$m->bbb = 1;
+	$m->ccc = &$u;
+	$m->ddd = str_repeat("A", $i);
+
+	$z = serialize($m);
+	$z = str_replace("bbb", "aaa", $z);
+	$y = unserialize($z);
+	$z = serialize($y);
+}
+?>
+===DONE===
+--EXPECTF--
+===DONE===
diff --git a/ext/standard/tests/strings/addcslashes_005.phpt b/ext/standard/tests/strings/addcslashes_005.phpt
new file mode 100644
index 000000000..f0b2fbcec
--- /dev/null
+++ b/ext/standard/tests/strings/addcslashes_005.phpt
@@ -0,0 +1,12 @@
+--TEST--
+addcslashes(); function test with warning
+--CREDITS--
+ marcosptf - <marcosptf@yahoo.com.br>
+#phptestfest PHPSP on Google - Sao Paulo - Brazil - 2014-06-05
+--FILE--
+<?php
+echo addcslashes("zoo['.']","z..A");
+?>
+--EXPECTF--
+Warning: addcslashes(): Invalid '..'-range, '..'-range needs to be incrementing in %s on line %d
+\zoo['\.']
diff --git a/ext/standard/tests/strings/bin2hex_001.phpt b/ext/standard/tests/strings/bin2hex_001.phpt
new file mode 100644
index 000000000..e73500a30
--- /dev/null
+++ b/ext/standard/tests/strings/bin2hex_001.phpt
@@ -0,0 +1,11 @@
+--TEST--
+bin2hex(); function test
+--CREDITS--
+marcosptf - <marcosptf@yahoo.com.br>
+#phptestfest PHPSP on Google - Sao Paulo - Brazil - 2014-06-05
+--FILE--
+<?php
+echo bin2hex("123456");
+?>
+--EXPECT--
+313233343536
diff --git a/ext/standard/tests/strings/sprintf_variation34.phpt b/ext/standard/tests/strings/sprintf_variation34.phpt
index c6186b678..8a5cd809d 100644
--- a/ext/standard/tests/strings/sprintf_variation34.phpt
+++ b/ext/standard/tests/strings/sprintf_variation34.phpt
@@ -29,8 +29,8 @@ $integer_values = array(
   0Xfff,
   0XFA,
   -0x80000000, // max negative integer as hexadecimal
-  0x7fffffff,  // max postive integer as hexadecimal
-  0x7FFFFFFF,  // max postive integer as hexadecimal
+  0x7fffffff,  // max positive integer as hexadecimal
+  0x7FFFFFFF,  // max positive integer as hexadecimal
   0123,        // integer as octal 
   01912,       // should be quivalent to octal 1
   -020000000000, // max negative integer as octal 
diff --git a/ext/standard/tests/strings/sprintf_variation40_64bit.phpt b/ext/standard/tests/strings/sprintf_variation40_64bit.phpt
index da6f37ace..029e94c78 100644
--- a/ext/standard/tests/strings/sprintf_variation40_64bit.phpt
+++ b/ext/standard/tests/strings/sprintf_variation40_64bit.phpt
@@ -25,8 +25,8 @@ $integer_values = array(
   0Xfff,
   0XFA,
   -0x80000000, // max negative integer as hexadecimal
-  0x7fffffff,  // max postive integer as hexadecimal
-  0x7FFFFFFF,  // max postive integer as hexadecimal
+  0x7fffffff,  // max positive integer as hexadecimal
+  0x7FFFFFFF,  // max positive integer as hexadecimal
   0123,        // integer as octal 
   01912,       // should be quivalent to octal 1
   -020000000000, // max negative integer as octal