From 9cc6166e8ed62a942e2a68a974f5c54be0b89a3e Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Thu, 5 Mar 2020 14:57:27 +0100
Subject: [PATCH] Fix #75673: SplStack::unserialize() behavior

Even though `SplStack::unserialize()` is not supposed to be called on
an already constructed instance, it is probably better if the method
clears the stack before actually unserializing.
---
 ext/spl/spl_dllist.c        |  6 ++++++
 ext/spl/tests/bug75673.phpt | 19 +++++++++++++++++++
 2 files changed, 25 insertions(+)
 create mode 100644 ext/spl/tests/bug75673.phpt

diff --git a/ext/spl/spl_dllist.c b/ext/spl/spl_dllist.c
index ba9488abfc226..9919b1aa63898 100644
--- a/ext/spl/spl_dllist.c
+++ b/ext/spl/spl_dllist.c
@@ -1185,6 +1185,12 @@ SPL_METHOD(SplDoublyLinkedList, unserialize)
 		return;
 	}
 
+	while (intern->llist->count > 0) {
+		zval tmp;
+		spl_ptr_llist_pop(intern->llist, &tmp);
+		zval_ptr_dtor(&tmp);
+	}
+
 	s = p = (const unsigned char*)buf;
 	PHP_VAR_UNSERIALIZE_INIT(var_hash);
 
diff --git a/ext/spl/tests/bug75673.phpt b/ext/spl/tests/bug75673.phpt
new file mode 100644
index 0000000000000..76fe3745fb43d
--- /dev/null
+++ b/ext/spl/tests/bug75673.phpt
@@ -0,0 +1,19 @@
+--TEST--
+Bug #75673 (SplStack::unserialize() behavior)
+--FILE--
+<?php
+$stack = new SplStack();
+$stack->push("one");
+$stack->push("two");
+
+$serialized = $stack->serialize();
+var_dump($stack->count());
+$stack->unserialize($serialized);
+var_dump($stack->count());
+$stack->unserialize($serialized);
+var_dump($stack->count());
+?>
+--EXPECT--
+int(2)
+int(2)
+int(2)