random: Validate that the arrays do not contain extra elements when unserializing (#9458)

* Apply `var_dump()` in 02_engine/all_serialize_error.phpt

This ensures that an undetected serialization error is clear identifiable in the output.

* random: Validate that the arrays do not contain extra elements when unserializing

Author: TimWolla

ext/random/engine_mt19937.c

@@ -203,6 +203,11 @@ static bool unserialize(php_random_status *status, HashTable *data)
 	php_random_status_state_mt19937 *s = status->state;
 	zval *t;
 
+	/* Verify the expected number of elements, this implicitly ensures that no additional elements are present. */
+	if (zend_hash_num_elements(data) != (MT_N + 2)) {
+		return false;
+	}
+
 	for (uint32_t i = 0; i < MT_N; i++) {
 		t = zend_hash_index_find(data, i);
 		if (!t || Z_TYPE_P(t) != IS_STRING || Z_STRLEN_P(t) != (2 * sizeof(uint32_t))) {
@@ -358,6 +363,12 @@ PHP_METHOD(Random_Engine_Mt19937, __unserialize)
 		Z_PARAM_ARRAY_HT(d);
 	ZEND_PARSE_PARAMETERS_END();
 
+	/* Verify the expected number of elements, this implicitly ensures that no additional elements are present. */
+	if (zend_hash_num_elements(d) != 2) {
+		zend_throw_exception_ex(NULL, 0, "Invalid serialization data for %s object", ZSTR_VAL(engine->std.ce->name));
+		RETURN_THROWS();
+	}
+
 	/* members */
 	t = zend_hash_index_find(d, 0);
 	if (!t || Z_TYPE_P(t) != IS_ARRAY) {

ext/random/engine_pcgoneseq128xslrr64.c

@@ -83,6 +83,11 @@ static bool unserialize(php_random_status *status, HashTable *data)
 	uint64_t u[2];
 	zval *t;
 
+	/* Verify the expected number of elements, this implicitly ensures that no additional elements are present. */
+	if (zend_hash_num_elements(data) != 2) {
+		return false;
+	}
+
 	for (uint32_t i = 0; i < 2; i++) {
 		t = zend_hash_index_find(data, i);
 		if (!t || Z_TYPE_P(t) != IS_STRING || Z_STRLEN_P(t) != (2 * sizeof(uint64_t))) {

ext/random/engine_xoshiro256starstar.c

@@ -131,6 +131,11 @@ static bool unserialize(php_random_status *status, HashTable *data)
 	php_random_status_state_xoshiro256starstar *s = status->state;
 	zval *t;
 
+	/* Verify the expected number of elements, this implicitly ensures that no additional elements are present. */
+	if (zend_hash_num_elements(data) != 4) {
+		return false;
+	}
+
 	for (uint32_t i = 0; i < 4; i++) {
 		t = zend_hash_index_find(data, i);
 		if (!t || Z_TYPE_P(t) != IS_STRING || Z_STRLEN_P(t) != (2 * sizeof(uint64_t))) {

ext/random/randomizer.c

@@ -272,6 +272,12 @@ PHP_METHOD(Random_Randomizer, __unserialize)
 		Z_PARAM_ARRAY_HT(d);
 	ZEND_PARSE_PARAMETERS_END();
 
+	/* Verify the expected number of elements, this implicitly ensures that no additional elements are present. */
+	if (zend_hash_num_elements(d) != 1) {
+		zend_throw_exception(NULL, "Invalid serialization data for Random\\Randomizer object", 0);
+		RETURN_THROWS();
+	}
+
 	members_zv = zend_hash_index_find(d, 0);
 	if (!members_zv || Z_TYPE_P(members_zv) != IS_ARRAY) {
 		zend_throw_exception(NULL, "Invalid serialization data for Random\\Randomizer object", 0);