From 8494058a1f09bba8a1984b2e9d2e34ac2da01c70 Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Tue, 27 Feb 2024 22:09:06 +0100
Subject: [PATCH] Fix GH-13531: Unable to resize SplfixedArray after being
 unserialized in PHP 8.2.15

When unserializing, the cached_resize field was not reset to -1
correctly, causing the setSize() method to think we were inside of a
resize operation.

Closes GH-13543.
---
 NEWS                       |  4 ++++
 ext/spl/spl_fixedarray.c   |  3 ++-
 ext/spl/tests/gh13531.phpt | 28 ++++++++++++++++++++++++++++
 3 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 ext/spl/tests/gh13531.phpt

diff --git a/NEWS b/NEWS
index ab1364e0d330a..ad388c3562339 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,10 @@ PHP                                                                        NEWS
 - PDO:
   . Fix various PDORow bugs. (Girgias)
 
+- SPL:
+  . Fixed bug GH-13531 (Unable to resize SplfixedArray after being unserialized
+    in PHP 8.2.15). (nielsdos)
+
 - XML:
   . Fixed bug GH-13517 (Multiple test failures when building with
     --with-expat). (nielsdos)
diff --git a/ext/spl/spl_fixedarray.c b/ext/spl/spl_fixedarray.c
index 14ae7032568a7..7c08a189c6fcf 100644
--- a/ext/spl/spl_fixedarray.c
+++ b/ext/spl/spl_fixedarray.c
@@ -91,6 +91,7 @@ static void spl_fixedarray_default_ctor(spl_fixedarray *array)
 {
 	array->size = 0;
 	array->elements = NULL;
+	array->cached_resize = -1;
 }
 
 /* Initializes the range [from, to) to null. Does not dtor existing elements. */
@@ -110,6 +111,7 @@ static void spl_fixedarray_init_non_empty_struct(spl_fixedarray *array, zend_lon
 	array->elements = size ? safe_emalloc(size, sizeof(zval), 0) : NULL;
 	array->size = size;
 	array->should_rebuild_properties = true;
+	array->cached_resize = -1;
 }
 
 static void spl_fixedarray_init(spl_fixedarray *array, zend_long size)
@@ -120,7 +122,6 @@ static void spl_fixedarray_init(spl_fixedarray *array, zend_long size)
 	} else {
 		spl_fixedarray_default_ctor(array);
 	}
-	array->cached_resize = -1;
 }
 
 /* Copies the range [begin, end) into the fixedarray, beginning at `offset`.
diff --git a/ext/spl/tests/gh13531.phpt b/ext/spl/tests/gh13531.phpt
new file mode 100644
index 0000000000000..46503ccf22a63
--- /dev/null
+++ b/ext/spl/tests/gh13531.phpt
@@ -0,0 +1,28 @@
+--TEST--
+GH-13531 (Unable to resize SplfixedArray after being unserialized in PHP 8.2.15)
+--FILE--
+<?php
+
+$array = new SplFixedArray(5);
+$array[4] = 1;
+$serialized = serialize($array);
+$unserialized = unserialize($serialized);
+$unserialized->setSize(6);
+var_dump($unserialized);
+
+?>
+--EXPECT--
+object(SplFixedArray)#2 (6) {
+  [0]=>
+  NULL
+  [1]=>
+  NULL
+  [2]=>
+  NULL
+  [3]=>
+  NULL
+  [4]=>
+  int(1)
+  [5]=>
+  NULL
+}