--- embedaddon/php/ext/standard/var_unserializer.c	2013/10/14 08:02:35	1.1.1.4
+++ embedaddon/php/ext/standard/var_unserializer.c	2014/06/15 20:03:57	1.1.1.5
@@ -1,4 +1,4 @@
-/* Generated by re2c 0.13.5 on Mon Jul 29 17:57:26 2013 */
+/* Generated by re2c 0.13.5 on Fri Apr 18 15:07:27 2014 */
 /*
   +----------------------------------------------------------------------+
   | PHP Version 5                                                        |
@@ -17,7 +17,7 @@
   +----------------------------------------------------------------------+
 */
 
-/* $Id: var_unserializer.c,v 1.1.1.4 2013/10/14 08:02:35 misho Exp $ */
+/* $Id: var_unserializer.c,v 1.1.1.5 2014/06/15 20:03:57 misho Exp $ */
 
 #include "php.h"
 #include "ext/standard/php_var.h"
@@ -394,7 +394,15 @@ static inline long object_common1(UNSERIALIZE_PARAMETE
 
 	(*p) += 2;
 	
-	object_init_ex(*rval, ce);
+	if (ce->serialize == NULL) {
+		object_init_ex(*rval, ce);
+	} else {
+		/* If this class implements Serializable, it should not land here but in object_custom(). The passed string
+		obviously doesn't descend from the regular serializer. */
+		zend_error(E_WARNING, "Erroneous data format for unserializing '%s'", ce->name);
+		return 0;
+	}
+
 	return elements;
 }
 
@@ -405,6 +413,10 @@ static inline int object_common2(UNSERIALIZE_PARAMETER
 {
 	zval *retval_ptr = NULL;
 	zval fname;
+
+	if (Z_TYPE_PP(rval) != IS_OBJECT) {
+		return 0;
+	}
 
 	if (!process_nested_data(UNSERIALIZE_PASSTHRU, Z_OBJPROP_PP(rval), elements, 1)) {
 		return 0;