unserialize: Update CVE tests

It's unlikely that the object syntax error contributed to the actual CVE. The
CVE is rather caused by the incorrect object serialization data of the `C`
format. Add a second string without such a syntax error to ensure that path is
still executed as well to ensure the CVE is absent.

Author: TimWolla

ext/spl/tests/bug73029.phpt

@@ -3,6 +3,13 @@ Bug #73029: Missing type check when unserializing SplArray
 --FILE--
 <?php
 try {
+$a = 'C:11:"ArrayObject":19:{x:i:0;r:2;;m:a:0:{}}';
+$m = unserialize($a);
+$x = $m[2];
+} catch(UnexpectedValueException $e) {
+    print $e->getMessage() . "\n";
+}
+try {
 $a = 'C:11:"ArrayObject":19:0x:i:0;r:2;;m:a:0:{}}';
 $m = unserialize($a);
 $x = $m[2];
@@ -11,6 +18,10 @@ $x = $m[2];
 }
 ?>
 DONE
---EXPECT--
+--EXPECTF--
 Error at offset 10 of 19 bytes
+
+Notice: unserialize(): Error at offset 22 of 43 bytes in %s on line %d
+
+Warning: Trying to access array offset on value of type bool in %s on line %d
 DONE

ext/standard/tests/serialize/bug73341.phpt

@@ -2,6 +2,13 @@
 Bug #73144 (Use-afte-free in ArrayObject Deserialization)
 --FILE--
 <?php
+try {
+$token = 'a:2:{i:0;O:1:"0":2:{s:1:"0";i:0;s:1:"0";a:1:{i:0;C:11:"ArrayObject":7:{x:i:0;r}';
+$obj = unserialize($token);
+} catch(Exception $e) {
+    echo $e->getMessage()."\n";
+}
+
 try {
 $token = 'a:2:{i:0;O:1:"0":2:0s:1:"0";i:0;s:1:"0";a:1:{i:0;C:11:"ArrayObject":7:{x:i:0;r}';
 $obj = unserialize($token);
@@ -18,6 +25,8 @@ unserialize($exploit);
 }
 ?>
 --EXPECTF--
+Error at offset 6 of 7 bytes
+
 Notice: unserialize(): Error at offset 19 of 79 bytes in %s on line %d
 
 Notice: ArrayObject::unserialize(): Unexpected end of serialized data in %sbug73341.php on line %d