|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2012-08-16 08:59 UTC] daniel dot beardsley at gmail dot com
Description:
------------
Occurs on php 5.4.0, but not on 5.3 (I'll try on other versions soon).
Please run this test from /tmp/serialize/run_tests.sh (see bottom for
explanation)
## Description ##
If calling unserialize() somehow calls back into user code (i.e. autoloading a
class while unserializing it) and user code does another unserialize() (no
matter what it is), object references in the outer unserialization process won't
be restored correctly. Sometimes the outer call can result in a Segmentation
Fault instead of just broken references.
In particular, object refrerences will often be replaced with a seemingly random
value from your serialized object graph (or NULL).
The call stack at the time of the problem looks like this:
#0 /tmp/serialize/setup.php(6): unserialize('i:4');
#1 [internal function]: __autoload('A')
#2 /tmp/serialize/unserialize_autoload.php(4): unserialize('O:1:"A":4:
{s:1:...')
#3 {main}
The unserialize call in frame #2 returns incorrect results because of the
"recursive" unserialize call in frame #0.
Note:
For reasons that completely escape me, this code seems dependent on the literal
path it's run from. Some paths hide the bug, some cause failure, and some cause
a SegFault. It's consistent on a per-path basis, but I found no pattern.
Test script:
---------------
https://gist.github.com/3353895
Expected result:
----------------
Before and After output should be the same. Last line of output should read:
"Passed, no differences"
Before Serialization:
class A#1 (4) {
public $b =>
class B#2 (0) {
}
public $b1 =>
class B#2 (0) {
}
public $c =>
class B#3 (0) {
}
public $c1 =>
class B#3 (0) {
}
}
Actual result:
--------------
After Serialization:
class A#1 (4) {
public $b =>
class B#2 (0) {
}
public $b1 =>
string(2) "1\000"
public $c =>
class B#3 (0) {
}
public $c1 =>
NULL
}
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Sun Oct 26 06:00:02 2025 UTC |
I've just reproduced this on a build from master, at commit b5305d267b6c3b1b09ab0ba4ecf4f66edc5d4077 . root 11:37:49 serialize > php --version PHP 5.5.0-dev (cli) (built: Aug 16 2012 11:37:55) Copyright (c) 1997-2012 The PHP Group Zend Engine v2.4.0, Copyright (c) 1998-2012 Zend Technologies root 11:39:37 serialize > ./run_test.sh ./run_test.sh: line 3: 2267 Segmentation fault php unserialize_autoload.php > after.out Original ========== in autoload: A in autoload: B object(A)#1 (4) { ["b"]=> object(B)#2 (0) { } ["b1"]=> object(B)#2 (0) { } ["c"]=> object(B)#3 (0) { } ["c1"]=> object(B)#3 (0) { } } Unserialized ====== in autoload: A in autoload: B object(A)#1 (4) { ["b"]=> object(B)#2 (0) { } ["b1"]=> object(B)#2 (0) { } ["c"]=> object(B)#3 (0) { } ["c1"]=> NULL } Diff ============== 14,15c14 < object(B)#3 (0) { < } --- > NULL FAILED ============ I built php with the following configure line: ./configure --host=i686-redhat-linux-gnu --build=i686-redhat-linux-gnu \ --target=i386-redhat-linux --program-prefix= --prefix=/usr --exec-prefix=/usr \ --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share \ --includedir=/usr/include --libdir=/usr/lib --libexecdir=/usr/libexec \ --localstatedir=/var --sharedstatedir=/usr/com --mandir=/usr/share/man \ --infodir=/usr/share/info --with-libdir=lib64 --with-config-file-path=/etc \ --with-config-file-scan-dir=/etc/php.d --disable-debug --with-pic \ --disable-rpath --with-bz2 --with-curl --with-exec-dir=/usr/bin \ --with-freetype-dir=/usr --with-png-dir=/usr --enable-gd-native-ttf \ --without-gdbm --with-gettext --with-gmp --with-iconv --with-jpeg-dir=/usr \ --with-openssl --with-pcre-regex=/usr --with-zlib --with-layout=GNU \ --enable-exif --enable-ftp --enable-magic-quotes --enable-sockets \ --enable-sysvsem --enable-sysvshm --enable-sysvmsg --enable-wddx \ --with-kerberos --enable-shmop --enable-calendar \ --without-sqlite --with-libxml-dir=/usr \ --enable-pcntl --with-imap=/usr/lib64 \ --with-imap-ssl=/usr/local/ssl/include/openssl --enable-mbstring \ --enable-mbregex --with-gd --enable-bcmath --with-xmlrpc=shared \ --with-mysql=mysqlnd --with-mysqli=mysqlnd \ --enable-dom --enable-soap=shared --with-xsl=shared,/usr \ --enable-xmlreader=shared --enable-xmlwriter=shared --with-readline \ --with-mcrypt=/usr/local/include/mcrypt --with-mhash --with-tidy=shared,/usr \ --enable-sigchild --enable-intl --with-apxs2=/usr/sbin/apxs \ --enable-fpm --with-fpm-user=apache --with-fpm-group=apache