php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #80411 References to null-serialized object break serialize()
Submitted: 2020-11-24 16:54 UTC Modified: 2020-11-25 16:13 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: whaanstra at eljakim dot nl Assigned:
Status: Closed Package: *General Issues
PHP Version: 7.4.12 OS:
Private report: No CVE-ID: None
View Developer Edit
 [2020-11-24 16:54 UTC] whaanstra at eljakim dot nl 
Description:
------------
The reference to the UnSerializable object is serialized as a null, instead of as a reference. In addition, the serializer still sees it as a reference, causing the count of reference-able objects to be off. In my test script, $recovered[3] references $recovered[1] instead of $recovered[2].

This might be related to https://bugs.php.net/bug.php?id=77302, which also involved an empty serialize() method, and was fixed in the same version this was introduced, namely 7.3.4.

Version comparison: https://3v4l.org/YD9fS

Test script:
---------------
class UnSerializable implements Serializable
{
  public function serialize() {}
  public function unserialize($serialized) {}
}

$unser = new UnSerializable();
$arr = [$unser];
$arr[] = &$arr[0];
$arr[] = 'endcap';
$arr[] = &$arr[2];

$data = serialize($arr);
echo $data . PHP_EOL;
$recovered = unserialize($data);
var_export($recovered);

Expected result:
----------------
a:4:{i:0;N;i:1;R:2;i:2;s:6:"endcap";i:3;R:3;}
array (
  0 => NULL,
  1 => NULL,
  2 => 'endcap',
  3 => 'endcap',
)

Actual result:
--------------
a:4:{i:0;N;i:1;N;i:2;s:6:"endcap";i:3;R:3;}
array (
  0 => NULL,
  1 => NULL,
  2 => 'endcap',
  3 => NULL,
)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-11-25 16:13 UTC] nikic@php.net
-Status: Open +Status: Verified
 [2020-11-25 16:25 UTC] nikic@php.net 
Automatic comment on behalf of nikita.ppv@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=2fb12be84cae8c77380198cb473e816c8bd47707
Log: Fixed bug #80411
 [2020-11-25 16:25 UTC] nikic@php.net
-Status: Verified +Status: Closed
 [2020-11-27 14:53 UTC] whaanstra at eljakim dot nl 
This fix is not quite the same behaviour as pre-7.3.4, since the second element of the reconstructed array is no longer a reference to the first element.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sat Feb 22 16:01:29 2025 UTC