php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #45244 serialize() inserts NUL chars when serializing objects
Submitted: 2008-06-12 09:47 UTC Modified: 2009-03-31 08:31 UTC
From: bukaj at bukaj dot net Assigned:
Status: Not a bug Package: Strings related
PHP Version: 5.2.6 OS: OS X, FreeBSD
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: bukaj at bukaj dot net
New email:
PHP Version: OS:

 

 [2008-06-12 09:47 UTC] bukaj at bukaj dot net 
Description:
------------
This issue has been marked as closed in bug 
#29865 but THE PROBLEM IS STILL PRESENT IN 5.2.6.

Serialize inserts NUL (ASCII 0) characters into output when serializing 
objects. Serialize CAN'T produce output with unprintable chars - that's 
the idea of serialize! This issue has been marked as resolved in bug 
#29865 but IT IS NOT.






Reproduce code:
---------------
$ php -r 'class Foo { protected $bar = 1; } $v = new Foo; echo serialize($v);' | hexdump



Expected result:
----------------
No unprintable chars in result of serialize!!!

Actual result:
--------------
0000000 4f 3a 33 3a 22 46 6f 6f 22 3a 31 3a 7b 73 3a 36
0000010 3a 22 00 2a 00 62 61 72 22 3b 69 3a 31 3b 7d   
000001f

mark the two 00's at 0x12 and 0x14

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-06-12 11:10 UTC] johannes@php.net 
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

From the documentation: \"serialize - Generates a storable representation of a value\" - storable, not \"displayable\" ot something like that.
 [2009-03-31 08:31 UTC] yunosh@php.net 
It also says "Returns a string containing a byte-stream representation of value  that can be stored anywhere."
You can't store it everywhere, because there are a lot of storage systems that truncate data a NUL chars, e.g. databases.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 18:01:28 2024 UTC