PHP :: Bug #45244 :: serialize() inserts NUL chars when serializing objects

Bug #45244	serialize() inserts NUL chars when serializing objects
Submitted:	2008-06-12 09:47 UTC	Modified:	2009-03-31 08:31 UTC
From:	bukaj at bukaj dot net	Assigned:
Status:	Not a bug	Package:	Strings related
PHP Version:	5.2.6	OS:	OS X, FreeBSD
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !

Your email address: MUST BE VALID
Solve the problem: 30 - 12 = ?
Subscribe to this entry?

[2008-06-12 09:47 UTC] bukaj at bukaj dot net

Description:
------------
This issue has been marked as closed in bug 
#29865 but THE PROBLEM IS STILL PRESENT IN 5.2.6.

Serialize inserts NUL (ASCII 0) characters into output when serializing 
objects. Serialize CAN'T produce output with unprintable chars - that's 
the idea of serialize! This issue has been marked as resolved in bug 
#29865 but IT IS NOT.






Reproduce code:
---------------
$ php -r 'class Foo { protected $bar = 1; } $v = new Foo; echo serialize($v);' | hexdump



Expected result:
----------------
No unprintable chars in result of serialize!!!

Actual result:
--------------
0000000 4f 3a 33 3a 22 46 6f 6f 22 3a 31 3a 7b 73 3a 36
0000010 3a 22 00 2a 00 62 61 72 22 3b 69 3a 31 3b 7d   
000001f

mark the two 00's at 0x12 and 0x14

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2008-06-12 11:10 UTC] johannes@php.net

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

From the documentation: \"serialize - Generates a storable representation of a value\" - storable, not \"displayable\" ot something like that.

[2009-03-31 08:31 UTC] yunosh@php.net

It also says "Returns a string containing a byte-stream representation of value  that can be stored anywhere."
You can't store it everywhere, because there are a lot of storage systems that truncate data a NUL chars, e.g. databases.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu May 02 16:01:29 2024 UTC