php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #19493 Error in older versions of serializer results in error of currend deserializer
Submitted: 2002-09-19 04:38 UTC Modified: 2002-11-07 01:00 UTC
Votes:3
Avg. Score:4.3 ± 0.9
Reproduced:3 of 3 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (33.3%)
From: matthias dot boldt at ticket-web dot de Assigned:
Status: No Feedback Package: Strings related
PHP Version: 4.2.3 OS: Linux 2.4.18
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: matthias dot boldt at ticket-web dot de
New email:
PHP Version: OS:

 

 [2002-09-19 04:38 UTC] matthias dot boldt at ticket-web dot de
There was an error in older versions (4.1.0) of the serializer code (it's possible the error is in the current code, too): some times, the element-count for objects was to hight. 

The old deserializer-code seams to ignore this problem. The new code has problems with that issue. We have many huge databases with serialized structures at some points. Thats why, we must use the old data :-(

I've fixed the problem with a little change in ext/standard/var_unserializer.re, function process_nested_data :


static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, int elements)
{
	while (elements-- > 0) {
		zval *key, *data;

		ALLOC_INIT_ZVAL(key);

		if (!php_var_unserialize(&key, p, max, NULL TSRMLS_CC)) {
			zval_dtor(key);
			FREE_ZVAL(key);
		} else {
  			ALLOC_INIT_ZVAL(data);

			if (!php_var_unserialize(&data, p, max, var_hash TSRMLS_CC)) {
				zval_dtor(key);
				FREE_ZVAL(key);
				zval_dtor(data);
				FREE_ZVAL(data);
			} else {
				switch (Z_TYPE_P(key)) {
					case IS_LONG:
						zend_hash_index_update(ht, Z_LVAL_P(key), &data, sizeof(data), NULL);
						break;
					case IS_STRING:
						zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data, sizeof(data), NULL);
						break;

				}
		
				zval_dtor(key);
				FREE_ZVAL(key);
			}
		}
	}

	return 1;
}

Now, it doesn't have a problem with to hight element counters. It would be great, if the developer of the new deserializer-code could look at this change and eventually
integrate it into the CVS-tree.

Greetings from Berlin,
   Matthias

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-09-19 04:53 UTC] matthias dot boldt at ticket-web dot de
I've changed thd category ...
 [2002-09-19 09:05 UTC] sander@php.net
Please supply a unified diff here.
 [2002-09-19 09:44 UTC] matthias dot boldt at ticket-web dot de
There is the diff:


--- ext/standard/var_unserializer.re.old	Thu Sep 19 16:34:32 2002
+++ ext/standard/var_unserializer.re	Thu Sep 19 11:20:08 2002
@@ -144,31 +144,29 @@
 		if (!php_var_unserialize(&key, p, max, NULL TSRMLS_CC)) {
 			zval_dtor(key);
 			FREE_ZVAL(key);
-			return 0;
-		}
-
-		ALLOC_INIT_ZVAL(data);
-
-		if (!php_var_unserialize(&data, p, max, var_hash TSRMLS_CC)) {
-			zval_dtor(key);
-			FREE_ZVAL(key);
-			zval_dtor(data);
-			FREE_ZVAL(data);
-			return 0;
-		}
+		} else {
+  			ALLOC_INIT_ZVAL(data);
 
-		switch (Z_TYPE_P(key)) {
-			case IS_LONG:
-				zend_hash_index_update(ht, Z_LVAL_P(key), &data, sizeof(data), NULL);
-				break;
-			case IS_STRING:
-				zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data, sizeof(data), NULL);
-				break;
+			if (!php_var_unserialize(&data, p, max, var_hash TSRMLS_CC)) {
+				zval_dtor(key);
+				FREE_ZVAL(key);
+				zval_dtor(data);
+				FREE_ZVAL(data);
+			} else {
+				switch (Z_TYPE_P(key)) {
+					case IS_LONG:
+						zend_hash_index_update(ht, Z_LVAL_P(key), &data, sizeof(data), NULL);
+						break;
+					case IS_STRING:
+						zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data, sizeof(data), NULL);
+						break;
 
-		}
+				}
 		
-		zval_dtor(key);
-		FREE_ZVAL(key);
+				zval_dtor(key);
+				FREE_ZVAL(key);
+			}
+		}
 	}
 
 	return 1;
@@ -396,9 +394,9 @@
 }
 
 "}" {
-	/* this is the case where we have less data than planned */
+	// this is the case where we have less data than planned
 	zend_error(E_NOTICE, "Unexpected end of serialized data");
-	return 0; /* not sure if it should be 0 or 1 here? */
+	return 0; // not sure if it should be 0 or 1 here?
 }
 
 any	{ return 0; }
 [2002-09-19 13:17 UTC] kalowsky@php.net
No C++ comment styles allowed!  Can you fix that and resubmit the patch?
 [2002-09-20 02:19 UTC] matthias dot boldt at ticket-web dot de
Hello, there is a new patch (without C++-comments :-):

--- ext/standard/var_unserializer.re.old	Thu Sep 19 16:34:32 2002
+++ ext/standard/var_unserializer.re	Fri Sep 20 09:07:25 2002
@@ -144,31 +144,29 @@
 		if (!php_var_unserialize(&key, p, max, NULL TSRMLS_CC)) {
 			zval_dtor(key);
 			FREE_ZVAL(key);
-			return 0;
-		}
-
-		ALLOC_INIT_ZVAL(data);
-
-		if (!php_var_unserialize(&data, p, max, var_hash TSRMLS_CC)) {
-			zval_dtor(key);
-			FREE_ZVAL(key);
-			zval_dtor(data);
-			FREE_ZVAL(data);
-			return 0;
-		}
+		} else {
+  			ALLOC_INIT_ZVAL(data);
 
-		switch (Z_TYPE_P(key)) {
-			case IS_LONG:
-				zend_hash_index_update(ht, Z_LVAL_P(key), &data, sizeof(data), NULL);
-				break;
-			case IS_STRING:
-				zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data, sizeof(data), NULL);
-				break;
+			if (!php_var_unserialize(&data, p, max, var_hash TSRMLS_CC)) {
+				zval_dtor(key);
+				FREE_ZVAL(key);
+				zval_dtor(data);
+				FREE_ZVAL(data);
+			} else {
+				switch (Z_TYPE_P(key)) {
+					case IS_LONG:
+						zend_hash_index_update(ht, Z_LVAL_P(key), &data, sizeof(data), NULL);
+						break;
+					case IS_STRING:
+						zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data, sizeof(data), NULL);
+						break;
 
-		}
+				}
 		
-		zval_dtor(key);
-		FREE_ZVAL(key);
+				zval_dtor(key);
+				FREE_ZVAL(key);
+			}
+		}
 	}
 
 	return 1;
 [2002-09-25 07:24 UTC] sas@php.net
While the session module makes use of the serializer, it is not the serializer itself.

Reclassified as "Strings related".
 [2002-10-18 16:49 UTC] sniper@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php4-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-latest.zip


 [2002-11-07 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over 2 weeks, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 17:01:58 2024 UTC