php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #27588 unserialize() throws E_NOTICE if not unserializable
Submitted: 2004-03-13 13:42 UTC Modified: 2004-03-14 13:09 UTC
From: lsole at maresme dot net Assigned:
Status: Not a bug Package: Output Control
PHP Version: 4.3.4 OS: FreeBSD
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: lsole at maresme dot net
New email:
PHP Version: OS:

 

 [2004-03-13 13:42 UTC] lsole at maresme dot net 
Description:
------------
@unserialize() throws E_NOTICE with custom handler

Reproduce code:
---------------
<?php
function myErrorHandler($errno, $errmsg, $filename, $linenum) {
	if ($errno == 0) return;
	$error_type = array(0 => 'No Error', 8 => 'Notice'); // just the ones we need...
	echo '<b>' . $error_type[$errno] . '</b>: ' . $errmsg . ' in <b>' . $filename . '</b> on line <b>' . $linenum . '</b><br>' . chr(10);
}
$a = 'abc123';
error_reporting(E_ALL);

$b = unserialize($a); // throws error because $a is not unserializable
if ($b === false) {echo 'failed!<br>';} else {echo $b . '<br>';}
$b = @unserialize($a); // @ suppresses error
if ($b === false) {echo 'failed!<br>';} else {echo $b . '<br>';}

set_error_handler('myErrorHandler');

$b = unserialize($a); // throws error because $a is not unserializable
if ($b === false) {echo 'failed!<br>';} else {echo $b . '<br>';}
$b = @unserialize($a); // should throw nothing but throws Notice!
if ($b === false) {echo 'failed!<br>';} else {echo $b . '<br>';}
?>

Expected result:
----------------
E_NOTICE errors should not happen when prepending @: the custom handler should receive $errno = 0

Actual result:
--------------
E_NOTICE error

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-03-14 08:21 UTC] lsole at maresme dot net 
I think I've misunderstood what the error control operator was sending to my custom error handling. I thought it was sending a zero error code but what it does is to set error_reporting() to zero. Sorry!

Anyway, I wonder if it is not a bug that unserialize() throws an E_NOTICE error if the input is not unserializable. The function description says it should return FALSE but says nothing about throwing errors. As an example, base64_decode() does not throw errors if the input can't be decoded.
 [2004-03-14 13:09 UTC] iliaa@php.net 
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

When unserialize() fails (shouldn't normally) it throws 
E_NOTICE to allow you to see/log the problem.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sun Nov 16 22:00:01 2025 UTC