PHP :: Bug #37670 :: Serialize fails unexpectedly

Bug #37670	Serialize fails unexpectedly
Submitted:	2006-06-02 03:28 UTC	Modified:	2006-06-02 09:51 UTC
From:	daniel dot oconnor at gmail dot com	Assigned:
Status:	Not a bug	Package:	Class/Object related
PHP Version:	5.1.4	OS:	windows
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	daniel dot oconnor at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2006-06-02 03:28 UTC] daniel dot oconnor at gmail dot com

Description:
------------
Serialize does not appear to be serializing fully or safely.

Reproduce code:
---------------
<?php
class BugFeed {
    protected $cache;

    public function __construct($options) {
        if (isset($options["cache"])) {
            $this->cache = $options["cache"];
        }
    }

    public function fetch() {} 

    public static function render($type = "edit") {}
}

$stuff = array(new BugFeed(array()));

print serialize($stuff);

Expected result:
----------------
a serialized string of my BugFeed object, or if it was unable to properly serialize it, an exception or warning.

Actual result:
--------------
a:1:{i:0;O:7:"BugFeed":1:{s:8:"

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-06-02 06:24 UTC] bjori@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip

Works just fine for me

[2006-06-02 06:49 UTC] daniel dot oconnor at gmail dot com

Sorry, I can't try it on the CVS copy.

To amend the bug report:
<?php
class BugFeed {
    protected $cache;

    public function __construct($options) {
        if (isset($options["cache"])) {
            $this->cache = $options["cache"];
        }
    }

    public function fetch() {} 

    public static function render($type = "edit") {}
}

$stuff = array(new BugFeed(array()));

$cereal = serialize($stuff);
$stuff2 = unserialize($cereal);
$stuff3 = unserialize((string)$cereal);

var_dump($stuff2 == $stuff);

var_dump($stuff3 == $stuff);
var_dump(strlen($cereal));
print $cereal . "\n";
print (string)$cereal;
print "hello world?";


----
Produces:
bool(true)
bool(true)
int(45)
a:1:{i:0;O:7:"BugFeed":1:{s:8:"

---
That is to say: there's an unexpected EOF character output in the serialized code.

[2006-06-02 06:58 UTC] derick@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip

Works fine for me too. Please try a snapshot.

[2006-06-02 09:51 UTC] mike@php.net

I fail to see a bug here.

What ever you use to view the output it doesn't show beyond \0. Protected properties are preceeded by \0*\0 though.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Thu Jul 03 11:01:34 2025 UTC