php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #59573 Off-by-one in my_serialize_object()
Submitted: 2011-01-13 16:24 UTC Modified: 2016-08-31 16:02 UTC
From: tricky dot pecl at luuseri dot com Assigned: cmb (profile)
Status: Wont fix Package: APC (PECL)
PHP Version: 5.3.2 OS: Linux/Ubuntu 10.04.1
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: tricky dot pecl at luuseri dot com
New email:
PHP Version: OS:

 

 [2011-01-13 16:24 UTC] tricky dot pecl at luuseri dot com 
Description:
------------
In apc_main.c, on line 247 my_serialize_object copies 
serializer output into a zval. It attempts to copy len + 1 
bytes, which causes an off by one error.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-02-21 08:18 UTC] paulgao at yeah dot net 
my_serialize_object in apc_compile.c???
 [2011-02-21 08:35 UTC] tricky dot pecl at luuseri dot com 
Yes indeed, I reported the incorrect file, the correct file is 
apc_compile.c.

I worked around this issue by explicitly adding a NUL byte in 
igbinary, but this may still bite later on. The built-in 
serializer always NUL terminates its output.
 [2016-08-31 16:02 UTC] cmb@php.net
-Status: Open +Status: Wont fix -Assigned To: +Assigned To: cmb
 [2016-08-31 16:02 UTC] cmb@php.net 
According to <https://bugs.php.net/69618>, APC support has been
discontinued in favor of OPcache, APCu, the session upload
progress API and WinCache. Therefore this issue won't get fixed.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri May 09 21:01:27 2025 UTC