PHP :: Bug #64354 :: Unserialize array of objects whose class can't be autoloaded fail

Bug #64354	Unserialize array of objects whose class can't be autoloaded fail
Submitted:	2013-03-05 07:27 UTC	Modified:	2013-03-09 14:00 UTC
From:	alan at klestoff dot ru	Assigned:	laruence (profile)
Status:	Closed	Package:	Scripting Engine problem
PHP Version:	5.3.22	OS:	Debian
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	alan at klestoff dot ru
New email:
PHP Version:		OS:

New Comment:

[2013-03-05 07:27 UTC] alan at klestoff dot ru

Description:
------------
We have serialized object of class A and array with 2 such objects

<?php
class A {}

echo serialize(new A()).PHP_EOL;
echo serialize(array(new A(), new A())).PHP_EOL;
?>

Then we write autoload function which throws exception if can't find a file with 
class.

And in first case - we have a normal behaviour (we can catch exception).
In second we have uncaughted exception. 

Test script:
---------------
<?php
  spl_autoload_register(
    function($class) {
  		if (!file_exists($class.'.php'))
  			throw new Exception();

  		require_once $class.'.php';
  	}
  );
  
  try {
    var_dump(unserialize('O:1:"A":0:{}'));
    echo 'Serialized'.PHP_EOL;
  } catch (Exception $e) { 
    echo 'Failed'.PHP_EOL;
  }
  
  try {
    var_dump(unserialize('a:2:{i:0;O:1:"A":0:{}i:1;O:1:"A":0:{}}'));
    echo 'Serialized'.PHP_EOL;
  } catch (Exception $e) { 
    echo 'Failed'.PHP_EOL;
  }

Expected result:
----------------
Failed
Failed

Actual result:
--------------
Failed
PHP Fatal error:  Uncaught exception 'Exception' in -:5
Stack trace:
#0 [internal function]: {closure}('A')
#1 [internal function]: spl_autoload_call('A')
#2 -(20): unserialize('a:2:{i:0;O:1:"A...')
#3 {main}

Next exception 'Exception' in -:5
Stack trace:
#0 [internal function]: {closure}('A')
#1 -(0): spl_autoload_call('A')
#2 {main}
  thrown in - on line 5

Patches

bug64354.patch (last revision 2013-03-05 08:07 UTC by laruence@php.net)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2013-03-05 08:06 UTC] laruence@php.net

hmm, this is because one serializing triggered more than one exception.

quick patch attached.

[2013-03-05 08:07 UTC] laruence@php.net

The following patch has been added/updated:

Patch Name: bug64354.patch
Revision:   1362470827
URL:        https://bugs.php.net/patch-display.php?bug=64354&patch=bug64354.patch&revision=1362470827

[2013-03-05 08:08 UTC] laruence@php.net

the similar problem maybe also exists in wakeup/sleep etc , will check them later

[2013-03-06 04:39 UTC] laruence@php.net

there is one thing I am not sure now.

that is, if such exception threw, an notice of parse error will also be trigged

which is a little confused. since it is not actually an unserializing error

[2013-03-09 13:56 UTC] laruence@php.net

@mike, what do you think about the patch?  thanks

[2013-03-09 13:56 UTC] laruence@php.net

-Assigned To: +Assigned To: mike

[2013-03-09 14:00 UTC] mike@php.net

-Assigned To: mike +Assigned To: laruence

[2013-03-09 14:00 UTC] mike@php.net

+1, looks good to go

[2013-03-09 15:01 UTC] laruence@php.net

-Status: Assigned +Status: Closed

[2013-03-09 15:01 UTC] laruence@php.net

Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=f52b2e6a6572018eb61ad830206ed172b033232a
Log: Fixed bug #64354 (Unserialize array of objects whose class can't be autoloaded fail)

[2013-03-09 15:12 UTC] laruence@php.net

Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=f52b2e6a6572018eb61ad830206ed172b033232a
Log: Fixed bug #64354 (Unserialize array of objects whose class can't be autoloaded fail)

[2013-03-09 15:12 UTC] laruence@php.net

Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=f52b2e6a6572018eb61ad830206ed172b033232a
Log: Fixed bug #64354 (Unserialize array of objects whose class can't be autoloaded fail)

[2013-03-14 07:50 UTC] ab@php.net

Related To: Bug #62852

[2014-10-07 23:20 UTC] stas@php.net

Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=f52b2e6a6572018eb61ad830206ed172b033232a
Log: Fixed bug #64354 (Unserialize array of objects whose class can't be autoloaded fail)

[2014-10-07 23:31 UTC] stas@php.net

Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=f52b2e6a6572018eb61ad830206ed172b033232a
Log: Fixed bug #64354 (Unserialize array of objects whose class can't be autoloaded fail)

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 11:01:29 2024 UTC