|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #14082 unserialize have problems with negative numbers
Submitted: 2001-11-16 08:20 UTC Modified: 2001-11-16 13:13 UTC
From: alberty at neptunelabs dot com Assigned:
Status: Closed Package: Variables related
PHP Version: 4.0CVS-2001-11-16 OS: i686-pc-linux-gnu
Private report: No CVE-ID: None
 [2001-11-16 08:20 UTC] alberty at neptunelabs dot com

i have detect two annoyingly bugs ;-) with serialize/unserialize.

The first bug indicate that unserialize can't work with negative
integer numbers.

The second problem brings php to crash! Unserialize
crash if you manipulate the count of expecting array

Bug 1:

// Results: 'Warning: unserialize() failed at offset 13 of 39 bytes'
//          and an empty result string, but not false 
// because $foo['a'] is -1

if ($bar!=false){
	echo $bar;


Bug 2:

// Result: PHP crash, because the array number is smaller than serialized string

//             ^- actually 2

I have tried to make a bt, but gdb notify no fault.
In debug mode some of my script warns with this:
"Warning: String is not zero-terminated (source: ./zend_execute.c:449)"
but i think that is another problem.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2001-11-16 13:13 UTC]
Fixed in CVS

PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Thu Sep 23 02:03:36 2021 UTC