php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #14082 unserialize have problems with negative numbers
Submitted: 2001-11-16 08:20 UTC Modified: 2001-11-16 13:13 UTC
From: alberty at neptunelabs dot com Assigned:
Status: Closed Package: Variables related
PHP Version: 4.0CVS-2001-11-16 OS: i686-pc-linux-gnu
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: alberty at neptunelabs dot com
New email:
PHP Version: OS:

 

 [2001-11-16 08:20 UTC] alberty at neptunelabs dot com
Hi,

i have detect two annoyingly bugs ;-) with serialize/unserialize.

The first bug indicate that unserialize can't work with negative
integer numbers.

The second problem brings php to crash! Unserialize
crash if you manipulate the count of expecting array
vars.

Bug 1:

<?php
// Results: 'Warning: unserialize() failed at offset 13 of 39 bytes'
//          and an empty result string, but not false 
// because $foo['a'] is -1

error_reporting(2047);
$foo['a']=(int)-1;
$foo['b']=(string)'Paris';
$bar=serialize($foo);
if ($bar!=false){
	echo $bar;
	$nop=unserialize($bar);
	print_r($nop);
}
?>


---------------

Bug 2:

<?php
// Result: PHP crash, because the array number is smaller than serialized string

error_reporting(2047);
$ser_string='a:1:{s:1:"a";i:1000;s:1:"b";s:5:"Paris";}';
//             ^- actually 2
$unser_string=unserialize($ser_string);
?>

I have tried to make a bt, but gdb notify no fault.
In debug mode some of my script warns with this:
"Warning: String is not zero-terminated (source: ./zend_execute.c:449)"
but i think that is another problem.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-11-16 13:13 UTC] derick@php.net
Fixed in CVS

Derick
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 00:01:28 2024 UTC