php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #24063 Notice: unserialize(): Error at offset ... again
Submitted: 2003-06-06 11:08 UTC Modified: 2003-08-08 16:25 UTC
From: jparneodo at yahoo dot fr Assigned: helly
Status: Closed Package: Scripting Engine problem
PHP Version: 4.3.3RC3 OS: RH7.2
Private report: No CVE-ID:
 [2003-06-06 11:08 UTC] jparneodo at yahoo dot fr
class C {
	var $bad_1 = 1e-6;	// Bug in unserialize
	var $bad_2 = 1.0e-6;	// Bug in unserialize
	var $ok__1 = 1.1e-6;
	var $ok__2 = 9e-7;
}

$c=new C();
$s=serialize($c);
$cc=unserialize($s);

/*
Values like 0.00001 (one)
seems to be fatal!
*/

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-06-06 14:36 UTC] sniper@php.net
Withing RH 6.2 the original object is identical to the 
one after serialize/unserialize. No bug here.

 [2003-06-09 03:50 UTC] jparneodo at yahoo dot fr
Serialise on 4.3.2 and 4.3.0 has not the same result:
4.3.2= d:1E-06;
4.3.0= d::.E-7;


<?php
echo phpversion();
$f=1.0e-6;
$s=serialize($f);
$ff=unserialize($s);
echo "\n\n$s";
?>

// Output with php-4.3.2/sapi/cli/php
4.3.2
Notice: unserialize(): Error at offset 0 of 8 bytes in - on line 5

d::.E-7;

// Output with php-4.3.0 apache 1.3.27 on RedHat
4.3.0
d:1E-06;

// Same result on RH9.0 with all php-4.3.2RCi
http://marc.theaimsgroup.com/?l=php-dev&m=105491350013813&w=2
 [2003-06-09 05:16 UTC] helly@php.net
Please correct the version error in your last message.
 [2003-06-09 05:34 UTC] jparneodo at yahoo dot fr
Sorry, you must read,
Serialise on 4.3.2 and 4.3.0 has not the same result on RH7.2:
4.3.0= d:1E-06;
4.3.2= d::.E-7;
 [2003-06-09 08:13 UTC] sniper@php.net
4.3.3-dev

d:1.E-6;

 [2003-06-20 09:28 UTC] jparneodo at yahoo dot fr
<?php
echo phpversion();
$f=1.0e-6;
$s=serialize($f);
$ff=unserialize($s);
echo "\n\n$s";
phpinfo()
?>

4.3.3RC1
d::.E-7;

phpinfo()
PHP Version => 4.3.3RC1

System => Linux paris.[skipped].com 2.4.7-10 #1 Thu Sep 6 17:27:27 EDT 2001 i686
Build Date => Jun 20 2003 10:21:42
Configure Command =>  './configure' '--with-apxs=/home/apache/bin/apxs' '--with-mysql=/usr/local/mysql' '--with-system-regex' '--enable-track-vars' '--enable-memory-limits' '--with-xml' '--with-imap=/usr/local' '--enable-sysvsem' '--enable-sysvshm' '--enable-sockets' '--with-gd' '--enable-inline-optimization' '--with-curl' '--with-zlib' '--with-bz2' '--with-gettext' '--with-pcre' '--enable-cli' '--disable-cgi' '--enable-pcntl' '--enable-url-open'
Server API => Command Line Interface
Virtual Directory Support => disabled
Configuration File (php.ini) Path => /usr/local/phpcgi/lib/php.ini
PHP API => 20020918
PHP Extension => 20020429
Zend Extension => 20021010
Debug Build => no
Thread Safety => disabled
Registered PHP Streams => php, http, ftp, compress.bzip2, compress.zlib  

This program makes use of the Zend Scripting Language Engine:
Zend Engine v1.3.0, Copyright (c) 1998-2003 Zend Technologies
 [2003-06-26 12:56 UTC] sniper@php.net
You broke this, iirc.

 [2003-06-26 12:56 UTC] sniper@php.net
(that was for Marcus :)

 [2003-06-29 20:05 UTC] iliaa@php.net
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.


 [2003-06-30 12:33 UTC] jparneodo at yahoo dot fr
$f=1.0e-6;
$s=serialize($f);
$ff=unserialize($s);

// Output with php4-STABLE-200306301530/sapi/cli/php
4.3.3RC2-dev
Notice: unserialize(): Error at offset 0 of 9 bytes in - on line 5

d::.0E-7;
// Please compare output with 4.3.3RC1
 [2003-06-30 12:37 UTC] iliaa@php.net
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.

The output of unserialize($s); with latest CVS is
float(1.0E-6), which is the correct output.
 [2003-07-30 14:52 UTC] jeff at tmtrading dot com
Bug still exists:

http://snaps.php.net/php4-STABLE-200307301730.tar.bz2

---- EXPECTED OUTPUT
string(9) "d:1.0E-6;"
float(1.0E-6)
---- ACTUAL OUTPUT
Notice: unserialize(): Error at offset 0 of 9 bytes in ~/php4-STABLE-200307301730/ext/standard
/tests/serialize/bug24063.php on line 4
string(9) "d::.0E-7;"
bool(false)
---- FAILED
 [2003-08-08 02:58 UTC] jparneodo at yahoo dot fr
Test ext/standard/tests/serialize/bug24063.phpt failed
Last correct release was 4.3.0 (4.3.1 never tested).
All version after 4.3.0 have this bug
The new function spprintf was introduced. (to be analysed)

foreach(array(0.1,0.01,0.001,0.0001,0.00001,0.000001,0.0000001,0.00000001,0.000000001) as $v){
  echo "\n$v: ".serialize($v);
}

0.1: d:0.1;
0.01: d:0.01;
0.001: d:0.001;
0.0001: d:0.0001;
1E-05: d:1.0E-5;
1E-06: d::.0E-7;  // BUG
1E-07: d::.0E-8;  // BUG
1E-08: d:1.0E-8;
1E-09: d:1.0E-9;
 [2003-08-08 03:50 UTC] sniper@php.net
Still works just fine for me, but that was even before any fixes were made...assigned (again) to Marcus who opened this can of worms in the first place..

 [2003-08-08 16:25 UTC] iliaa@php.net
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Mon Apr 21 14:02:18 2014 UTC