php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #27588 unserialize() throws E_NOTICE if not unserializable
Submitted: 2004-03-13 13:42 UTC Modified: 2004-03-14 13:09 UTC
From: lsole at maresme dot net Assigned:
Status: Not a bug Package: Output Control
PHP Version: 4.3.4 OS: FreeBSD
Private report: No CVE-ID: None
 [2004-03-13 13:42 UTC] lsole at maresme dot net
Description:
------------
@unserialize() throws E_NOTICE with custom handler

Reproduce code:
---------------
<?php
function myErrorHandler($errno, $errmsg, $filename, $linenum) {
	if ($errno == 0) return;
	$error_type = array(0 => 'No Error', 8 => 'Notice'); // just the ones we need...
	echo '<b>' . $error_type[$errno] . '</b>: ' . $errmsg . ' in <b>' . $filename . '</b> on line <b>' . $linenum . '</b><br>' . chr(10);
}
$a = 'abc123';
error_reporting(E_ALL);

$b = unserialize($a); // throws error because $a is not unserializable
if ($b === false) {echo 'failed!<br>';} else {echo $b . '<br>';}
$b = @unserialize($a); // @ suppresses error
if ($b === false) {echo 'failed!<br>';} else {echo $b . '<br>';}

set_error_handler('myErrorHandler');

$b = unserialize($a); // throws error because $a is not unserializable
if ($b === false) {echo 'failed!<br>';} else {echo $b . '<br>';}
$b = @unserialize($a); // should throw nothing but throws Notice!
if ($b === false) {echo 'failed!<br>';} else {echo $b . '<br>';}
?>

Expected result:
----------------
E_NOTICE errors should not happen when prepending @: the custom handler should receive $errno = 0

Actual result:
--------------
E_NOTICE error

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-03-14 08:21 UTC] lsole at maresme dot net
I think I've misunderstood what the error control operator was sending to my custom error handling. I thought it was sending a zero error code but what it does is to set error_reporting() to zero. Sorry!

Anyway, I wonder if it is not a bug that unserialize() throws an E_NOTICE error if the input is not unserializable. The function description says it should return FALSE but says nothing about throwing errors. As an example, base64_decode() does not throw errors if the input can't be decoded.
 [2004-03-14 13:09 UTC] iliaa@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

When unserialize() fails (shouldn't normally) it throws 
E_NOTICE to allow you to see/log the problem. 
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 15:01:29 2024 UTC