php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #29985 unserialize()/ __PHP_Incomplete_class does not report correctly class name
Submitted: 2004-09-05 13:47 UTC Modified: 2005-10-10 21:17 UTC
From: andrey@php.net Assigned: helly
Status: Closed Package: Session related
PHP Version: 5CVS-2005-10-06 (snap) OS: *
Private report: No CVE-ID:
 [2004-09-05 13:47 UTC] andrey@php.net
Description:
------------
The idea is that when an object is unserialized and the class definition is still not loaded then it is converted   to __PHP_Incomplete_Class class. From the dump of the actual result one can see that the name is stored in a member variable __PHP_Incomplete_Class_Name. So far everything looks ok. But when one tries to execute a method on incomplete class object it leads to a fatal error. This is also correct. However the name of the class is "unknown" is the message. This is not correct and the example works with PHP 4.3.8(cli). However does not work with current HEAD (probably not with the PHP_5 branch).

One additional thing is that the message is misleading. A serialized object may not come always from a session but can be loaded from a file by the user or ,like in my case where I found the error, from a socket.

Thanks

Reproduce code:
---------------
php -r 'class foo{function someFunc(){} var $someProp=2;}$a=serialize(new foo());$b=str_replace('foo','bar', $a);var_dump($c = unserialize($b));$c->someFunc();'

Expected result:
----------------
object(__PHP_Incomplete_Class)#1 (2) {
  ["__PHP_Incomplete_Class_Name"]=>
  string(3) "bar"
  ["someProp"]=>
  int(2)
}

Fatal error: Unknown: The script tried to execute a method or access a property of an incomplete object. Please ensure that the class definition <b>bar</b> of the object you are trying to operate on was loaded _before_ the session was started in Command line code on line 1


Actual result:
--------------
object(__PHP_Incomplete_Class)#1 (2) {
  ["__PHP_Incomplete_Class_Name"]=>
  string(3) "bar"
  ["someProp"]=>
  int(2)
}

Fatal error: Unknown: The script tried to execute a method or access a property of an incomplete object. Please ensure that the class definition <b>unknown</b> of the object you are trying to operate on was loaded _before_ the session was started in Command line code on line 1


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-09-05 14:30 UTC] tony2001@php.net
Hmm.. I really don't understand why incomplete_class_message() looks for class_name in EG(This), while class_name is property of the object, which could be easily passed to incomplete_class_message().
So, this patch should probably fix it:
http://tony2001.phpclub.net/dev/tmp/bug29985.diff
Comments are welcome.
 [2004-09-05 19:46 UTC] helly@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 [2005-10-06 14:56 UTC] nohn@php.net
Reopening this bug. Could reproduce it with PHP 5.0.5 on WinXP:

>type test.php
<?php
class foo{function someFunc(){} var$someProp=2;}$a=serialize(new foo());$b=str_replace('foo','bar',$a);var_dum
p($c = unserialize($b));$c->someFunc();
?>
>php test.php
object(__PHP_Incomplete_Class)#1 (2) {
  ["__PHP_Incomplete_Class_Name"]=>
  string(3) "bar"
  ["someProp"]=>
  int(2)
}

Fatal error: main(): The script tried to execute a method or access a property of an incomplete object. Please ensure that the class definition "bar" of the object you are trying to operate on was loaded _before_ unserialize() gets called or provide a __autoload() function to load the class definition  in C:\Dokumente und Einstellungen\nohn_s\Desktop\php-5.0.5\test.php on line 2

 [2005-10-06 15:15 UTC] sniper@php.net
Can you reproduce with 5.1-dev?

 [2005-10-06 15:40 UTC] nohn@php.net
Yes, it is reproducible:

C:\Dokumente und Einstellungen\nohn_s\Desktop\php5.1-win32-200510031830>php test.php
object(__PHP_Incomplete_Class)#1 (2) {
  ["__PHP_Incomplete_Class_Name"]=>
  string(3) "bar"
  ["someProp"]=>
  int(2)
}

Fatal error: main(): The script tried to execute a method or access a property of an incomplete object. Please ensure that the class definition "bar" of the object you are trying to operate on was loaded _before_ unserialize() gets called or provide a __autoload() function to load the class definition  in C:\Dokumente und Einstellungen\nohn_s\Desktop\php5.1-win32-200510031830\test.php on line 2


 [2005-10-06 18:27 UTC] sniper@php.net
Marcus, you claimed to have fixed this. Can you check it out?
 [2005-10-09 15:27 UTC] helly@php.net
I claimed fixed in CVS which is HEAD which will be 6 not any 5.*
 [2005-10-09 15:36 UTC] helly@php.net
Thank you for your bug report. This issue has already been fixed
in the latest released version of PHP, which you can download at 
http://www.php.net/downloads.php

This is fixed in all actrive branches, 4.3.*, 5.0.*, 5.1.*, HEAD. The 'Unknown' comes from cli and specifies the causing location and has nothing to do with the class name.
 [2005-10-10 09:42 UTC] nohn@php.net
Sorry, this has nothing to do with CLI. It also happens in a much more complex (mod_php) web enviroment.

There is no "unknown" in my reproduction code and I can't see, what

---------------------------------------------------------------------------
Fatal error: main(): The script tried to execute a method or access a
property of an incomplete object. Please ensure that the class
definition "bar" of the object you are trying to operate on was loaded
_before_ unserialize() gets called or provide a __autoload() function to
load the class definition  in C:\Dokumente und
Einstellungen\nohn_s\Desktop\php5.1-win32-200510031830\test.php on line
2
---------------------------------------------------------------------------

has to do with the CLI or the causing location.
 [2005-10-10 11:38 UTC] sniper@php.net
Marcus..?

 [2005-10-10 15:30 UTC] nohn@php.net
Could also reproduce that simple testcase with

mod_php/Apache 1.3/Win32
mod_php/Apache 2.0/Linux

(not with the latest CVS but with PHP 5.0.4 (which does not matter if it's only fixed in HEAD)
 [2005-10-10 21:17 UTC] helly@php.net
Thank you for your bug report. This issue has already been fixed
in the latest released version of PHP, which you can download at 
http://www.php.net/downloads.php

Probably you have a problem that is unrelated to this bug i don't know. But you definitively waste my time with thisone which is indeed fixed as your post shows too.

Your result is: "...definition "bar" of the object..."
This bug was:   "...definition "unknown" of the object.."
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 16 13:02:46 2014 UTC