php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #31442 unserialize broken on 64-bit systems
Submitted: 2005-01-07 16:48 UTC Modified: 2005-03-14 17:12 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: michal at cihar dot com Assigned: helly
Status: Closed Package: Scripting Engine problem
PHP Version: 4.3.10, 5.0.3 OS: 64-bit
Private report: No CVE-ID:
 [2005-01-07 16:48 UTC] michal at cihar dot com
Description:
------------
Unserializing of numbers > MAX_INT is wrong. That's because php uses long internally for storing ints but int is used in unserializing. Attached patch fixes this issue.

Reproduce code:
---------------
<?php
echo unserialize(serialize(2147483648));
?>


Expected result:
----------------
2147483648

Actual result:
--------------
-2147483648

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-01-07 16:53 UTC] michal at cihar dot com
I haven't found way to attach patches here, so it's available on my web: http://www.cihar.com/misc/php-unserializer.patch
 [2005-01-08 14:41 UTC] helly@php.net
If i apply that patch to a 32 bit machine i get many test errors any idea? Also it is enough to put the .re diff
 [2005-01-08 18:32 UTC] michal at cihar dot com
What kind of tests do fail? I have no idea what could be broken by this change.
 [2005-01-08 18:39 UTC] helly@php.net
php run-tests.php ext/standard/tests/serialize

...

FAILED TEST SUMMARY
---------------------------------------------------------------------
serialize()/unserialize()/var_dump() [ext/standard/tests/serialize/001.phpt]
Bug #25378 (unserialize() crashes with invalid data) [ext/standard/tests/serialize/002.phpt]
Bug #14293 (serialize() and __sleep()) [ext/standard/tests/serialize/bug14293.phpt]
Bug #21957 (serialize() mangles objects with __sleep) [ext/standard/tests/serialize/bug21957.phpt]
Bug #25378 (unserialize() crashes with invalid data) [ext/standard/tests/serialize/bug25378.phpt]
Bug #28325 (Problem in serialisation of circular references) [ext/standard/tests/serialize/bug28325.phpt]
 [2005-01-08 20:00 UTC] michal at cihar dot com
I can't reproduce these failures here (php 4.3.10).
 [2005-03-07 15:21 UTC] michal at cihar dot com
The patch works fine also on 5.0.3, I have no idea what could break tests for you...
 [2005-03-07 17:42 UTC] sesser@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.0-win32-latest.zip

This should be fixed since 17. January in CVS
 [2005-03-10 03:01 UTC] helly@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 [2005-03-14 17:12 UTC] michal at cihar dot com
I haven't yet find time to test this, but you seem to duplicate part of code with this commit:

 	if (elements < 0) {
 		return 0;
 	}

+	if (elements < 0) {
+		return 0;
+	}
+
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sun Apr 20 19:01:51 2014 UTC