|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #31442 unserialize broken on 64-bit systems
Submitted: 2005-01-07 16:48 UTC Modified: 2005-03-14 17:12 UTC
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: michal at cihar dot com Assigned: helly
Status: Closed Package: Scripting Engine problem
PHP Version: 4.3.10, 5.0.3 OS: 64-bit
Private report: No CVE-ID:
 [2005-01-07 16:48 UTC] michal at cihar dot com
Unserializing of numbers > MAX_INT is wrong. That's because php uses long internally for storing ints but int is used in unserializing. Attached patch fixes this issue.

Reproduce code:
echo unserialize(serialize(2147483648));

Expected result:

Actual result:


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2005-01-07 16:53 UTC] michal at cihar dot com
I haven't found way to attach patches here, so it's available on my web:
 [2005-01-08 14:41 UTC]
If i apply that patch to a 32 bit machine i get many test errors any idea? Also it is enough to put the .re diff
 [2005-01-08 18:32 UTC] michal at cihar dot com
What kind of tests do fail? I have no idea what could be broken by this change.
 [2005-01-08 18:39 UTC]
php run-tests.php ext/standard/tests/serialize


serialize()/unserialize()/var_dump() [ext/standard/tests/serialize/001.phpt]
Bug #25378 (unserialize() crashes with invalid data) [ext/standard/tests/serialize/002.phpt]
Bug #14293 (serialize() and __sleep()) [ext/standard/tests/serialize/bug14293.phpt]
Bug #21957 (serialize() mangles objects with __sleep) [ext/standard/tests/serialize/bug21957.phpt]
Bug #25378 (unserialize() crashes with invalid data) [ext/standard/tests/serialize/bug25378.phpt]
Bug #28325 (Problem in serialisation of circular references) [ext/standard/tests/serialize/bug28325.phpt]
 [2005-01-08 20:00 UTC] michal at cihar dot com
I can't reproduce these failures here (php 4.3.10).
 [2005-03-07 15:21 UTC] michal at cihar dot com
The patch works fine also on 5.0.3, I have no idea what could break tests for you...
 [2005-03-07 17:42 UTC]
Please try using this CVS snapshot:
For Windows:

This should be fixed since 17. January in CVS
 [2005-03-10 03:01 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

 [2005-03-14 17:12 UTC] michal at cihar dot com
I haven't yet find time to test this, but you seem to duplicate part of code with this commit:

 	if (elements < 0) {
 		return 0;

+	if (elements < 0) {
+		return 0;
+	}
PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Sun Nov 29 03:01:32 2015 UTC