|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #34306 wddx_serialize_value() crashes with long array keys
Submitted: 2005-08-30 14:10 UTC Modified: 2005-08-31 16:33 UTC
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: dmitrysp at yandex dot ru Assigned:
Status: Closed Package: WDDX related
PHP Version: 5CVS, 4CVS (2005-08-31) OS: *
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: dmitrysp at yandex dot ru
New email:
PHP Version: OS:


 [2005-08-30 14:10 UTC] dmitrysp at yandex dot ru
Apache2 crash. 

Try Apache2 + PHP 5.1.0RC1, 
Apache2 + PHP 5.1.0-dev (built: Aug 30 2005 08:42:21), 
php.exe 4.3.0 console.

szAppName : Apache.exe     szAppVer :     szModName : php5ts.dll     
szModVer :     offset : 001e144d     

Reproduce code:
    for ($i=1; $i<255; $i++) $str.=chr($i);
    $buf=wddx_serialize_value($mix, 'name'); // apache crash here
    echo "ok";


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2005-08-31 11:27 UTC]
Apparently the maximum array key lenght for wddx serializer is 254. It doesn't matter what the content is.

 [2005-08-31 11:28 UTC]
Correction: The max length is 251.
 [2005-08-31 14:43 UTC]
(gdb) bt
#0  0x083b98dd in _zend_is_inconsistent (ht=0x0, file=0x869a3f0 "/usr/src/php/php_5_1/Zend/zend_hash.c", line=1022)
    at /usr/src/php/php_5_1/Zend/zend_hash.c:53
#1  0x083bc002 in zend_hash_move_forward_ex (ht=0x0, pos=0x0) at /usr/src/php/php_5_1/Zend/zend_hash.c:1022
#2  0x08355ed5 in php_wddx_serialize_array (packet=0x0, arr=0x0) at /usr/src/php/php_5_1/ext/wddx/wddx.c:589

 [2005-08-31 14:44 UTC]
Previous frame inner to this frame (corrupt stack?)
 [2005-08-31 16:32 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

Fixed in HEAD and PHP_5_1 branches. Won't fix elsewhere.

PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Jun 23 16:01:29 2024 UTC