php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #43854 Wrong length calculation in serialize S type
Submitted: 2008-01-15 11:44 UTC Modified: 2008-01-28 23:37 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: tomasz dot rutkowski at domeny dot pl Assigned:
Status: No Feedback Package: Arrays related
PHP Version: 5.2.5 OS: Linux
Private report: No CVE-ID: None
 [2008-01-15 11:44 UTC] tomasz dot rutkowski at domeny dot pl
Description:
------------
PHP 5.2.5 bad serialize string into multiarray.
This bug is only into PHP 5.2.5 .
PHP 5.2.4 is good.


Reproduce code:
---------------
$bad_serialized_multiarray = 'a:3:{i:0;a:4:{i:0;a:7:{i:0;i:69;i:1;s:30:"Lakier do wzorków czarny 10ml";i:2;d:19.980000000000000426325641456060111522674560546875;i:3;i:1;i:4;d:19.980000000000000426325641456060111522674560546875;i:5;s:0:"";i:6;s:2:"82";}i:1;a:7:{i:0;i:70;i:1;s:43:"Lakier do wzorków czarny perłowy 10ml";i:2;d:19.980000000000000426325641456060111522674560546875;i:3;i:1;i:4;d:19.980000000000000426325641456060111522674560546875;i:5;s:0:"";i:6;s:2:"99";}i:2;a:7:{i:0;i:65;i:1;s:34:"Lakier do wzorków biały 10ml";i:2;d:19.980000000000000426325641456060111522674560546875;i:3;i:1;i:4;d:19.980000000000000426325641456060111522674560546875;i:5;s:0:"";i:6;s:2:"85";}i:3;a:7:{i:0;i:75;i:1;s:28:"Lakier utrwalający 10ml";i:2;d:19.980000000000000426325641456060111522674560546875;i:3;i:1;i:4;d:19.980000000000000426325641456060111522674560546875;i:5;s:0:"";i:6;s:2:"92";}}i:1;a:3:{i:0;s:2:"75";i:1;s:28:"Lakier utrwalający 10ml";i:2;d:12.9900000000000002131628207280300557613372802734375;}i:2;i:13;}';

$fix_serialized_multiarray = 'a:3:{i:0;a:4:{i:0;a:7:{i:0;i:69;i:1;s:34:"Lakier do wzorków czarny 10ml";i:2;d:19.980000000000000426325641456060111522674560546875;i:3;i:1;i:4;d:19.980000000000000426325641456060111522674560546875;i:5;s:0:"";i:6;s:2:"82";}i:1;a:7:{i:0;i:70;i:1;s:47:"Lakier do wzorków czarny perłowy 10ml";i:2;d:19.980000000000000426325641456060111522674560546875;i:3;i:1;i:4;d:19.980000000000000426325641456060111522674560546875;i:5;s:0:"";i:6;s:2:"99";}i:2;a:7:{i:0;i:65;i:1;s:38:"Lakier do wzorków biały 10ml";i:2;d:19.980000000000000426325641456060111522674560546875;i:3;i:1;i:4;d:19.980000000000000426325641456060111522674560546875;i:5;s:0:"";i:6;s:2:"85";}i:3;a:7:{i:0;i:75;i:1;s:28:"Lakier utrwalający 10ml";i:2;d:19.980000000000000426325641456060111522674560546875;i:3;i:1;i:4;d:19.980000000000000426325641456060111522674560546875;i:5;s:0:"";i:6;s:2:"92";}}i:1;a:3:{i:0;s:2:"75";i:1;s:28:"Lakier utrwalający 10ml";i:2;d:12.9900000000000002131628207280300557613372802734375;}i:2;i:13;}';



Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-01-15 12:12 UTC] felipe@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.
 [2008-01-15 15:24 UTC] tomasz dot rutkowski at domeny dot pl
Sorry but I can't reconstruct this bug.
Admin change PHP verions on my demand.
This is productive server and they can't back to error version.

On similar server this bug is not reported :(
Perhaps it is liberty problem.


Example code:

<?php
/* Error string from DB */
$bad_serialize = 'a:3:{i:0;a:4:{i:0;a:7:{i:0;i:69;i:1;s:30:"Lakier do wzork&#243;w czarny 10ml";i:2;d:19.980000000000000426325641456060111522674560546875;i:3;i:1;i:4;d:19.980000000000000426325641456060111522674560546875;i:5;s:0:"";i:6;s:2:"82";}i:1;a:7:{i:0;i:70;i:1;s:43:"Lakier do wzork&#243;w czarny per&#322;owy 10ml";i:2;d:19.980000000000000426325641456060111522674560546875;i:3;i:1;i:4;d:19.980000000000000426325641456060111522674560546875;i:5;s:0:"";i:6;s:2:"99";}i:2;a:7:{i:0;i:65;i:1;s:34:"Lakier do wzork&#243;w bia&#322;y 10ml";i:2;d:19.980000000000000426325641456060111522674560546875;i:3;i:1;i:4;d:19.980000000000000426325641456060111522674560546875;i:5;s:0:"";i:6;s:2:"85";}i:3;a:7:{i:0;i:75;i:1;s:28:"Lakier utrwalaj&#261;cy 10ml";i:2;d:19.980000000000000426325641456060111522674560546875;i:3;i:1;i:4;d:19.980000000000000426325641456060111522674560546875;i:5;s:0:"";i:6;s:2:"92";}}i:1;a:3:{i:0;s:2:"75";i:1;s:28:"Lakier utrwalaj&#261;cy 10ml";i:2;d:12.9900000000000002131628207280300557613372802734375;}i:2;i:13;}';
var_dump( unserialize( $bad_serialize ) );
echo '<br />';

/* Good - fixed by me */
$fix_serialize = 'a:3:{i:0;a:4:{i:0;a:7:{i:0;i:69;i:1;s:34:"Lakier do wzork&#243;w czarny 10ml";i:2;d:19.980000000000000426325641456060111522674560546875;i:3;i:1;i:4;d:19.980000000000000426325641456060111522674560546875;i:5;s:0:"";i:6;s:2:"82";}i:1;a:7:{i:0;i:70;i:1;s:47:"Lakier do wzork&#243;w czarny per&#322;owy 10ml";i:2;d:19.980000000000000426325641456060111522674560546875;i:3;i:1;i:4;d:19.980000000000000426325641456060111522674560546875;i:5;s:0:"";i:6;s:2:"99";}i:2;a:7:{i:0;i:65;i:1;s:38:"Lakier do wzork&#243;w bia&#322;y 10ml";i:2;d:19.980000000000000426325641456060111522674560546875;i:3;i:1;i:4;d:19.980000000000000426325641456060111522674560546875;i:5;s:0:"";i:6;s:2:"85";}i:3;a:7:{i:0;i:75;i:1;s:28:"Lakier utrwalaj&#261;cy 10ml";i:2;d:19.980000000000000426325641456060111522674560546875;i:3;i:1;i:4;d:19.980000000000000426325641456060111522674560546875;i:5;s:0:"";i:6;s:2:"92";}}i:1;a:3:{i:0;s:2:"75";i:1;s:28:"Lakier utrwalaj&#261;cy 10ml";i:2;d:12.9900000000000002131628207280300557613372802734375;}i:2;i:13;}';
var_dump( unserialize( $fix_serialize ) );
echo '<br />';

/* Prepared array */
$prepare_array = array( 
  array( 
    array( 69, (string) "Lakier do wzork&#243;w czarny 10ml", (float) 19.98, 1, (float) 19.98, (string) "", (string) "82" ),
    array( 70, (string) "Lakier do wzork&#243;w czarny per&#322;owy 10ml", (float) 19.98, 1, (float) 19.98, (string) "", (string) "99" ),
    array( 65, "Lakier do wzork&#243;w bia&#322;y 10ml", (float) 19.98, 1, (float) 19.98, (string) "",(string) "85" ),
    array( 75, (string) "Lakier utrwalaj&#261;cy 10ml", (float) 19.98, 1, (float) 19.98, (string) "", (string) "92" )
  ),
  array( (string) "75", (string) "Lakier utrwalaj&#261;cy 10ml", (float) 12.99 ),
  2=> 13
);

$tmp = serialize( $prepare_array );
var_dump( unserialize( $tmp ) );
?>
 [2008-01-15 15:32 UTC] tomasz dot rutkowski at domeny dot pl
Sorry

Bad: Perhaps it is liberty problem.
Good: Probably it is a library problem.
 [2008-01-15 16:12 UTC] felipe@php.net
The example works fine in PHP5.2.5, 5.2.6, 5.3.
 [2008-01-15 17:17 UTC] felipe@php.net
Clarifying... The last code. (Prepared array)
 [2008-06-03 17:29 UTC] sweetiepiekiara at yahoo dot com
wats up
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 09 10:01:27 2024 UTC