PHP :: Bug #49821 :: unserialize of references

Bug #49821

unserialize of references

Submitted:

2009-10-09 13:05 UTC

Modified:

2009-10-12 12:16 UTC

Votes:	3
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

liz2k dot b8 at gmail dot com

Assigned:

Status:

Not a bug

Package:

*Programming Data Structures

PHP Version:

5.2.11

OS:

linux

Private report:

CVE-ID:

None

View Developer Edit

[2009-10-09 13:05 UTC] liz2k dot b8 at gmail dot com

Description:
------------
function unserialize return wrong result of reference

Reproduce code:
---------------
---
From manual page: function.serialize
---
	$a = new stdClass;
	$a->v1 = $a;
	$a->v2 = &$a;
	
	echo serialize($a)."\n";
	
	$b = &unserialize(serialize($a));
	
	echo serialize($b);


Expected result:
----------------
O:8:"stdClass":2:{s:2:"v1";r:1;s:2:"v2";R:1;}
O:8:"stdClass":2:{s:2:"v1";r:1;s:2:"v2";R:1;}

Actual result:
--------------
O:8:"stdClass":2:{s:2:"v1";r:1;s:2:"v2";R:1;}
O:8:"stdClass":2:{s:2:"v1";R:1;s:2:"v2";R:1;}

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-10-09 14:05 UTC] liz2k dot b8 at gmail dot com

And one more wrong work Example:

	$a = new stdClass;
	$a->v2 = &$a;
	$a->v1 = $a;
	
	echo serialize($a)."\n";
	
	$b = &unserialize(serialize($a));
	
	echo serialize($b);

Expected result:
----------------
O:8:"stdClass":2:{s:2:"v2";R:1;s:2:"v1";r:1;}
O:8:"stdClass":2:{s:2:"v2";R:1;s:2:"v1";r:1;}

Actual result:
--------------
O:8:"stdClass":2:{s:2:"v2";R:1;s:2:"v1";r:1;}
O:8:"stdClass":2:{s:2:"v2";r:1;s:2:"v1";r:1;}

[2009-10-11 09:33 UTC] Sjoerd@php.net

Thank you for your bug report.

Is there a problem with this other than that the serialization string is different? Do objects $a and $b have different behavior?

[2009-10-12 07:01 UTC] liz2k dot b8 at gmail dot com

no - you can try serialize(&unserialize(serialize($a))).

[2009-10-12 11:21 UTC] sjoerd@php.net

I don't understand your answer. Please explain, preferably with a code example, how the behavior you described causes a problem.

[2009-10-12 11:46 UTC] liz2k dot b8 at gmail dot com

I said about references in unserialize object - R and r.

If last reference of serialized object is R - then all references of unserialized object will R. (linked by pointer (c++))

If last reference of serialized object is r - then all references of unserialized object will r. (just refer to one object $a)

[2009-10-12 12:16 UTC] colder@php.net

Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.

This is expected, unserialize() doesn't return a reference.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue Oct 28 22:00:01 2025 UTC