php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #49821 unserialize of references
Submitted: 2009-10-09 13:05 UTC Modified: 2009-10-12 12:16 UTC
Votes:3
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: liz2k dot b8 at gmail dot com Assigned:
Status: Not a bug Package: *Programming Data Structures
PHP Version: 5.2.11 OS: linux
Private report: No CVE-ID: None
 [2009-10-09 13:05 UTC] liz2k dot b8 at gmail dot com
Description:
------------
function unserialize return wrong result of reference

Reproduce code:
---------------
---
From manual page: function.serialize
---
	$a = new stdClass;
	$a->v1 = $a;
	$a->v2 = &$a;
	
	echo serialize($a)."\n";
	
	$b = &unserialize(serialize($a));
	
	echo serialize($b);


Expected result:
----------------
O:8:"stdClass":2:{s:2:"v1";r:1;s:2:"v2";R:1;}
O:8:"stdClass":2:{s:2:"v1";r:1;s:2:"v2";R:1;}

Actual result:
--------------
O:8:"stdClass":2:{s:2:"v1";r:1;s:2:"v2";R:1;}
O:8:"stdClass":2:{s:2:"v1";R:1;s:2:"v2";R:1;}

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-10-09 14:05 UTC] liz2k dot b8 at gmail dot com
And one more wrong work Example:

	$a = new stdClass;
	$a->v2 = &$a;
	$a->v1 = $a;
	
	echo serialize($a)."\n";
	
	$b = &unserialize(serialize($a));
	
	echo serialize($b);

Expected result:
----------------
O:8:"stdClass":2:{s:2:"v2";R:1;s:2:"v1";r:1;}
O:8:"stdClass":2:{s:2:"v2";R:1;s:2:"v1";r:1;}

Actual result:
--------------
O:8:"stdClass":2:{s:2:"v2";R:1;s:2:"v1";r:1;}
O:8:"stdClass":2:{s:2:"v2";r:1;s:2:"v1";r:1;}
 [2009-10-11 09:33 UTC] Sjoerd@php.net
Thank you for your bug report.

Is there a problem with this other than that the serialization string is different? Do objects $a and $b have different behavior?
 [2009-10-12 07:01 UTC] liz2k dot b8 at gmail dot com
no - you can try serialize(&unserialize(serialize($a))).
 [2009-10-12 11:21 UTC] sjoerd@php.net
I don't understand your answer. Please explain, preferably with a code example, how the behavior you described causes a problem.
 [2009-10-12 11:46 UTC] liz2k dot b8 at gmail dot com
I said about references in unserialize object - R and r.

If last reference of serialized object is R - then all references of unserialized object will R. (linked by pointer (c++))

If last reference of serialized object is r - then all references of unserialized object will r. (just refer to one object $a)
 [2009-10-12 12:16 UTC] colder@php.net
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.

This is expected, unserialize() doesn't return a reference.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Wed Oct 20 13:03:32 2021 UTC