php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #53437 Crash when using unserialized DatePeriod instance
Submitted: 2010-12-01 17:15 UTC Modified: 2013-03-04 12:43 UTC
From: from dot php dot net at brainbox dot cz Assigned: derick
Status: Closed Package: Date/time related
PHP Version: 5.3.3 OS: Windows XP SP3
Private report: No CVE-ID:
 [2010-12-01 17:15 UTC] from dot php dot net at brainbox dot cz
Description:
------------
DatePeriod class does not have the serialization/unserialization logic implemented. Therefore, when unserialized instance is used, script crashes.

This is result of serializing the DatePeriod instance:
O:10:"DatePeriod":0:{}

unserialize() wents fine as well, but when I call foreach() on unserialized instance, the script crashes.

Test script:
---------------
$dp = new DatePeriod(new DateTime('2010-01-01 UTC'), new DateInterval('P1D'), 2);

echo "Original:\r\n";
foreach($dp as $dt) {
	echo $dt->format('Y-m-d H:i:s')."\r\n";
}
echo "\r\n";

$ser = serialize($dp); // $ser is: O:10:"DatePeriod":0:{}

// Create dangerous instance
$dpu = unserialize($ser); // $dpu has invalid values…

echo "Unserialized:\r\n";
// …which leads to CRASH:
foreach($dpu as $dt) {
	echo $dt->format('Y-m-d H:i:s')."\r\n";
}

Expected result:
----------------
Original:
2010-01-01 00:00:00
2010-01-02 00:00:00
2010-01-03 00:00:00

Unserialized:
2010-01-01 00:00:00
2010-01-02 00:00:00
2010-01-03 00:00:00


Actual result:
--------------
PHP crashes on the "unserialize" line.

Patches

date_patch_var4.patch (last revision 2013-03-14 15:21 UTC) by ab@php.net)
date_patch_var3.patch (last revision 2013-03-13 08:53 UTC) by ab@php.net)
glopes_date_5.3.patch (last revision 2013-03-06 18:50 UTC) by ab@php.net)
glopes_date_5.4.patch (last revision 2013-03-05 11:20 UTC) by ab@php.net)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-12-01 17:24 UTC] cataphract@php.net
-Status: Open +Status: Verified
 [2010-12-01 17:41 UTC] cataphract@php.net
-Status: Verified +Status: Assigned -Assigned To: +Assigned To: cataphract
 [2010-12-01 21:50 UTC] felipe@php.net
Duplicated of #52113
 [2011-01-09 06:00 UTC] cataphract@php.net
-Assigned To: cataphract +Assigned To: derick
 [2011-01-09 06:00 UTC] cataphract@php.net
Reassigning to Derick, as the patch I've written is under his consideration.
 [2011-12-06 06:07 UTC] derick@php.net
Automatic comment from SVN on behalf of derick
Revision: http://svn.php.net/viewvc/?view=revision&revision=320479
Log: - Added a test case for #53437.
 [2011-12-21 15:10 UTC] tony2001@php.net
<@Cataphrac> (the Date(Period|Interval) serialization patch is here btw: http://nebm.ist.utl.pt/~glopes/misc/date_period_interval_ser.diff )
 [2013-03-04 12:43 UTC] ab@php.net
Here's the corresponding BT on windows,

 php5.dll!timelib_time_clone(timelib_time * orig) Line 52C
 php5.dll!date_period_it_rewind(_zend_object_iterator * iter) Line 1910C
 php5.dll!ZEND_FE_RESET_SPEC_CV_HANDLER(_zend_execute_data * execute_data) Line 22777C
 php5.dll!execute(_zend_op_array * op_array) Line 107C
 php5.dll!zend_execute_scripts(int type, _zval_struct * * retval, int file_count, ...) Line 1259C
 php5.dll!php_execute_script(_zend_file_handle * primary_file) Line 2316C
 php.exe!00b3246e()Unknown
 [Frames below may be incorrect and/or missing, no symbols loaded for php.exe]
 ntdll.dll!_RtlpHeapFindListLookupEntry@20()Unknown
 ntdll.dll!_RtlpFindEntry@8()Unknown
 024d2608()Unknown
 msvcr90.dll!__getptd_noexit()Unknown
 msvcr90.dll!__getptd()Unknown
 msvcr90.dll!_LocaleUpdate::_LocaleUpdate(struct localeinfo_struct *)Unknown
 msvcr90.dll!__ismbcalpha()Unknown
 msvcr90.dll!__ismbblead()Unknown
 msvcr90.dll!__lock()Unknown
 msvcr90.dll!__setargv()Unknown
 msvcr90.dll!___getmainargs()Unknown
 php.exe!00b32ca6()Unknown
 php.exe!00b32dca()Unknown
 kernel32.dll!@BaseThreadInitThunk@12()Unknown
 ntdll.dll!___RtlUserThreadStart@8()Unknown
 ntdll.dll!__RtlUserThreadStart@8()Unknown
 [2013-03-05 11:19 UTC] ab@php.net
The following patch has been added/updated:

Patch Name: glopes_date_5.3.patch
Revision:   1362482379
URL:        https://bugs.php.net/patch-display.php?bug=53437&patch=glopes_date_5.3.patch&revision=1362482379
 [2013-03-05 11:20 UTC] ab@php.net
The following patch has been added/updated:

Patch Name: glopes_date_5.4.patch
Revision:   1362482416
URL:        https://bugs.php.net/patch-display.php?bug=53437&patch=glopes_date_5.4.patch&revision=1362482416
 [2013-03-06 18:50 UTC] ab@php.net
The following patch has been added/updated:

Patch Name: glopes_date_5.3.patch
Revision:   1362595811
URL:        https://bugs.php.net/patch-display.php?bug=53437&patch=glopes_date_5.3.patch&revision=1362595811
 [2013-03-13 08:53 UTC] ab@php.net
The following patch has been added/updated:

Patch Name: date_patch_var3.patch
Revision:   1363164825
URL:        https://bugs.php.net/patch-display.php?bug=53437&patch=date_patch_var3.patch&revision=1363164825
 [2013-03-14 15:21 UTC] ab@php.net
The following patch has been added/updated:

Patch Name: date_patch_var4.patch
Revision:   1363274506
URL:        https://bugs.php.net/patch-display.php?bug=53437&patch=date_patch_var4.patch&revision=1363274506
 [2013-03-15 16:02 UTC] ab@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=0ee71557ffd285552659b6aa37ea236e3bad493f
Log: Fixed bug #53437 Crash with unserialized DatePeriod instance
 [2013-03-15 16:02 UTC] ab@php.net
-Status: Assigned +Status: Closed
 [2013-11-17 09:31 UTC] laruence@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=0ee71557ffd285552659b6aa37ea236e3bad493f
Log: Fixed bug #53437 Crash with unserialized DatePeriod instance
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Mon Apr 21 10:02:10 2014 UTC