|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #59573 Off-by-one in my_serialize_object()
Submitted: 2011-01-13 16:24 UTC Modified: 2016-08-31 16:02 UTC
From: tricky dot pecl at luuseri dot com Assigned: cmb (profile)
Status: Wont fix Package: APC (PECL)
PHP Version: 5.3.2 OS: Linux/Ubuntu 10.04.1
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: tricky dot pecl at luuseri dot com
New email:
PHP Version: OS:


 [2011-01-13 16:24 UTC] tricky dot pecl at luuseri dot com
In apc_main.c, on line 247 my_serialize_object copies 
serializer output into a zval. It attempts to copy len + 1 
bytes, which causes an off by one error.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2011-02-21 08:18 UTC] paulgao at yeah dot net
my_serialize_object in apc_compile.c???
 [2011-02-21 08:35 UTC] tricky dot pecl at luuseri dot com
Yes indeed, I reported the incorrect file, the correct file is 

I worked around this issue by explicitly adding a NUL byte in 
igbinary, but this may still bite later on. The built-in 
serializer always NUL terminates its output.
 [2016-08-31 16:02 UTC]
-Status: Open +Status: Wont fix -Assigned To: +Assigned To: cmb
 [2016-08-31 16:02 UTC]
According to <>, APC support has been
discontinued in favor of OPcache, APCu, the session upload
progress API and WinCache. Therefore this issue won't get fixed.
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Mon Nov 29 04:03:13 2021 UTC