php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #67453 Allow to unserialize empty data.
Submitted: 2014-06-16 12:17 UTC Modified: 2014-06-17 07:45 UTC
From: remi@php.net Assigned: remi
Status: Closed Package: SPL related
PHP Version: 5.6.0beta4 OS: irrevelant
Private report: No CVE-ID:
 [2014-06-16 12:17 UTC] remi@php.net
Description:
------------
SplDoublyLinkedList, SplObjectStorage and ArrayObject have empty constructor (no arg), so it make sense to allow to unserialize empty data.

This also the hack (used in various place, including PHPUnit) to instanciate class without call to constructor to work. 

Test script:
---------------
$a = new ArrayObject(array());
$a->unserialize("");


Expected result:
----------------
No error

Actual result:
--------------
Fatal error: Uncaught exception 'UnexpectedValueException' with message 'Empty serialized string cannot be empty' in ...


Patches

php-unserialize.patch (last revision 2014-06-16 12:18 UTC) by remi@php.net)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-06-16 12:18 UTC] remi@php.net
-Assigned To: +Assigned To: remi
 [2014-06-16 12:18 UTC] remi@php.net
The following patch has been added/updated:

Patch Name: php-unserialize.patch
Revision:   1402921120
URL:        https://bugs.php.net/patch-display.php?bug=67453&patch=php-unserialize.patch&revision=1402921120
 [2014-06-17 07:45 UTC] remi@php.net
-Status: Assigned +Status: Closed
 [2014-06-17 07:45 UTC] remi@php.net
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

http://git.php.net/?p=php-src.git;a=commitdiff;h=ea466a316ffc39c7d5733c5aa1c37ab604af6e57
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Feb 21 21:01:38 2017 UTC