php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #76632 Nested serialize() with shared references yields wrong unserialization
Submitted: 2018-07-16 12:43 UTC Modified: 2018-07-16 13:39 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: niklas dot correnz at hcom dot de Assigned:
Status: Open Package: *General Issues
PHP Version: 7.1.19 OS: Ubuntu 16.04
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2018-07-16 12:43 UTC] niklas dot correnz at hcom dot de
Description:
------------
When implementing \Serializable a nested serialize() call will cause the unserialized() result to be messed up.

Nested serialize() calls often occur when extending classes and overwriting serialize with additional fields, so this is not unusual. Our test script simulates this by nesting serialize().

The result still break, if the array with the referenced objects is not inside the nested serialize(), but instead any additional property is serialized with a nested call (not in the test script).

Test script:
---------------
$role1 = new \stdClass();
$role1->name = 'role1';
$role2 = new \stdClass();
$role2->name = 'role2';
class group implements \Serializable {
  private $roles;
  public function __construct(array $roles) {
    $this->roles = $roles;
  }
  public function serialize() {
    return serialize([serialize($this->roles)]);
  }
  public function unserialize($serialized) {
    $this->roles = unserialize(unserialize($serialized)[0]);
  }
}
$group1 = new \group([$role1, $role2]);
$group2 = new \group([$role1, $role2]);
var_dump(unserialize(serialize([$group1, $group2])));

Expected result:
----------------
array (size=2)
  0 => 
    object(group)[5]
      private 'roles' => 
        array (size=2)
          0 => 
            object(stdClass)[6]
              public 'name' => string 'role1' (length=5)
          1 => 
            object(stdClass)[7]
              public 'name' => string 'role2' (length=5)
  1 => 
    object(group)[8]
      private 'roles' => 
        array (size=2)
          0 => 
            object(stdClass)[6]
              public 'name' => string 'role1' (length=5)
          1 => 
            object(stdClass)[7]
              public 'name' => string 'role2' (length=5)

Actual result:
--------------
array (size=2)
  0 => 
    object(group)[5]
      private 'roles' => 
        array (size=2)
          0 => 
            object(stdClass)[6]
              public 'name' => string 'role1' (length=5)
          1 => 
            object(stdClass)[7]
              public 'name' => string 'role2' (length=5)
  1 => 
    object(group)[8]
      private 'roles' => 
        array (size=2)
          0 => string 'a:2:{i:0;O:8:"stdClass":1:{s:4:"name";s:5:"role1";}i:1;O:8:"stdClass":1:{s:4:"name";s:5:"role2";}}' (length=98)
          1 => 
            object(stdClass)[6]
              public 'name' => string 'role1' (length=5)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-07-16 13:39 UTC] cmb@php.net
See <https://externals.io/message/98834>.
 
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Tue Dec 11 23:01:25 2018 UTC