|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #78438 Corruption when __unserializing deeply nested structures
Submitted: 2019-08-21 15:26 UTC Modified: 2019-08-23 09:42 UTC
From: risto at live dot nl Assigned: cmb (profile)
Status: Closed Package: Scripting Engine problem
PHP Version: 7.4.0beta2 OS: Linux; Fedora 30
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
Solve the problem:
35 + 18 = ?
Subscribe to this entry?

 [2019-08-21 15:26 UTC] risto at live dot nl
Data corruption seems to occur when using PHP 7.4s new __serialize and __unserialize functionality in deeply nested data structures. 

Test script:
Tested on PHP 7.4.0beta4 (cli) (built: Aug 20 2019 14:09:23) ( NTS )

However the bug has been observed in beta 1 and 2 as well.

See for a reproducer.

And for the issue in the wild.

Expected result:
When running the script I expect the unserialization to succeed as it does for deeply nested structures, as it does for the smaller sized examples in the reproducer.

Actual result:
It seems that in the deeply nested examples in the reproducer unserialization fails with errors like:

 - Argument 1 passed to X::__unserialize() must be of the type array, unknown given
 - Argument 1 passed to X::__unserialize() must be of the type array, int given


Add a Patch

Pull Requests

Pull requests:

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2019-08-22 14:51 UTC]
-Status: Open +Status: Verified -Package: Class/Object related +Package: Scripting Engine problem
 [2019-08-22 14:51 UTC]
The basic problem is that we're using two slots[1], which doesn't
work if the slots are distributed across two elements of the
linked list, in which case the first slot is in the list element
*after* the second slot.

There is also an issue with `VAR_DTOR_ENTRIES_MAX`[2] which doesn't
match the actual definition[3] and at least wastes memory.

[1] <>
[2] <>
[3] <>
 [2019-08-22 15:19 UTC]
The following pull request has been associated:

Patch Name: Fix #78438: Corruption when __unserializing deeply nested structures
On GitHub:
 [2019-08-23 09:42 UTC]
-Summary: Data corruption when using __serialize and __unserialize in nested structures +Summary: Corruption when __unserializing deeply nested structures -Assigned To: +Assigned To: cmb
 [2019-08-23 09:43 UTC]
Automatic comment on behalf of
Log: Fix #78438: Corruption when __unserializing deeply nested structures
 [2019-08-23 09:43 UTC]
-Status: Verified +Status: Closed
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Wed May 12 09:01:24 2021 UTC