php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #79880 Fatal error: Uncaught Error: Invalid serialization data for DateTime object
Submitted: 2020-07-21 22:10 UTC Modified: 2020-12-04 13:09 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: isharafa at unb dot ca Assigned: cmb (profile)
Status: Closed Package: Date/time related
PHP Version: 7.4.8 OS: Ubuntu
Private report: No CVE-ID: None
 [2020-07-21 22:10 UTC] isharafa at unb dot ca
Description:
------------
I was fuzzing PHP to find a bug in unserialize function and I got the following bug:

Stack trace:
#0 [internal function]: DateTime->__wakeup()
#1 Command line code(1): unserialize('O:8:"DateTime":...')
#2 {main}
  thrown in Command line code on line 1

You can reproduce that using the following command.

echo -ne 'O:8:"DateTime":3:{s:4:"date";s:26:"2fe";01-one";s:10"Z.012345";s:13:"timezone_type";i:2;s:8:"timezone";s:1:"Z";}' | ./sapi/cli/php  -r 'unserialize(file_get_contents("php://stdin"));'


Test script:
---------------
echo -ne 'O:8:"DateTime":3:{s:4:"date";s:26:"2fe";01-one";s:10"Z.012345";s:13:"timezone_type";i:2;s:8:"timezone";s:1:"Z";}' | ./sapi/cli/php  -r 'unserialize(file_get_contents("php://stdin"));'


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-07-21 23:39 UTC] requinix@php.net
-Status: Open +Status: Feedback -Package: *Programming Data Structures +Package: Date/time related
 [2020-07-21 23:39 UTC] requinix@php.net
What's the bug? You're crafting a custom serialized string (which is already a bad thing) containing an invalid date string that DateTime would have rejected (so the object shouldn't even exist in the first place) and when you try to unserialize it you get an exception (as opposed to a crash).
 [2020-07-22 10:59 UTC] isharafa at unb dot ca
-Status: Feedback +Status: Open
 [2020-07-22 10:59 UTC] isharafa at unb dot ca
Yes.
 [2020-07-22 12:26 UTC] cmb@php.net
-Status: Open +Status: Not a bug -Assigned To: +Assigned To: cmb
 [2020-07-22 12:26 UTC] cmb@php.net
So this is obviously not a bug.
 [2020-07-22 14:16 UTC] isharafa at unb dot ca
When I modify the datetime object, it just return false, but with this specific test case I get the Fatal Error. That's why I reported this bug.
 [2020-07-22 14:34 UTC] cmb@php.net
-Status: Not a bug +Status: Open -Assigned To: cmb +Assigned To:
 [2020-07-22 14:42 UTC] nikic@php.net
I still don't understand what the supposed bug here is. Unserialization throwing exceptions is completely normal. You get a fatal error because you did not catch the exception.
 [2020-08-06 10:08 UTC] igor dot ozerskii at currencysolutions dot com
I have a similar problem when upgrading to 7.4.8 from 7.3.20, an error appeared.

[Error]
Invalid serialization data for DateTime object (0)
/home/bitrix/ext_www/htdocs/bitrix/modules/main/lib/data/cacheengineredis.php:366
# 0: DateTime -> __ wakeup ()

# 1: Redis-> get (string)
/home/bitrix/ext_www/htdocs/bitrix/modules/main/lib/data/cacheengineredis.php:366
# 2: Bitrix \ Main \ Data \ CacheEngineRedis-> read (array, string, string, string, integer)


environment  Docker

PHP -  php:7.4-fpm-alpine  and  FROM php:7.3-fpm-alpine
Redis Extension - develop branch and try branch master  (github.com/ phpredis/ phpredis/ )
Redis server - 5.0.9


php:7.3 - work fine
 [2020-12-04 13:09 UTC] cmb@php.net
-Status: Open +Status: Verified -Type: Bug +Type: Documentation Problem -Assigned To: +Assigned To: cmb
 [2020-12-04 13:09 UTC] cmb@php.net
Actually, this is a documentation issue.
 [2020-12-04 13:12 UTC] cmb@php.net
Automatic comment from SVN on behalf of cmb
Revision: http://svn.php.net/viewvc/?view=revision&revision=351869
Log: Fix #79880: Fatal error: Uncaught Error: Invalid serialization data for DateTime object
 [2020-12-04 13:14 UTC] phpdocbot@php.net
Automatic comment on behalf of cmb
Revision: http://git.php.net/?p=doc/en.git;a=commit;h=e77680d775f2da259a5080e6250575c23cdc37e2
Log: Fix #79880: Fatal error: Uncaught Error: Invalid serialization data for DateTime object
 [2020-12-04 13:14 UTC] phpdocbot@php.net
-Status: Verified +Status: Closed
 [2020-12-05 11:09 UTC] mumumu@php.net
Automatic comment from SVN on behalf of mumumu
Revision: http://svn.php.net/viewvc/?view=revision&revision=351888
Log: Fix #79880: Fatal error: Uncaught Error: Invalid serialization data for DateTime object
 [2020-12-05 11:10 UTC] phpdocbot@php.net
Automatic comment on behalf of mumumu
Revision: http://git.php.net/?p=doc/ja.git;a=commit;h=9a24584d437bdca34d9ed4c7a42cb68095af5c35
Log: Fix #79880: Fatal error: Uncaught Error: Invalid serialization data for DateTime object
 [2020-12-30 11:58 UTC] nikic@php.net
Automatic comment on behalf of mumumu
Revision: http://git.php.net/?p=doc/ja.git;a=commit;h=fed5edc5fa45a83359671617216cb803d288dfb9
Log: Fix #79880: Fatal error: Uncaught Error: Invalid serialization data for DateTime object
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 07:01:29 2024 UTC