php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #79978 serialize() on an object returning a string that can't be unserialized()
Submitted: 2020-08-15 19:38 UTC Modified: 2020-08-30 04:22 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: cdtreeks at gmail dot com Assigned:
Status: No Feedback Package: SPL related
PHP Version: 7.4.9 OS: Amazon Linux 2
Private report: No CVE-ID: None
View Developer Edit
 [2020-08-15 19:38 UTC] cdtreeks at gmail dot com 
Description:
------------
Completely standard PHP install on the latest PHP 7.4.9 version and we're experiencing issues with serialize() returning strings that can't be unserialized().

Ever occurrence we've seen have been from a single object, but we can't find anything specific about object itself.

All malformed strings returned match the following format:
r:[0-9]{3};

Examples include:
r:453;
r:501;
r:549;

When trying to unserialize, we get the following error:
unserialize(): Error at offset 6 of 6 bytes

We've just recently migrated to PHP 7.4 from 7.2 and had never observed this behaviour previously and have tested the same logic there since with no issue apparent so this appear to be a bug that's come in since PHP 7.2.27.

I'd try and show you an example of the object, but that's a little tricky when I can't serialize it - sorry!

Test script:
---------------
I don't expect this to help, but as I'm not able to serialize an example of the objects failing, here's a print_r() of it.

field_string Object ( [minlen] => 0 [maxlen] => 255 [raw] => [value] => [values] => [hidden] => [in_form] => [disabled] => [readonly] => [pre_label_text] => [pre_text] => [post_text] => [tooltip_message] => [default] => [class] => [id] => [attributes] => Array ( ) [wrapper_tag] => [li_attributes] => [name] => title [required] => 1 [in_database] => 1 [fieldset] => [is_form_field] => 1 [parent_form] => membership Object ( [cms_table] => cms_table Object ( [id_name] => mid [table_mid] => 208 [table_name] => membership [soft_delete] => [module_title] => Memberships [module_name] => membership [shared_module] => 0 [shared_modules] => Array ( ) [database] => [has_cms_fields] => 1 [module_title_singular] => Membership [title_field] => title [publish_dates] => 0 [linked_mid] => 0 [shadow_mid] => 0 [live_field:protected] => live [deleted_field:protected] => deleted [show_validation_error_messages_above] => [show_legends] => [id] => [attributes] => Array ( ) [bootstrapped] => [legend_tag] => [enc_type] => [has_submit] => [submit_label] => [submit_class] => [submit_in_fieldset] => [pre_fields_text] => [post_fields_text] => [pre_submit_text] => [post_submit_text] => [validation_errors] => [validation_err_msg] => [show_labels_as_placeholder] => [remove_unset_fields_from_form] => [legend_attributes] => [maximum_errors_to_show] => [fields:protected] => Array ( [title] => field_string Object *RECURSION* [fn] => field_filename Object ( [minlen] => 0 [maxlen] => 255 [raw] => [value] => [values] => [hidden] => [in_form] => [disabled] => [readonly] => [pre_label_text] => [pre_text] => [post_text] => [tooltip_message] => [default] => [class] => [id] => [attributes] => Array ( ) [wrapper_tag] => [li_attributes] => [name] => fn [required] => [in_database] => 1 [fieldset] => [is_form_field] => 1 [parent_form] => membership Object *RECURSION* [label_title] => Filename [show_label] => 1 [show_required_asterix] => [error_label] => [validation_error_prefix] => [source_data] => table_field Object ( [mid] => 208 [fid] => 2 [ftid] => filename [ulid] => 3 [linkmid] => 0 [linkfid] => 0 [fieldset] => [name] => fn [title] => Filename [required] => [editable] => 1 [searchable] => 0 [tablename] => membership [default] => [hint] => [source_table] => [shadow_data] => 0 [options] => ) ) [points] => field_int Object ( [min] => 0 [max] => 9223372036854775807 [show_zero] => [allow_null] => 1 [add_class_core_field_int] => 1 [value] => [values] => [hidden] => [in_form] => [disabled] => [readonly] => [pre_label_text] => [pre_text] => [post_text] => [tooltip_message] => [default] => [class] => [id] => [attributes] => Array ( ) [wrapper_tag] => [li_attributes] => [name] => points [required] => [in_database] => 1 [fieldset] => [is_form_field] => 1 [parent_form] => membership Object *RECURSION* [label_title] => Points [show_label] => 1 [show_required_asterix] => [error_label] => [validation_error_prefix] => [source_data] => table_field Object ( [mid] => 208 [fid] => 3 [ftid] => integer [ulid] => 3 [linkmid] => 0 [linkfid] => 0 [fieldset] => [name] => points [title] => Points [required] => [editable] => 1 [searchable] => 0 [tablename] => membership [default] => [hint] => [source_table] => [shadow_data] => 0 [options] => ) ) [perks] => field_json Object ( [value] => [values] => [hidden] => [in_form] => [disabled] => [readonly] => [pre_label_text] => [pre_text] => [post_text] => [tooltip_message] => [default] => [class] => [id] => [attributes] => Array ( ) [wrapper_tag] => [li_attributes] => [name] => perks [required] => [in_database] => 1 [fieldset] => [is_form_field] => 1 [parent_form] => membership Object *RECURSION* [label_title] => Perks [show_label] => 1 [show_required_asterix] => [error_label] => [validation_error_prefix] => [source_data] => table_field Object ( [mid] => 208 [fid] => 4 [ftid] => json [ulid] => 3 [linkmid] => 0 [linkfid] => 0 [fieldset] => [name] => perks [title] => Perks [required] => [editable] => 1 [searchable] => 0 [tablename] => membership [default] => [hint] => [source_table] => [shadow_data] => 0 [options] => { "fields": [ { "title": "Perk", "type": "string" } ] } ) ) [image_5] => field_image Object ( [fid] => 5 [types] => Array ( [cms] => jpg [t] => png [s] => png ) [image_module] => membership [uploadify] => [uploadify_options] => Array ( ) [value] => [values] => [hidden] => [in_form] => [disabled] => [readonly] => [pre_label_text] => [pre_text] => [post_text] => [tooltip_message] => [default] => [class] => [id] => [attributes] => Array ( ) [wrapper_tag] => [li_attributes] => [name] => image_5 [required] => [in_database] => 1 [fieldset] => [is_form_field] => 1 [parent_form] => membership Object *RECURSION* [label_title] => Image [show_label] => 1 [show_required_asterix] => [error_label] => [validation_error_prefix] => [source_data] => table_field Object ( [mid] => 208 [fid] => 5 [ftid] => image [ulid] => 3 [linkmid] => 0 [linkfid] => 0 [fieldset] => [name] => [title] => Image [required] => [editable] => 1 [searchable] => 0 [tablename] => membership [default] => [hint] => [source_table] => [shadow_data] => 0 [options] => [image_types] => Array ( [cms] => jpg [t] => png [s] => png ) ) ) [monthly_cashback_percentage] => field_float Object ( [min] => 0 [max] => -1 [decimal_places] => 2 [allow_null] => 1 [value] => [values] => [hidden] => [in_form] => [disabled] => [readonly] => [pre_label_text] => [pre_text] => [post_text] => [tooltip_message] => [default] => [class] => [id] => [attributes] => Array ( ) [wrapper_tag] => [li_attributes] => [name] => monthly_cashback_percentage [required] => [in_database] => 1 [fieldset] => [is_form_field] => 1 [parent_form] => membership Object *RECURSION* [label_title] => Monthly cashback percentage [show_label] => 1 [show_required_asterix] => [error_label] => [validation_error_prefix] => [source_data] => table_field Object ( [mid] => 208 [fid] => 6 [ftid] => dec [ulid] => 2 [linkmid] => 0 [linkfid] => 0 [fieldset] => [name] => monthly_cashback_percentage [title] => Monthly cashback percentage [required] => [editable] => 1 [searchable] => 0 [tablename] => membership [default] => [hint] => [source_table] => [shadow_data] => 0 [options] => ) ) ) [select_fields:protected] => Array ( ) [multi_select_fields:protected] => Array ( ) [image_fields:protected] => Array ( [image_5] => field_image Object ( [fid] => 5 [types] => Array ( [cms] => jpg [t] => png [s] => png ) [image_module] => membership [uploadify] => [uploadify_options] => Array ( ) [value] => [values] => [hidden] => [in_form] => [disabled] => [readonly] => [pre_label_text] => [pre_text] => [post_text] => [tooltip_message] => [default] => [class] => [id] => [attributes] => Array ( ) [wrapper_tag] => [li_attributes] => [name] => image_5 [required] => [in_database] => 1 [fieldset] => [is_form_field] => 1 [parent_form] => membership Object *RECURSION* [label_title] => Image [show_label] => 1 [show_required_asterix] => [error_label] => [validation_error_prefix] => [source_data] => table_field Object ( [mid] => 208 [fid] => 5 [ftid] => image [ulid] => 3 [linkmid] => 0 [linkfid] => 0 [fieldset] => [name] => [title] => Image [required] => [editable] => 1 [searchable] => 0 [tablename] => membership [default] => [hint] => [source_table] => [shadow_data] => 0 [options] => [image_types] => Array ( [cms] => jpg [t] => png [s] => png ) ) ) ) [fast_form_submission_spam_flag_time:protected] => 2000 [class] => form_core_default cms_table cf ) [get_titles] => [get_tables] => [get_linked_members] => [retrieve_deleted] => [retrieve_unlive] => [auto_typecast_field_validation_errors] => [is_deleted] => [is_live] => 1 [was_deleted] => [was_live] => 1 [was_id] => 3 [was_parent_id] => 0 [ts] => 2020-07-03 08:05:26 [cms_time_from] => [cms_time_to] => [table_id_set] => [has_cms_fields:protected] => [local_field_copy:protected] => [original_values:protected] => Array ( [title] => Silver [fn] => silver [points] => 50000 [perks] => {"0":{"cms_field_1":"2% Monthly cashback"},"1":{"cms_field_1":"Exclusive Discount code every month"}} [image_5] => stdClass Object ( [_] => stdClass Object ( [cdn] => 1 [w] => 190 [h] => 190 [t] => png [ts] => 1593759926 ) [cms] => stdClass Object ( [cdn] => 1 [w] => 130 [h] => 130 [t] => jpg [ts] => 1593759926 [tr] => ) [t] => stdClass Object ( [cdn] => 1 [w] => 100 [h] => 100 [t] => png [ts] => 1593759926 [tr] => 1 ) [s] => stdClass Object ( [cdn] => 1 [w] => 190 [h] => 190 [t] => png [ts] => 1593759926 [tr] => 1 ) ) [monthly_cashback_percentage] => 2 [ts] => 2020-07-03 08:05:26 [cms_created] => 2020-04-01 08:36:11 [parent_mid] => 0 [mid] => 3 ) [show_validation_error_messages_above] => [show_legends] => [id] => [attributes] => Array ( ) [bootstrapped] => [legend_tag] => [enc_type] => [has_submit] => [submit_label] => [submit_class] => [submit_in_fieldset] => [pre_fields_text] => [post_fields_text] => [pre_submit_text] => [post_submit_text] => [validation_errors] => [validation_err_msg] => [show_labels_as_placeholder] => [remove_unset_fields_from_form] => [legend_attributes] => [maximum_errors_to_show] => [fields:protected] => [select_fields:protected] => [multi_select_fields:protected] => [image_fields:protected] => [fast_form_submission_spam_flag_time:protected] => 2000 [class] => form_core_default membership cf [module_name] => membership [mid] => 3 [title] => Silver [fn] => silver [points] => 50000 [perks] => {"0":{"cms_field_1":"2% Monthly cashback"},"1":{"cms_field_1":"Exclusive Discount code every month"}} [image_5] => stdClass Object ( [_] => stdClass Object ( [cdn] => 1 [w] => 190 [h] => 190 [t] => png [ts] => 1593759926 ) [cms] => stdClass Object ( [cdn] => 1 [w] => 130 [h] => 130 [t] => jpg [ts] => 1593759926 [tr] => ) [t] => stdClass Object ( [cdn] => 1 [w] => 100 [h] => 100 [t] => png [ts] => 1593759926 [tr] => 1 ) [s] => stdClass Object ( [cdn] => 1 [w] => 190 [h] => 190 [t] => png [ts] => 1593759926 [tr] => 1 ) ) [monthly_cashback_percentage] => 2 [cms_created] => 2020-04-01 08:36:11 [parent_mid] => 0 [do_not_serialise] => Array ( [0] => cms_table [1] => select_fields [2] => multi_select_fields [3] => image_fields ) ) [label_title] => Title [show_label] => 1 [show_required_asterix] => [error_label] => [validation_error_prefix] => [source_data] => table_field Object ( [mid] => 208 [fid] => 1 [ftid] => str [ulid] => 3 [linkmid] => 0 [linkfid] => 0 [fieldset] => [name] => title [title] => Title [required] => 1 [editable] => 1 [searchable] => 1 [tablename] => membership [default] => [hint] => [source_table] => [shadow_data] => 0 [options] => ) )

Expected result:
----------------
The object serializes to a string and unserializes again to return it back to its original state. 

Actual result:
--------------
We get a malformed string that can't be unserializsed.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-08-15 19:43 UTC] nikic@php.net 
Are any object implementing the Serializable interface involved?
 [2020-08-15 20:36 UTC] requinix@php.net
-Status: Open +Status: Feedback
 [2020-08-15 20:36 UTC] requinix@php.net 
Are you using any custom serialization logic? Are the serialized strings from 7.2 and 7.4.9 different?
 [2020-08-15 20:37 UTC] requinix@php.net 
Ah, I do wish Package:SPL bugs would send notification emails to the regular bugs list...
 [2020-08-15 21:03 UTC] cdtreeks at gmail dot com 
Hi Nikita,

Yes, we do make use of the Serializable interface on the object though they really don't do much at all.

I've done some further testing on 7.2.32 this evening and it seems the same strings are returned for the serialized objects, however, when we come to unserialize() it's not throwing the PHP notice (even with E_ALL) so we've not been aware of any issue prior so it could have been an issue all along.
 [2020-08-16 19:21 UTC] nikic@php.net 
It seems likely that you are running into a design flaw with the Serializable interface (especially if your Serializable implementations involve something like parent::serialize() or parent::unserialize()). PHP 7.4 introduced new __serialize() and __unserialize() methods to avoid this problem (described in more detail at https://wiki.php.net/rfc/custom_object_serialization). Possibly that's something you might want to give a try.
 [2020-08-30 04:22 UTC] php-bugs at lists dot php dot net 
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Wed Oct 29 01:00:01 2025 UTC