PHP :: Bug #81163 :: indirect in _

Bug #81163	indirect in __sleep
Submitted:	2021-06-18 05:10 UTC	Modified:	-
From:	krakjoe@php.net	Assigned:
Status:	Closed	Package:	Reproducible crash
PHP Version:	Irrelevant	OS:
Private report:	No	CVE-ID:	None

View Developer Edit

[2021-06-18 05:10 UTC] krakjoe@php.net

Description:
------------
indirect vars returned in properties for __sleep not handled correctly

Test script:
---------------
<?php
class foo
{
    private $private = 'private';
}

class bar extends foo
{
    public function __sleep()
    {
        return (new bar());
    }
}

var_dump(serialize(new bar()));
?>

Expected result:
----------------
Warning: serialize(): "private" returned as member variable from __sleep() but does not exist in /opt/src/php-src/sec.php on line 15
string(14) "O:3:"bar":0:{}"


Actual result:
--------------
assert fail

Patches

Pull Requests

Pull requests:

Fix bug #81163 indirect vars in __sleep (php-src/7169)

History

AllCommentsChangesGit/SVN commitsRelated reports

[2021-06-18 05:14 UTC] krakjoe@php.net

The following pull request has been associated:

Patch Name: Fix bug #81163 indirect vars in __sleep
On GitHub:  https://github.com/php/php-src/pull/7169
Patch:      https://github.com/php/php-src/pull/7169.patch

[2021-06-18 09:23 UTC] git@php.net

Automatic comment on behalf of krakjoe
Revision: https://github.com/php/php-src/commit/fba439196e032195a3a7e612717df4241522054c
Log: Fix bug #81163 __sleep allowed to return non-array

[2021-06-18 09:23 UTC] git@php.net

-Status: Open +Status: Closed

[2021-06-18 17:12 UTC] git@php.net

Automatic comment on behalf of krakjoe
Revision: https://github.com/php/php-src/commit/bc59b046c6128a42857551da12f07005d56190ed
Log: Fix bug #81163 indirect vars in __sleep

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Oct 31 18:00:01 2025 UTC