Hi Stas,
I don't see the crash. Integer keys are supported in exactly the same way
as it was in PHP-5.
$ sapi/cli/php -r '$a = [1=>5]; $o = (object)$a; var_dump($o); $s =
serialize($o); var_dump($s);var_dump(unserialize($s));'
object(stdClass)#1 (1) {
[1]=>
int(5)
}
string(27) "O:8:"stdClass":1:{i:1;i:5;}"
object(stdClass)#2 (1) {
["1"]=>
int(5)
}
if you talk about manually crafted serialize string with for example
"float" keys, I think, we should just report a error.
Thanks. Dmitry.
On Wed, Sep 2, 2015 at 9:35 AM, Stanislav Malyshev <[email protected]>
wrote:
> Hi!
>
> Working on unserialize edge case patches backporting, I've discovered
> that object_properties_load() function crashes if the properties array
> contains non-string keys (which can happen on unserialize). Now, I can
> fix the crash, but I can fix it in two ways:
> 1. Ignore such keys (i.e. such properties will be banned, BC break
> against 5.x)
> 2. Treat such keys as in 5.x i.e. insert them in the hash.
>
> So, I wanted to know if dropping non-string keys there was intentional
> or not?
> --
> Stas Malyshev
> [email protected]
>
