#17728 [Fbk->NoF]: unserialize fails to decode object data

Mon, 14 Oct 2002 16:50:17 -0700 

 ID:               17728
 Updated by:       [EMAIL PROTECTED]
 Reported By:      [EMAIL PROTECTED]
-Status:           Feedback
+Status:           No Feedback
 Bug Type:         Strings related
 Operating System: linux 2.4
 PHP Version:      4.3.0-dev + ZE2
 New Comment:

No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".


Previous Comments:
------------------------------------------------------------------------

[2002-09-19 13:26:01] [EMAIL PROTECTED]

Can you try the patch posted in Bug #19493 and tell us if this works
for you?  

------------------------------------------------------------------------

[2002-06-19 16:58:41] [EMAIL PROTECTED]

This problem has also occured in version 4.2.0. I've experienced it on
FreeBSD 4.5-RELEASE-p4

------------------------------------------------------------------------

[2002-06-13 05:00:27] [EMAIL PROTECTED]

Same problem in win32/apache 1.3.22

function unserialize fails with classes.

code:
class A {
 var $a;
}

$a = new A();
$b = $a
$b->a = 4;
echo $a->a; //correct ze2: output = 4

$arr[0] = $a;
$arr[1] = $b;
$arr[1]->a = 5

echo $arr[0]->a; //correct ze2: output = 5

$str = serialize($arr);
delete $a;
$arr = null;
$arr = unserialize($str);  // ----------> crash

Thanx and good luck

------------------------------------------------------------------------

[2002-06-12 10:40:08] [EMAIL PROTECTED]

.

------------------------------------------------------------------------

[2002-06-12 10:37:27] [EMAIL PROTECTED]

Actually bugreport is about 4.3.0 (also tried CVS) with Zend2. 
I was trying to restore object data from session, and php segfaults,
when i do session_start for the seccond time.

I guess it's unserialize's fault.

Here is a script causing the problem:

<?
class Test {
   var $a;
}
session_start();
var_dump($_SESSION);
echo "session started";
$x = new Test;
session_register('x');
var_dump($_SESSION);
?>

session data looks like this:
x|O:4:"test":1:{s:1:"a";N;}


Here is a gdb backtrace

(gdb) bt
#0  0x8170b51 in ?? () at eval.c:88
#1  0x40385c10 in _object_init_ex (arg=0x8171204,
class_type=0x817bdac,
    tsrm_ls=0x812fe38) at /usr/src/x-apache/php4/Zend/zend_API.c:610
#2  0x40332b8e in php_var_unserialize (rval=0xbfffd898, p=0xbfffd89c,
    max=0x817790f "", var_hash=0xbfffd8a0, tsrm_ls=0x812fe38)
    at var_unserializer.re:196
#3  0x402dae00 in ps_srlzr_decode_php (
    val=0x81778f4 "x|O:4:\"test\":1:{s:1:\"a\";N;}", vallen=27,
    tsrm_ls=0x812fe38) at
/usr/src/x-apache/php4/ext/session/session.c:412
#4  0x402db131 in php_session_decode (
    val=0x81778f4 "x|O:4:\"test\":1:{s:1:\"a\";N;}", vallen=27,
    tsrm_ls=0x812fe38) at
/usr/src/x-apache/php4/ext/session/session.c:462
#5  0x402db454 in php_session_initialize (tsrm_ls=0x812fe38)
    at /usr/src/x-apache/php4/ext/session/session.c:542
#6  0x402dc6b6 in php_session_start (tsrm_ls=0x812fe38)
    at /usr/src/x-apache/php4/ext/session/session.c:898
#7  0x402de23c in zif_session_start (ht=0, return_value=0x8170b3c,
    this_ptr=0x0, return_value_used=0, tsrm_ls=0x812fe38)
    at /usr/src/x-apache/php4/ext/session/session.c:1324
#8  0x4039d6fe in execute (op_array=0x817788c, tsrm_ls=0x812fe38)
    at /usr/src/x-apache/php4/Zend/zend_execute.c:2107
#9  0x40384538 in zend_execute_scripts (type=8, tsrm_ls=0x812fe38,
retval=0x0,
    file_count=3) at /usr/src/x-apache/php4/Zend/zend.c:833
---Type <return> to continue, or q <return> to quit---
#10 0x40357e4f in php_execute_script (primary_file=0xbffff9b0,
    tsrm_ls=0x812fe38) at /usr/src/x-apache/php4/main/main.c:1376
#11 0x403a7313 in php_output_filter (f=0x8168020, bb=0x8168270)
    at /usr/src/x-apache/php4/sapi/apache2filter/sapi_apache2.c:405
#12 0x808282f in ap_pass_brigade (next=0x8168020, bb=0x8168118)
    at util_filter.c:534
#13 0x8088285 in default_handler (r=0x8166b98) at core.c:3249
#14 0x8079379 in ap_run_handler (r=0x8166b98) at config.c:193
#15 0x807978a in ap_invoke_handler (r=0x8166b98) at config.c:373
#16 0x806acb2 in ap_process_request (r=0x8166b98) at
http_request.c:261
#17 0x806762d in ap_process_http_connection (c=0x8162448) at
http_core.c:291
#18 0x80810ad in ap_run_process_connection (c=0x8162448) at
connection.c:85
#19 0x80812f3 in ap_process_connection (c=0x8162448, csd=0x8162378)
    at connection.c:207
#20 0x80781c8 in child_main (child_num_arg=0) at prefork.c:671
#21 0x807826b in make_child (s=0x812e400, slot=0) at prefork.c:711
#22 0x807833d in startup_children (number_to_start=5) at prefork.c:783
#23 0x807865a in ap_mpm_run (_pconf=0x80aee20, plog=0x80e6f00,
s=0x812e400)
    at prefork.c:999
#24 0x807cd49 in main (argc=2, argv=0xbffffbf4) at main.c:632
#25 0x40173f5c in __libc_start_main (main=0x807c744 <main>, argc=2,
    ubp_av=0xbffffbf4, init=0x805e73c <_init>, fini=0x8091a24 <_fini>,
    rtld_fini=0x4000ce30 <_dl_fini>, stack_end=0xbffffbec)

sorry, but no additional information about globals / arguments. 

Thank you.


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=17728&edit=1

Reply via email to