ID: 49374 Updated by: [email protected] Reported By: wmeler at wp-sa dot pl -Status: Open +Status: Feedback Bug Type: Scripting Engine problem Operating System: * PHP Version: 5.3.0 New Comment:
How about an example script to reproduce this and the patch? Why do we need to ask for the patch separately anyway? Just show the patch or don't. Don't "ask to ask". Previous Comments: ------------------------------------------------------------------------ [2009-08-26 14:01:30] wmeler at wp-sa dot pl Description: ------------ Serialization relies on perfect hashing (without collisions) of variables in ext/standard/var.c - php_add_var_hash. Collision result in random reference to previously serialized variable. It is possible to happen because hash function used for objects is not perfect one - for two objects of different classes it is possible to get the same hash result. I've just fixed the same problem in 4.x where collisions were more frequent because of use of HANDLE_NUMERIC in zend_hash_add and zend_hash_next_index_insert. Problem is extremely hard to reproduce and debug because of pointer value sensitivity, while easy to fix. Instead of single smart_str_print_long(hash) we could use concatenation - two calls - smart_str_print_long(Z_OBJCE_P(var);smart_str_print_long(Z_OBJ_HANDLE_P(var)) - or even faster version with binary memcpy of two pointers without 'O' prefix. If you wan't to I can provide this simple patch for 5.3.0. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=49374&edit=1
