Edit report at https://bugs.php.net/bug.php?id=63481&edit=1
ID: 63481 Comment by: arjen at react dot com Reported by: aurelijus at astdev dot lt Summary: Segmentation fault caused by unserialize() Status: Assigned Type: Bug Package: Reproducible crash Operating System: RHEL 6 & Mac OS X 10.7.4 PHP Version: 5.4.8 Assigned To: mike Block user comment: N Private report: N New Comment: I believe these are different issues, the backtrace is quite different. Got the following results using php-5.4.15 from php.net: Original report: https://gist.github.com/anonymous/5720457 Backtrace of https://gist.github.com/aurelijus/4713758: https://gist.github.com/anonymous/5720464 I tried reducing the original testcase, got a segfault but again the backtrace is quite different. Testscript http://3v4l.org/3WCpP (crashes >= 5.4.0) Backtrace at https://gist.github.com/anonymous/5720491 Should I create a seperate issue for it? Previous Comments: ------------------------------------------------------------------------ [2013-03-08 15:44:18] zach dot quintana at gmail dot com I'm also experiencing a similar bug, but will unserializing a class that doesn't implement serializable. Need the code? ------------------------------------------------------------------------ [2013-02-06 10:07:49] m...@php.net Yep, avoiding parent::serialize() helps: diff --git a/serialize.php b/serialize.php index 14ae4c8..4def326 100644 --- a/serialize.php +++ b/serialize.php @@ -58,13 +58,12 @@ class UsernamePasswordToken extends AbstractToken { public function serialize() { - return serialize(array($this->credentials, $this->providerKey, parent::serialize())); + return serialize(array($this->credentials, $this->providerKey, $this- >roles)); } public function unserialize($str) { - list($this->credentials, $this->providerKey, $parentStr) = unserialize($str); - parent::unserialize($parentStr); + list($this->credentials, $this->providerKey, $this->roles) = unserialize($str); } } ------------------------------------------------------------------------ [2013-02-06 09:54:10] m...@php.net Looks like an excellent test case. I suspect the problem is calling parent::(un)serialize() within a (un)serialize() callback. I'll try to find out. ------------------------------------------------------------------------ [2013-02-05 12:00:29] aurelijus at astdev dot lt Hi, Here is a reproducible serialization/unserialization code https://gist.github.com/aurelijus/4713758 ------------------------------------------------------------------------ [2012-11-12 12:29:29] aurelijus at astdev dot lt It might have been another php process, it might have been the same. 1. generate $object. 2. serialize $object. 3. save $string in php session (under /tmp) /* might be different process from here, it did not really matter, segmenatation fault happend in both cases */ 4. get $string from session 5. dumped to a file for debugging (optional) 6. unserialize($string) 7. segmenatation fault. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=63481 -- Edit this bug report at https://bugs.php.net/bug.php?id=63481&edit=1
