ID: 15220
Updated by: sander
Reported By: [EMAIL PROTECTED]
Old Status: Open
Status: Feedback
Bug Type: Unknown/Other Function
Operating System: Linux
PHP Version: 4.1.1
New Comment:
I ran the two following scripts, to generate 100MB of random data, and
pass it through serialize/unserialize. diff told me both output files
were exactly the same.
<?php
$max = 1024*1024*100;
$f = fopen("./rnd-data", "w");
for($i=0; $i<$max; $i++) {
fputs($f, chr(rand(0,255)));
}
fclose($f);
?>
<?php
$f = fopen('./rnd-data', 'r');
$data = fread($f, 1024*1024*100+1);
fclose($f);
$f = fopen('./rnd-output', 'w');
fputs($f, unserialize(serialize($data)));
fclose($f);
?>
Are you sure the data gets stored and retrieved correctly?
(btw tested with 4.1.1 on Debian (Sid) Linux)
Previous Comments:
------------------------------------------------------------------------
[2002-01-25 12:47:28] [EMAIL PROTECTED]
I use this script :
<?
require($_SERVER["DOCUMENT_ROOT"]."/lib/db.phtml");
function error_control ($errno, $errstr, $errfile, $errline) {
$errortype = array (
1 => "Error",
2 => "Warning",
4 => "Parsing Error",
8 => "Notice",
16 => "Core Error",
32 => "Core Warning",
64 => "Compile Error",
128 => "Compile Warning",
256 => "User Error",
512 => "User Warning",
1024 => "User Notice"
);
//
print("<BR>".$errortype[intval($errno)]." : ".$errstr."<BR>File :
".$errfile."<BR>Line : ".$errline);
}
error_reporting(E_ALL);
$error_handler = set_error_handler("error_control");
print("<TABLE BORDER=\"1\">\n");
$SQL = "SELECT id, error_data FROM unserialize";
$RS = mysql_query($SQL, db_conn);
while ($RSarray = mysql_fetch_row($RS)) {
unserialize($RSarray[1]);
print("<TR>");
print("<TD>".$RSarray[0]."</TD>");
print("<TD>".$RSarray[1]."</TD>");
print("</TR>\n");
}
print("</TABLE>\n");
?>
------------------------------------------------------------------------
[2002-01-25 12:38:42] [EMAIL PROTECTED]
I can provide the data that failed here :
http://www.eksperten.dk/bug.phtml
Is that ok, otherwise let me know !
------------------------------------------------------------------------
[2002-01-25 11:54:03] [EMAIL PROTECTED]
Can you supply some (malicious) sample data (in- and output of
(un)serialize) along with a simple samplescript?
------------------------------------------------------------------------
[2002-01-25 05:36:03] [EMAIL PROTECTED]
I use this @ www.eksperten.dk
Let me know if I can help with anything !
------------------------------------------------------------------------
[2002-01-25 05:33:47] [EMAIL PROTECTED]
I have a function that stores MySQL result arrays or my own arrays in a
MySQL database.
Often I get an error like "unserialize() failed at offset 1717 of 3658
bytes".
I believe this is a bug in Php as it does not happen always.
My function :
function sql_cache ($query, $timeout = 90, $result = "") {
if ($timeout >= 0) {
$SQL = "SELECT result FROM sql_cache WHERE qkey =
'".md5($query)."'
AND valid = 1";
if ($timeout) {
$SQL .= " AND timestamp >= ".(time() - $timeout);
}
$SQL .= " LIMIT 1";
if ($RS = mysql_query($SQL, db_conn)) {
if ($RSarray = mysql_fetch_row($RS)) {
mysql_free_result($RS);
$return = unserialize($RSarray[0]);
if (is_array($return)) {
return $return;
} elseif (is_string($return)) {
return $return;
} else {
//print(gettype($return));
return false;
}
}
}
} else {
$SQL = "REPLACE LOW_PRIORITY sql_cache SET qkey =
'".md5($query)."',
result = '".serialize($result)."', timestamp = ".time().", query =
'".addslashes($query)."'";
mysql_unbuffered_query($SQL, db_conn);
}
return false;
}
My MySQL table :
CREATE TABLE sql_cache (
qkey varchar(32) NOT NULL default '',
valid tinyint(1) unsigned NOT NULL default '1',
timestamp int(10) unsigned NOT NULL default '0',
result blob NOT NULL,
query text NOT NULL,
PRIMARY KEY (qkey)
) TYPE=MyISAM;
------------------------------------------------------------------------
Edit this bug report at http://bugs.php.net/?id=15220&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
