Bug #53437 [Asn]: Crash when using unserialized DatePeriod instance

2013-03-04 Thread ab 
Edit report at https://bugs.php.net/bug.php?id=53437edit=1

 ID: 53437
 Updated by: a...@php.net
 Reported by:from dot php dot net at brainbox dot cz
 Summary:Crash when using unserialized DatePeriod instance
 Status: Assigned
 Type:   Bug
 Package:Date/time related
 Operating System:   Windows XP SP3
 PHP Version:5.3.3
 Assigned To:derick
 Block user comment: N
 Private report: N

 New Comment:

Here's the corresponding BT on windows,

 php5.dll!timelib_time_clone(timelib_time * orig) Line 52C
 php5.dll!date_period_it_rewind(_zend_object_iterator * iter) Line 1910C
 php5.dll!ZEND_FE_RESET_SPEC_CV_HANDLER(_zend_execute_data * execute_data) Line 
22777C
 php5.dll!execute(_zend_op_array * op_array) Line 107C
 php5.dll!zend_execute_scripts(int type, _zval_struct * * retval, int 
file_count, ...) Line 1259C
 php5.dll!php_execute_script(_zend_file_handle * primary_file) Line 2316C
 php.exe!00b3246e()Unknown
 [Frames below may be incorrect and/or missing, no symbols loaded for php.exe]
 ntdll.dll!_RtlpHeapFindListLookupEntry@20()Unknown
 ntdll.dll!_RtlpFindEntry@8()Unknown
 024d2608()Unknown
 msvcr90.dll!__getptd_noexit()Unknown
 msvcr90.dll!__getptd()Unknown
 msvcr90.dll!_LocaleUpdate::_LocaleUpdate(struct localeinfo_struct *)Unknown
 msvcr90.dll!__ismbcalpha()Unknown
 msvcr90.dll!__ismbblead()Unknown
 msvcr90.dll!__lock()Unknown
 msvcr90.dll!__setargv()Unknown
 msvcr90.dll!___getmainargs()Unknown
 php.exe!00b32ca6()Unknown
 php.exe!00b32dca()Unknown
 kernel32.dll!@BaseThreadInitThunk@12()Unknown
 ntdll.dll!___RtlUserThreadStart@8()Unknown
 ntdll.dll!__RtlUserThreadStart@8()Unknown


Previous Comments:

[2011-12-21 15:10:35] tony2...@php.net

@Cataphrac (the Date(Period|Interval) serialization patch is here btw: 
http://nebm.ist.utl.pt/~glopes/misc/date_period_interval_ser.diff )


[2011-12-06 06:07:24] der...@php.net

Automatic comment from SVN on behalf of derick
Revision: http://svn.php.net/viewvc/?view=revisionamp;revision=320479
Log: - Added a test case for #53437.


[2011-01-09 06:00:35] cataphr...@php.net

Reassigning to Derick, as the patch I've written is under his consideration.


[2010-12-01 21:50:03] fel...@php.net

Duplicated of #52113


[2010-12-01 17:15:05] from dot php dot net at brainbox dot cz

Description:

DatePeriod class does not have the serialization/unserialization logic 
implemented. Therefore, when unserialized instance is used, script crashes.

This is result of serializing the DatePeriod instance:
O:10:DatePeriod:0:{}

unserialize() wents fine as well, but when I call foreach() on unserialized 
instance, the script crashes.

Test script:
---
$dp = new DatePeriod(new DateTime('2010-01-01 UTC'), new DateInterval('P1D'), 
2);

echo Original:\r\n;
foreach($dp as $dt) {
echo $dt-format('Y-m-d H:i:s').\r\n;
}
echo \r\n;

$ser = serialize($dp); // $ser is: O:10:DatePeriod:0:{}

// Create dangerous instance
$dpu = unserialize($ser); // $dpu has invalid values…

echo Unserialized:\r\n;
// …which leads to CRASH:
foreach($dpu as $dt) {
echo $dt-format('Y-m-d H:i:s').\r\n;
}

Expected result:

Original:
2010-01-01 00:00:00
2010-01-02 00:00:00
2010-01-03 00:00:00

Unserialized:
2010-01-01 00:00:00
2010-01-02 00:00:00
2010-01-03 00:00:00


Actual result:
--
PHP crashes on the unserialize line.






-- 
Edit this bug report at https://bugs.php.net/bug.php?id=53437edit=1

Bug #53437 [Asn]: Crash when using unserialized DatePeriod instance

2011-12-21 Thread tony2001 
Edit report at https://bugs.php.net/bug.php?id=53437edit=1

 ID: 53437
 Updated by: tony2...@php.net
 Reported by:from dot php dot net at brainbox dot cz
 Summary:Crash when using unserialized DatePeriod instance
 Status: Assigned
 Type:   Bug
 Package:Date/time related
 Operating System:   Windows XP SP3
 PHP Version:5.3.3
 Assigned To:derick
 Block user comment: N
 Private report: N

 New Comment:

@Cataphrac (the Date(Period|Interval) serialization patch is here btw: 
http://nebm.ist.utl.pt/~glopes/misc/date_period_interval_ser.diff )


Previous Comments:

[2011-12-06 06:07:24] der...@php.net

Automatic comment from SVN on behalf of derick
Revision: http://svn.php.net/viewvc/?view=revisionamp;revision=320479
Log: - Added a test case for #53437.


[2011-01-09 06:00:35] cataphr...@php.net

Reassigning to Derick, as the patch I've written is under his consideration.


[2010-12-01 21:50:03] fel...@php.net

Duplicated of #52113


[2010-12-01 17:15:05] from dot php dot net at brainbox dot cz

Description:

DatePeriod class does not have the serialization/unserialization logic 
implemented. Therefore, when unserialized instance is used, script crashes.

This is result of serializing the DatePeriod instance:
O:10:DatePeriod:0:{}

unserialize() wents fine as well, but when I call foreach() on unserialized 
instance, the script crashes.

Test script:
---
$dp = new DatePeriod(new DateTime('2010-01-01 UTC'), new DateInterval('P1D'), 
2);

echo Original:\r\n;
foreach($dp as $dt) {
echo $dt-format('Y-m-d H:i:s').\r\n;
}
echo \r\n;

$ser = serialize($dp); // $ser is: O:10:DatePeriod:0:{}

// Create dangerous instance
$dpu = unserialize($ser); // $dpu has invalid values…

echo Unserialized:\r\n;
// …which leads to CRASH:
foreach($dpu as $dt) {
echo $dt-format('Y-m-d H:i:s').\r\n;
}

Expected result:

Original:
2010-01-01 00:00:00
2010-01-02 00:00:00
2010-01-03 00:00:00

Unserialized:
2010-01-01 00:00:00
2010-01-02 00:00:00
2010-01-03 00:00:00


Actual result:
--
PHP crashes on the unserialize line.






-- 
Edit this bug report at https://bugs.php.net/bug.php?id=53437edit=1

Bug #53437 [Asn]: Crash when using unserialized DatePeriod instance

2011-01-08 Thread cataphract 
Edit report at http://bugs.php.net/bug.php?id=53437edit=1

 ID: 53437
 Updated by: cataphr...@php.net
 Reported by:from dot php dot net at brainbox dot cz
 Summary:Crash when using unserialized DatePeriod instance
 Status: Assigned
 Type:   Bug
 Package:Date/time related
 Operating System:   Windows XP SP3
 PHP Version:5.3.3
-Assigned To:cataphract
+Assigned To:derick
 Block user comment: N
 Private report: N

 New Comment:

Reassigning to Derick, as the patch I've written is under his
consideration.


Previous Comments:

[2010-12-01 21:50:03] fel...@php.net

Duplicated of #52113


[2010-12-01 17:15:05] from dot php dot net at brainbox dot cz

Description:

DatePeriod class does not have the serialization/unserialization logic
implemented. Therefore, when unserialized instance is used, script
crashes.



This is result of serializing the DatePeriod instance:

O:10:DatePeriod:0:{}



unserialize() wents fine as well, but when I call foreach() on
unserialized instance, the script crashes.

Test script:
---
$dp = new DatePeriod(new DateTime('2010-01-01 UTC'), new
DateInterval('P1D'), 2);



echo Original:\r\n;

foreach($dp as $dt) {

echo $dt-format('Y-m-d H:i:s').\r\n;

}

echo \r\n;



$ser = serialize($dp); // $ser is: O:10:DatePeriod:0:{}



// Create dangerous instance

$dpu = unserialize($ser); // $dpu has invalid values…



echo Unserialized:\r\n;

// …which leads to CRASH:

foreach($dpu as $dt) {

echo $dt-format('Y-m-d H:i:s').\r\n;

}

Expected result:

Original:

2010-01-01 00:00:00

2010-01-02 00:00:00

2010-01-03 00:00:00



Unserialized:

2010-01-01 00:00:00

2010-01-02 00:00:00

2010-01-03 00:00:00



Actual result:
--
PHP crashes on the unserialize line.






-- 
Edit this bug report at http://bugs.php.net/bug.php?id=53437edit=1

Bug #53437 [Asn]: Crash when using unserialized DatePeriod instance

2010-12-01 Thread felipe 
Edit report at http://bugs.php.net/bug.php?id=53437edit=1

 ID: 53437
 Updated by: fel...@php.net
 Reported by:from dot php dot net at brainbox dot cz
 Summary:Crash when using unserialized DatePeriod instance
 Status: Assigned
 Type:   Bug
 Package:Date/time related
 Operating System:   Windows XP SP3
 PHP Version:5.3.3
 Assigned To:cataphract
 Block user comment: N
 Private report: N

 New Comment:

Duplicated of #52113


Previous Comments:

[2010-12-01 17:15:05] from dot php dot net at brainbox dot cz

Description:

DatePeriod class does not have the serialization/unserialization logic
implemented. Therefore, when unserialized instance is used, script
crashes.



This is result of serializing the DatePeriod instance:

O:10:DatePeriod:0:{}



unserialize() wents fine as well, but when I call foreach() on
unserialized instance, the script crashes.

Test script:
---
$dp = new DatePeriod(new DateTime('2010-01-01 UTC'), new
DateInterval('P1D'), 2);



echo Original:\r\n;

foreach($dp as $dt) {

echo $dt-format('Y-m-d H:i:s').\r\n;

}

echo \r\n;



$ser = serialize($dp); // $ser is: O:10:DatePeriod:0:{}



// Create dangerous instance

$dpu = unserialize($ser); // $dpu has invalid values…



echo Unserialized:\r\n;

// …which leads to CRASH:

foreach($dpu as $dt) {

echo $dt-format('Y-m-d H:i:s').\r\n;

}

Expected result:

Original:

2010-01-01 00:00:00

2010-01-02 00:00:00

2010-01-03 00:00:00



Unserialized:

2010-01-01 00:00:00

2010-01-02 00:00:00

2010-01-03 00:00:00



Actual result:
--
PHP crashes on the unserialize line.






-- 
Edit this bug report at http://bugs.php.net/bug.php?id=53437edit=1