Create a gist now

Instantly share code, notes, and snippets.

PHP Bug in recursive unserialization
*.out
a.ser
<?
class A {
}
<?
class B {
}
#!/bin/sh
php serialize_autoload.php > before.out
php unserialize_autoload.php > after.out
echo "Original =========="
cat before.out
echo
echo "Unserialized ======"
cat after.out
echo
echo "Diff =============="
(diff -a before.out after.out && echo "Passed, no differences") ||
echo "FAILED ============"
<?php
require "setup.php";
$a = new A();
$b = new B();
$c = new B();
$a->b = $b;
$a->b1 = $b;
$a->c = $c;
$a->c1 = $c;
var_dump($a);
file_put_contents('a.ser', serialize($a));
<?php
function __autoload($name)
{
echo "in autoload: $name\n";
// This call causes the bug
unserialize('i:4;');
require "$name.php";
return true;
}
<?php
require 'setup.php';
var_dump(unserialize(file_get_contents("a.ser")));
@danielbeardsley
Owner

Reported a bug in PHP here: https://bugs.php.net/bug.php?id=62836

@danielbeardsley
Owner

And it got fixed here: php/php-src@0b23da1

This bug is fixed as of php 5.4.7

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment