Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
PHP Bug in recursive unserialization
*.out
a.ser
<?
class A {
}
<?
class B {
}
#!/bin/sh
php serialize_autoload.php > before.out
php unserialize_autoload.php > after.out
echo "Original =========="
cat before.out
echo
echo "Unserialized ======"
cat after.out
echo
echo "Diff =============="
(diff -a before.out after.out && echo "Passed, no differences") ||
echo "FAILED ============"
<?php
require "setup.php";
$a = new A();
$b = new B();
$c = new B();
$a->b = $b;
$a->b1 = $b;
$a->c = $c;
$a->c1 = $c;
var_dump($a);
file_put_contents('a.ser', serialize($a));
<?php
function __autoload($name)
{
echo "in autoload: $name\n";
// This call causes the bug
unserialize('i:4;');
require "$name.php";
return true;
}
<?php
require 'setup.php';
var_dump(unserialize(file_get_contents("a.ser")));
@danielbeardsley

This comment has been minimized.

Copy link
Owner Author

danielbeardsley commented Aug 16, 2012

Reported a bug in PHP here: https://bugs.php.net/bug.php?id=62836

@danielbeardsley

This comment has been minimized.

Copy link
Owner Author

danielbeardsley commented Sep 14, 2012

And it got fixed here: php/php-src@0b23da1

This bug is fixed as of php 5.4.7

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.