Skip to content

@danielbeardsley /.gitignore
Created

Embed URL

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
PHP Bug in recursive unserialization
*.out
a.ser
<?
class A {
}
<?
class B {
}
#!/bin/sh
php serialize_autoload.php > before.out
php unserialize_autoload.php > after.out
echo "Original =========="
cat before.out
echo
echo "Unserialized ======"
cat after.out
echo
echo "Diff =============="
(diff -a before.out after.out && echo "Passed, no differences") ||
echo "FAILED ============"
<?php
require "setup.php";
$a = new A();
$b = new B();
$c = new B();
$a->b = $b;
$a->b1 = $b;
$a->c = $c;
$a->c1 = $c;
var_dump($a);
file_put_contents('a.ser', serialize($a));
<?php
function __autoload($name)
{
echo "in autoload: $name\n";
// This call causes the bug
unserialize('i:4;');
require "$name.php";
return true;
}
<?php
require 'setup.php';
var_dump(unserialize(file_get_contents("a.ser")));
@danielbeardsley

Reported a bug in PHP here: https://bugs.php.net/bug.php?id=62836

@danielbeardsley

And it got fixed here: php/php-src@0b23da1

This bug is fixed as of php 5.4.7

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.