Created

Embed URL

HTTPS clone URL

SSH clone URL

You can clone with HTTPS or SSH.

Download Gist

PHP Bug in recursive unserialization

View .gitignore
1 2 3 4 5 6 7 8 9 10 11 12
#!/bin/sh
php serialize_autoload.php > before.out
php unserialize_autoload.php > after.out
echo "Original =========="
cat before.out
echo
echo "Unserialized ======"
cat after.out
echo
echo "Diff =============="
(diff -a before.out after.out && echo "Passed, no differences") ||
echo "FAILED ============"
View .gitignore
1 2 3 4 5 6 7 8 9 10 11 12
<?php
require "setup.php";
$a = new A();
$b = new B();
$c = new B();
$a->b = $b;
$a->b1 = $b;
$a->c = $c;
$a->c1 = $c;
var_dump($a);
file_put_contents('a.ser', serialize($a));
View .gitignore
1 2 3 4 5 6 7 8 9
<?php
function __autoload($name)
{
echo "in autoload: $name\n";
// This call causes the bug
unserialize('i:4;');
require "$name.php";
return true;
}
View .gitignore
1 2 3 4
<?php
require 'setup.php';
var_dump(unserialize(file_get_contents("a.ser")));

Reported a bug in PHP here: https://bugs.php.net/bug.php?id=62836

And it got fixed here: https://github.com/php/php-src/commit/0b23da1c74c52a819b728c78c66c182511223355

This bug is fixed as of php 5.4.7

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.