Edit report at https://bugs.php.net/bug.php?id=63481&edit=1
ID: 63481
Updated by: m...@php.net
Reported by: aurelijus at astdev dot lt
Summary: Segmentation fault caused by unserialize()
Status: Assigned
Type: Bug
Package: Reproducible crash
Operating System: RHEL 6 & Mac OS X 10.7.4
PHP Version: 5.4.8
Assigned To: mike
Block user comment: N
Private report: N
New Comment:
Yep, avoiding parent::serialize() helps:
diff --git a/serialize.php b/serialize.php
index 14ae4c8..4def326 100644
--- a/serialize.php
+++ b/serialize.php
@@ -58,13 +58,12 @@ class UsernamePasswordToken extends AbstractToken {
public function serialize()
{
- return serialize(array($this->credentials, $this->providerKey,
parent::serialize()));
+ return serialize(array($this->credentials, $this->providerKey, $this-
>roles));
}
public function unserialize($str)
{
- list($this->credentials, $this->providerKey, $parentStr) =
unserialize($str);
- parent::unserialize($parentStr);
+ list($this->credentials, $this->providerKey, $this->roles) =
unserialize($str);
}
}
Previous Comments:
------------------------------------------------------------------------
[2013-02-06 09:54:10] m...@php.net
Looks like an excellent test case.
I suspect the problem is calling parent::(un)serialize() within a
(un)serialize()
callback.
I'll try to find out.
------------------------------------------------------------------------
[2013-02-05 12:00:29] aurelijus at astdev dot lt
Hi,
Here is a reproducible serialization/unserialization code
https://gist.github.com/aurelijus/4713758
------------------------------------------------------------------------
[2012-11-12 12:29:29] aurelijus at astdev dot lt
It might have been another php process, it might have been the same.
1. generate $object.
2. serialize $object.
3. save $string in php session (under /tmp)
/* might be different process from here, it did not really matter,
segmenatation
fault happend in both cases */
4. get $string from session
5. dumped to a file for debugging (optional)
6. unserialize($string)
7. segmenatation fault.
------------------------------------------------------------------------
[2012-11-12 02:51:46] larue...@php.net
did you generated the "serialize data" by two PHP process?
like:
1. serializer($xxx) then write to a temporary file like /tmp/xxx.txt
2. then in another PHP script,
$data[2]= file_get_contents("/tmp/xxx.txt");
then you got your serialization data by:
$result = serialize($data); ?
thanks
------------------------------------------------------------------------
[2012-11-11 16:52:42] aurelijus at astdev dot lt
Getting serialization code might be complicated, cause it's mostly 3rd pary
framework code + DB, but I'll try.
String was generated with 5.4.8.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
https://bugs.php.net/bug.php?id=63481
--
Edit this bug report at https://bugs.php.net/bug.php?id=63481&edit=1
