From: [EMAIL PROTECTED]
Operating system: i686-pc-linux-gnu
PHP version: 4.0CVS-2001-11-16
PHP Bug Type: Variables related
Bug description: unserialize have problems with negative numbers
Hi,
i have detect two annoyingly bugs ;-) with serialize/unserialize.
The first bug indicate that unserialize can't work with negative
integer numbers.
The second problem brings php to crash! Unserialize
crash if you manipulate the count of expecting array
vars.
Bug 1:
<?php
// Results: 'Warning: unserialize() failed at offset 13 of 39 bytes'
// and an empty result string, but not false
// because $foo['a'] is -1
error_reporting(2047);
$foo['a']=(int)-1;
$foo['b']=(string)'Paris';
$bar=serialize($foo);
if ($bar!=false){
echo $bar;
$nop=unserialize($bar);
print_r($nop);
}
?>
---------------
Bug 2:
<?php
// Result: PHP crash, because the array number is smaller than serialized
string
error_reporting(2047);
$ser_string='a:1:{s:1:"a";i:1000;s:1:"b";s:5:"Paris";}';
// ^- actually 2
$unser_string=unserialize($ser_string);
?>
I have tried to make a bt, but gdb notify no fault.
In debug mode some of my script warns with this:
"Warning: String is not zero-terminated (source: ./zend_execute.c:449)"
but i think that is another problem.
--
Edit bug report at: http://bugs.php.net/?id=14082&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
