From: Etienne Kneuss Date: Tue, 6 Oct 2009 13:34:56 +0000 (+0000) Subject: Fix bug #49263 (Offset error when unserializing self-references in SplObjectStorage) X-Git-Tag: php-5.4.0alpha1~191^2~2540 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=61fd248432b9616b79bb226b81cb337a6059c280;p=php Fix bug #49263 (Offset error when unserializing self-references in SplObjectStorage) --- diff --git a/ext/spl/spl_observer.c b/ext/spl/spl_observer.c index b3f2e5531e..1ec3771862 100755 --- a/ext/spl/spl_observer.c +++ b/ext/spl/spl_observer.c @@ -625,7 +625,7 @@ SPL_METHOD(SplObjectStorage, unserialize) ++p; ALLOC_INIT_ZVAL(pcount); - if (!php_var_unserialize(&pcount, &p, s + buf_len, &var_hash TSRMLS_CC) || Z_TYPE_P(pcount) != IS_LONG) { + if (!php_var_unserialize(&pcount, &p, s + buf_len, NULL TSRMLS_CC) || Z_TYPE_P(pcount) != IS_LONG) { zval_ptr_dtor(&pcount); goto outexcept; } diff --git a/ext/spl/tests/bug49263.phpt b/ext/spl/tests/bug49263.phpt new file mode 100644 index 0000000000..394fe9c4e7 --- /dev/null +++ b/ext/spl/tests/bug49263.phpt @@ -0,0 +1,54 @@ +--TEST-- +SPL: SplObjectStorage serialization references +--SKIPIF-- + +--FILE-- +attach($o1, array('prev' => 2, 'next' => $o2)); +$s->attach($o2, array('prev' => $o1)); + +$ss = serialize($s); +unset($s,$o1,$o2); +echo $ss."\n"; +var_dump(unserialize($ss)); +?> +===DONE=== +--EXPECTF-- +C:16:"SplObjectStorage":113:{x:i:2;O:8:"stdClass":0:{},a:2:{U:4:"prev";i:2;U:4:"next";O:8:"stdClass":0:{}};r:4;,a:1:{U:4:"prev";r:1;};m:a:0:{}} +object(SplObjectStorage)#2 (1) { + [u"storage":u"SplObjectStorage":private]=> + array(2) { + ["%s"]=> + array(2) { + ["obj"]=> + object(stdClass)#1 (0) { + } + ["inf"]=> + array(2) { + [u"prev"]=> + int(2) + [u"next"]=> + object(stdClass)#3 (0) { + } + } + } + ["%s"]=> + array(2) { + ["obj"]=> + object(stdClass)#3 (0) { + } + ["inf"]=> + array(1) { + [u"prev"]=> + object(stdClass)#1 (0) { + } + } + } + } +} +===DONE===