From ef2b799a28f1fe94874726935e14b961aaaf74b0 Mon Sep 17 00:00:00 2001 From: Etienne Kneuss Date: Tue, 6 Oct 2009 13:34:56 +0000 Subject: [PATCH] Fix bug #49263 (Offset error when unserializing self-references in SplObjectStorage) --- ext/spl/spl_observer.c | 2 +- ext/spl/tests/bug49263.phpt | 54 +++++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 ext/spl/tests/bug49263.phpt diff --git a/ext/spl/spl_observer.c b/ext/spl/spl_observer.c index ee359057ae..a0c0c26543 100755 --- a/ext/spl/spl_observer.c +++ b/ext/spl/spl_observer.c @@ -622,7 +622,7 @@ SPL_METHOD(SplObjectStorage, unserialize) ++p; ALLOC_INIT_ZVAL(pcount); - if (!php_var_unserialize(&pcount, &p, s + buf_len, &var_hash TSRMLS_CC) || Z_TYPE_P(pcount) != IS_LONG) { + if (!php_var_unserialize(&pcount, &p, s + buf_len, NULL TSRMLS_CC) || Z_TYPE_P(pcount) != IS_LONG) { zval_ptr_dtor(&pcount); goto outexcept; } diff --git a/ext/spl/tests/bug49263.phpt b/ext/spl/tests/bug49263.phpt new file mode 100644 index 0000000000..14d0950f12 --- /dev/null +++ b/ext/spl/tests/bug49263.phpt @@ -0,0 +1,54 @@ +--TEST-- +SPL: SplObjectStorage serialization references +--SKIPIF-- + +--FILE-- +attach($o1, array('prev' => 2, 'next' => $o2)); +$s->attach($o2, array('prev' => $o1)); + +$ss = serialize($s); +unset($s,$o1,$o2); +echo $ss."\n"; +var_dump(unserialize($ss)); +?> +===DONE=== +--EXPECTF-- +C:16:"SplObjectStorage":113:{x:i:2;O:8:"stdClass":0:{},a:2:{s:4:"prev";i:2;s:4:"next";O:8:"stdClass":0:{}};r:4;,a:1:{s:4:"prev";r:1;};m:a:0:{}} +object(SplObjectStorage)#2 (1) { + ["storage":"SplObjectStorage":private]=> + array(2) { + ["%s"]=> + array(2) { + ["obj"]=> + object(stdClass)#1 (0) { + } + ["inf"]=> + array(2) { + ["prev"]=> + int(2) + ["next"]=> + object(stdClass)#3 (0) { + } + } + } + ["%s"]=> + array(2) { + ["obj"]=> + object(stdClass)#3 (0) { + } + ["inf"]=> + array(1) { + ["prev"]=> + object(stdClass)#1 (0) { + } + } + } + } +} +===DONE=== -- 2.40.0