From: gopalv Operating system: Linux PHP version: trunk-SVN-2011-07-27 (SVN) Package: Class/Object related Bug Type: Bug Bug description:zend_class_unserialize_deny does not work
Description: ------------ Disabling unserialize() for a class does not work when object_common1 is hit In pecl/hidef trunk right now FrozenArray is marked with zend_class_unserialize_deny + ce.serialize = zend_class_serialize_deny; + ce.unserialize = zend_class_unserialize_deny; http://svn.php.net/viewvc/pecl/hidef/trunk/frozenarray.c?r1=311588&r2=313761 But the following code still fails to throw an exception (with hidef installed) I traced the code to #0 frozen_array_new (ce=0xe34790) at /home/gopalv/apc_debug/hidef54/frozenarray.c:185 #1 0x00000000006a035b in _object_and_properties_init (arg=0x7ffff7fc8a38, class_type=0xe34790, properties=0x0) at /home/gopalv/apc_debug/PHP_5_4/Zend/zend_API.c:1122 #2 0x0000000000621b87 in object_common1 (rval=<value optimized out>, p=<value optimized out>, max=<value optimized out>, var_hash=<value optimized out>, ce=0xe34790) at ext/standard/var_unserializer.re:371 #3 0x0000000000622b9e in php_var_unserialize (rval=0x7fffffffb828, p=0x7fffffffb838, max=0x7ffff7eb8203 "", var_hash=0x7fffffffb830) at ext/standard/var_unserializer.re:717 #4 0x000000000060dd03 in zif_unserialize (ht=<value optimized out>, return_value=0x7ffff7fc8a38, return_value_ptr=<value optimized out>, this_ptr=<value optimized out>, return_value_used=<value optimized out>) at /home/gopalv/apc_debug/PHP_5_4/ext/standard/var.c:942 Test script: --------------- <?php $s='O:11:"FrozenArray":3:{i:1;s:3:"xyz";i:2;s:3:"abc";i:0;s:5:"hello";}'; $a = unserialize($s); print_r($a); Expected result: ---------------- Fatal error: Uncaught exception 'Exception' with message 'Unserialization of 'FrozenArray' is not allowed' Actual result: -------------- FrozenArray Object ( ) -- Edit bug report at https://bugs.php.net/bug.php?id=55303&edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=55303&r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=55303&r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=55303&r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=55303&r=fixed Fixed in SVN and need be documented: https://bugs.php.net/fix.php?id=55303&r=needdocs Fixed in release: https://bugs.php.net/fix.php?id=55303&r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=55303&r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=55303&r=needscript Try newer version: https://bugs.php.net/fix.php?id=55303&r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=55303&r=support Expected behavior: https://bugs.php.net/fix.php?id=55303&r=notwrong Not enough info: https://bugs.php.net/fix.php?id=55303&r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=55303&r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=55303&r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=55303&r=php4 Daylight Savings: https://bugs.php.net/fix.php?id=55303&r=dst IIS Stability: https://bugs.php.net/fix.php?id=55303&r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=55303&r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=55303&r=float No Zend Extensions: https://bugs.php.net/fix.php?id=55303&r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=55303&r=mysqlcfg
