Edit report at https://bugs.php.net/bug.php?id=62852&edit=1
ID: 62852 Comment by: re...@php.net Reported by: kasper at webmasteren dot eu Summary: Unserialize Invalid Date causes crash Status: Closed Type: Bug Package: Reproducible crash Operating System: windows, linux PHP Version: Irrelevant Assigned To: laruence Block user comment: N Private report: N New Comment: Yeah, the segfault is bad. but the test script is wired, why do you want to refer to it before wakeup? When construct the DateTime if invalid date it throw exception, so when unserialize from an invalid date throw exception is reasonable. Previous Comments: ------------------------------------------------------------------------ [2012-09-15 03:33:26] larue...@php.net Automatic comment on behalf of laruence Revision: http://git.php.net/?p=php-src.git;a=commit;h=e766f85405cd936a07a30a045f419199b6c02ed7 Log: Revert "Fixed bug #62852 (Unserialize invalid DateTime causes crash)" ------------------------------------------------------------------------ [2012-09-15 03:32:53] larue...@php.net Automatic comment on behalf of laruence Revision: http://git.php.net/?p=php-src.git;a=commit;h=e766f85405cd936a07a30a045f419199b6c02ed7 Log: Revert "Fixed bug #62852 (Unserialize invalid DateTime causes crash)" ------------------------------------------------------------------------ [2012-09-15 03:30:56] larue...@php.net @tstarling okey, I reverted. and make the test XFAIL for now, we should fix this in another way. ------------------------------------------------------------------------ [2012-09-15 03:30:07] larue...@php.net Automatic comment on behalf of laruence Revision: http://git.php.net/?p=php-src.git;a=commit;h=e766f85405cd936a07a30a045f419199b6c02ed7 Log: Revert "Fixed bug #62852 (Unserialize invalid DateTime causes crash)" ------------------------------------------------------------------------ [2012-09-14 21:22:38] tstarl...@php.net The suggested patch does not fix the bug. Throwing an exception does not ensure destruction of the object. For example, you can override __wakeup() in a derived class and put a reference to the half-initialised object in a global value before calling DateTime::__wakeup(). Full test case at http://tstarling.com/stuff/bad-date.phps It segfaults for me on today's git master. It looks to me like either dateobj->time should be fully initialised, or it should be set back to NULL so that DATE_CHECK_INITIALIZED() etc. will guard accesses. In my opinion, throwing an exception from unserialize() is an unnecessary b/c break and should be reverted. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=62852 -- Edit this bug report at https://bugs.php.net/bug.php?id=62852&edit=1
