Edit report at https://bugs.php.net/bug.php?id=63481&edit=1
ID: 63481 Updated by: larue...@php.net Reported by: aurelijus at astdev dot lt Summary: Segmentation fault caused by unserialize() Status: Open Type: Bug Package: Reproducible crash Operating System: RHEL 6 & Mac OS X 10.7.4 PHP Version: 5.4.8 -Assigned To: +Assigned To: laruence Block user comment: N Private report: N New Comment: I can reproduce it. Previous Comments: ------------------------------------------------------------------------ [2012-11-10 16:28:22] aurelijus at astdev dot lt Serialized object: http://aurelijus.eu/string2.txt ------------------------------------------------------------------------ [2012-11-10 16:24:38] aurelijus at astdev dot lt Description: ------------ Hey, I can reproduce this on my local machine (Mac OS X 10.7.4) & our dev server (RHEL 6) with PHP 5.4.* (including 5.4.9RC1). With 5.3.* it's fine. We are trying to unserialize big \Serializable object and it causes the segmentation fault. Code example bellow. Serialized object that causes the issue is attached. PHP Configure: ./configure --prefix=/opt/local --mandir=/opt/local/share/man -- infodir=/opt/local/share/info --program-suffix=54d -- includedir=/opt/local/include/php54d --libdir=/opt/local/lib/php54d --with- config-file-path=/opt/local/etc/php54d --with-config-file-scan- dir=/opt/local/var/db/php54d --disable-all --enable-bcmath --enable-ctype -- enable-dom --enable-fileinfo --enable-filter --enable-hash --enable-json -- enable-libxml --enable-pdo --enable-phar --enable-session --enable-simplexml -- enable-tokenizer --enable-xml --enable-xmlreader --enable-xmlwriter --with- bz2=/opt/local --with-mhash=/opt/local --with-pcre-regex=/opt/local --with- libxml-dir=/opt/local --with-zlib=/opt/local --without-pear --disable-cgi -- disable-fpm --enable-cli --with-libedit=/opt/local --enable-debug Test script: --------------- <?php class Token implements \Serializable { public function serialize() {} public function unserialize($str) { $r = unserialize($str); unserialize($r[2]); } } $token = file_get_contents('string2.txt'); $obj = unserialize($token); ?> Expected result: ---------------- It should not cause segmentation fault. Actual result: -------------- Segmentation fault. Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0xffffffffffffffbf VM Regions Near 0xffffffffffffffbf: --> shared memory 00007fffffe00000-00007fffffe02000 [ 8K] r-x/r-x SM=SHM Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 php54d 0x000000010f75d994 zend_mm_check_ptr + 500 1 php54d 0x000000010f75feed _zend_mm_free_int + 109 2 php54d 0x000000010f761bed _efree + 125 3 php54d 0x000000010f7ea6eb zend_object_std_dtor + 283 4 php54d 0x000000010f7ead20 zend_objects_free_object_storage + 32 5 php54d 0x000000010f7f7dc5 zend_objects_store_free_object_storage + 325 6 php54d 0x000000010f78c977 shutdown_executor + 1335 7 php54d 0x000000010f7a9d1a zend_deactivate + 122 8 php54d 0x000000010f6eb681 php_request_shutdown + 1009 9 php54d 0x000000010f9834c8 do_cli + 7288 10 php54d 0x000000010f984415 main + 3461 11 php54d 0x000000010f3de304 start + 52 ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=63481&edit=1
