Edit report at https://bugs.php.net/bug.php?id=62852&edit=1
ID: 62852 Updated by: a...@php.net Reported by: kasper at webmasteren dot eu Summary: Unserialize Invalid Date causes crash Status: Re-Opened Type: Bug Package: Reproducible crash Operating System: windows, linux PHP Version: Irrelevant Assigned To: laruence Block user comment: N Private report: N New Comment: Here's corresponding BT on windows: php5.dll!fetch_timezone_offset(timelib_tzinfo * tz, __int64 ts, __int64 * transition_time) Line 341C php5.dll!timelib_get_time_zone_info(__int64 ts, timelib_tzinfo * tz) Line 415C php5.dll!date_format(char * format, int format_len, timelib_time * t, int localtime) Line 1046C php5.dll!date_object_get_properties(_zval_struct * object) Line 2117C php5.dll!php_var_dump(_zval_struct * * struc, int level) Line 129C php5.dll!zif_var_dump(int ht, _zval_struct * return_value, _zval_struct * * return_value_ptr, _zval_struct * this_ptr, int return_value_used) Line 181C php5.dll!zend_do_fcall_common_helper_SPEC(_zend_execute_data * execute_data) Line 320C php5.dll!ZEND_DO_FCALL_SPEC_CONST_HANDLER(_zend_execute_data * execute_data) Line 1629C php5.dll!execute(_zend_op_array * op_array) Line 107C php5.dll!zend_execute_scripts(int type, _zval_struct * * retval, int file_count, ...) Line 1259C php5.dll!php_execute_script(_zend_file_handle * primary_file) Line 2316C php.exe!main(int argc, char * * argv) Line 1190C php.exe!__tmainCRTStartup() Line 586C kernel32.dll!@BaseThreadInitThunk@12 ()Unknown ntdll.dll!___RtlUserThreadStart@8 ()Unknown ntdll.dll!__RtlUserThreadStart@8 ()Unknown Previous Comments: ------------------------------------------------------------------------ [2012-09-16 03:53:29] larue...@php.net @reeze first: it's not about why he want to do this, like:"why do you want to unserialize a abnormal data?" and your new fix, will allow a incomplete date object in $foo, right? I don't this this fix is acceptable, the fix should warning about the wrong data, and result a NULL or FALSE. ------------------------------------------------------------------------ [2012-09-16 02:31:20] re...@php.net @laruence, What do you think about this, if you have any better solutions will be much appreciated :) ------------------------------------------------------------------------ [2012-09-16 02:23:42] re...@php.net @tstarling the partially initialize problem could be fixed by adding and exception checking. (the attache patch is a fix for this) As the exception throwing, I think it's not bc break, since before the fix, it will just crash, fix the crash is not bc break, and the use could define __walkup method, it may throw exception too, so I think throw exception won't make unserialize inconsistant. Just my 2 cents; ------------------------------------------------------------------------ [2012-09-16 02:18:49] re...@php.net The following patch has been added/updated: Patch Name: Fix-add-exception-checking Revision: 1347761929 URL: https://bugs.php.net/patch-display.php?bug=62852&patch=Fix-add-exception-checking&revision=1347761929 ------------------------------------------------------------------------ [2012-09-15 06:57:20] larue...@php.net closed by commit email, reopen ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=62852 -- Edit this bug report at https://bugs.php.net/bug.php?id=62852&edit=1
