You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Oct 14, 2023. It is now read-only.
=====================================================================
FAILED TEST SUMMARY
---------------------------------------------------------------------
b0rked random data test [tests/igbinary_040.phpt]
=====================================================================
$ cat tests/igbinary_040.out
000000020a4284d884
int(1116002436)
The text was updated successfully, but these errors were encountered:
I'm aware of this issue. It affects all php7 versions. The test attempts to unserialize randomly generated byte stream of various lengths, and fails spuriously because the seed isn't constant.
There's probably some error handling code, cleanup, etc. that needs to be done differently in php7.
I'll investigate this when I have time.
Feel free to post minimal examples of random byte streams which crash igbinary_unserialize call(s)
TysonAndre
changed the title
Failed test with PHP 7.1.x
Failed test with PHP 7.x : unserializing random byte strings
Jul 25, 2016
With debugging enabled, this fails. I assume that it would also fail for a cyclic object with garbage data or an exception thrown in a custom unserialize(). I probably need to increment the refcount of the top level array/object node before unserializing it, then, if successful, decrement the refcount of the top level array/object without calling the destructor
There's other bugs as well (e.g. corrupt data with duplicate keys)
// 14 02 (REF0) (Array of length 2)// 11 03 6b656b string(3) "kek" =>// 0100 (copy of REF0, possibly should be forbidden if REF0 is a parent and non-references are between them)// 6c (unknown key type)$serialized = "\x00\x00\x00\x02\x14\x02\x11\x03\x6b\x65\x6b\x01\x00\x6c";
$x = igbinary_unserialize($serialized);
This fails a zend assertion in the garbage collector, because it had a refcount of one (From adding itself to an array), but was destroyed twice.
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
With PHP 7.1.0beta1
The text was updated successfully, but these errors were encountered: