mirror of
https://github.com/php/php-src.git
synced 2024-09-22 02:17:32 +00:00
Fixed bug #73154
The object that is being serialized may be destroyed during the execution of __sleep(), so operate on a copy instead.
This commit is contained in:
parent
1d6f9345bc
commit
be4ce98bdc
16
ext/standard/tests/serialize/bug73154.phpt
Normal file
16
ext/standard/tests/serialize/bug73154.phpt
Normal file
@ -0,0 +1,16 @@
|
||||
--TEST--
|
||||
Bug #73154: serialize object with __sleep function crash
|
||||
--FILE--
|
||||
<?php
|
||||
class a {
|
||||
public $a;
|
||||
public function __sleep() {
|
||||
$this->a=null;
|
||||
return array();
|
||||
}
|
||||
}
|
||||
$s = 'a:1:{i:0;O:1:"a":1:{s:1:"a";R:2;}}';
|
||||
var_dump(serialize(unserialize($s)));
|
||||
?>
|
||||
--EXPECT--
|
||||
string(22) "a:1:{i:0;O:1:"a":0:{}}"
|
@ -862,9 +862,6 @@ again:
|
||||
return;
|
||||
|
||||
case IS_OBJECT: {
|
||||
zval retval;
|
||||
zval fname;
|
||||
int res;
|
||||
zend_class_entry *ce = Z_OBJCE_P(struc);
|
||||
|
||||
if (ce->serialize != NULL) {
|
||||
@ -893,32 +890,39 @@ again:
|
||||
}
|
||||
|
||||
if (ce != PHP_IC_ENTRY && zend_hash_str_exists(&ce->function_table, "__sleep", sizeof("__sleep")-1)) {
|
||||
zval fname, tmp, retval;
|
||||
int res;
|
||||
|
||||
ZVAL_COPY(&tmp, struc);
|
||||
ZVAL_STRINGL(&fname, "__sleep", sizeof("__sleep") - 1);
|
||||
BG(serialize_lock)++;
|
||||
res = call_user_function_ex(CG(function_table), struc, &fname, &retval, 0, 0, 1, NULL);
|
||||
res = call_user_function_ex(CG(function_table), &tmp, &fname, &retval, 0, 0, 1, NULL);
|
||||
BG(serialize_lock)--;
|
||||
zval_dtor(&fname);
|
||||
|
||||
if (EG(exception)) {
|
||||
zval_ptr_dtor(&retval);
|
||||
zval_ptr_dtor(&tmp);
|
||||
return;
|
||||
}
|
||||
|
||||
if (res == SUCCESS) {
|
||||
if (Z_TYPE(retval) != IS_UNDEF) {
|
||||
if (HASH_OF(&retval)) {
|
||||
php_var_serialize_class(buf, struc, &retval, var_hash);
|
||||
php_var_serialize_class(buf, &tmp, &retval, var_hash);
|
||||
} else {
|
||||
php_error_docref(NULL, E_NOTICE, "__sleep should return an array only containing the names of instance-variables to serialize");
|
||||
/* we should still add element even if it's not OK,
|
||||
* since we already wrote the length of the array before */
|
||||
smart_str_appendl(buf,"N;", 2);
|
||||
}
|
||||
zval_ptr_dtor(&retval);
|
||||
}
|
||||
zval_ptr_dtor(&retval);
|
||||
zval_ptr_dtor(&tmp);
|
||||
return;
|
||||
}
|
||||
zval_ptr_dtor(&retval);
|
||||
zval_ptr_dtor(&tmp);
|
||||
}
|
||||
|
||||
/* fall-through */
|
||||
|
Loading…
Reference in New Issue
Block a user