When ArrayObject is round-tripped through serialize() and unserialize(),
it forgets any iterator class name which was set using ::setIteratorClass().
Fix that.
var_dump() is debugging functionality, so it should print
floating-point numbers accurately. We do this by switching
to serialize_precision, which (by default) will print with
as much precision as necessary to preserve the exact value
of the float.
This also affects debug_zval_dump().
Closes GH-5172.
Previously this generated a notice, but would likely generate an
Error when unserializing.
Now we treat it with the same distinction as direct property
accesses, i.e. referencing an unset/undefined normal property
stays a notice, while a typed property becomes an Error exception.
This fixed bug #79002.
Closes GH-5050.
Instead of populating a hashtable of property names and then
directly serializing.
This has the advantage of a) detecting duplicate properties more
precisely and b) gives us the ability to discard values without
rewriting the serialization string after the fact for GH-5027.
This reverts commit b8ef7c35ab.
See bug #79031. The semantics of serialize locking aren't quite
correct right now, and the use of the lock in this particular
place makes us hit the issue in a common case. I'm reverting this
commit for PHP 7.4 and will try to fix this properly for PHP 8,
as I believe it will require ABI breakage.
We also change `Generator::throw()` to expect a `Throwable` in the
first place, and we now throw a TypeError instead of returning `false`
from `Exception::getTraceAsString()`.
The default depth is large enough to cause stack overflows in
msan builds, though apparently only on old clang versions. Avoiding
a stack overflow there requires making the depth *much* smaller,
less than 1000. As I don't think that's reasonable for all the other
setups where 4k works fine, I'm just dropping this part of the test.
Add a max_depth option to unserialize and an unserialize_max_depth
ini setting, which can be used to control the depth limit. The
default value is 4096.
This option is intended to prevent stack overflows during the
unserialization of deeply nested structures.
This fixes bug #78549 and addresses oss-fuzz #17581, #17589, #17664,
and #17788.
If count is ZEND_LONG_MIN the count-- loop underflows. This is
ultimately harmless, but results in a ubsan warning.
Fix this by adding a sanity check that the count isn't negative,
because that doesn't make sense...
This fixes two issues:
* Negative the value in an unsigned type to avoid signed overflow.
* Treat -0 as 0 rather than an invalid number that gets converted
to ZEND_LONG_MIN.
When storing two temporary variables for delayed __unserialize() calls,
we have to make sure that both fit into the same linked list element.
To that end we introduce the internal API `tmp_var` which allows to
reserve `num` slots in the same list element.
We also fix the `var_dtor_entries` struct definition to use the proper
size, namely `VAR_DTOR_ENTRIES_MAX`.
Nikita Popov