php · TimWolla · Nov 15, 2022 · Sep 28, 2022 · Sep 28, 2022 · Sep 28, 2022
diff --git a/NEWS b/NEWS
@@ -61,6 +61,9 @@ PHP                                                                        NEWS
   . Added SKF_AD_QUEUE for cbpf filters. (David Carlier)
   . Added socket_atmark if send/recv needs using MSG_OOB. (David Carlier)
 
+- Standard:
+  . E_NOTICEs emitted by unserialized() have been promoted to E_WARNING. (timwolla)
+
 - Streams:
   . Fixed bug #51056: blocking fread() will block even if data is available.
     (Jakub Zelenka)

diff --git a/UPGRADING b/UPGRADING
@@ -47,6 +47,10 @@ PHP 8.3 UPGRADE NOTES
     "buffer_size" => int
     See GH-9336
 
+- Standard:
+  . E_NOTICEs emitted by unserialized() have been promoted to E_WARNING.
+    RFC: https://wiki.php.net/rfc/improve_unserialize_error_handling
+
 ========================================
 6. New Functions
 ========================================

diff --git a/Zend/tests/bug70253.phpt b/Zend/tests/bug70253.phpt
@@ -5,4 +5,4 @@ Bug #70253 (segfault at _efree () in zend_alloc.c:1389)
 unserialize('a:2:{i:0;O:9:"000000000":10000000');
 ?>
 --EXPECTF--
-Notice: unserialize(): Error at offset 33 of 33 bytes in %s on line %d
+Warning: unserialize(): Error at offset 33 of 33 bytes in %s on line %d
diff --git a/Zend/tests/enum/unserialize-const.phpt b/Zend/tests/enum/unserialize-const.phpt
@@ -14,5 +14,5 @@ var_dump(unserialize('E:7:"Foo:Baz";'));
 --EXPECTF--
 Warning: unserialize(): Foo::Baz is not an enum case in %s on line %d
 
-Notice: unserialize(): Error at offset 14 of 14 bytes in %s on line %d
+Warning: unserialize(): Error at offset 14 of 14 bytes in %s on line %d
 bool(false)
diff --git a/Zend/tests/enum/unserialize-missing-colon.phpt b/Zend/tests/enum/unserialize-missing-colon.phpt
@@ -13,5 +13,5 @@ var_dump(unserialize('E:6:"FooBar";'));
 --EXPECTF--
 Warning: unserialize(): Invalid enum name 'FooBar' (missing colon) in %s on line %d
 
-Notice: unserialize(): Error at offset 0 of 13 bytes in %s on line %d
+Warning: unserialize(): Error at offset 0 of 13 bytes in %s on line %d
 bool(false)
diff --git a/Zend/tests/enum/unserialize-non-enum.phpt b/Zend/tests/enum/unserialize-non-enum.phpt
@@ -11,5 +11,5 @@ var_dump(unserialize('E:7:"Foo:Bar";'));
 --EXPECTF--
 Warning: unserialize(): Class 'Foo' is not an enum in %s on line %d
 
-Notice: unserialize(): Error at offset 0 of 14 bytes in %s on line %d
+Warning: unserialize(): Error at offset 0 of 14 bytes in %s on line %d
 bool(false)
diff --git a/Zend/tests/enum/unserialize-non-existent-case.phpt b/Zend/tests/enum/unserialize-non-existent-case.phpt
@@ -13,5 +13,5 @@ var_dump(unserialize('E:7:"Foo:Baz";'));
 --EXPECTF--
 Warning: unserialize(): Undefined constant Foo::Baz in %s on line %d
 
-Notice: unserialize(): Error at offset 14 of 14 bytes in %s on line %d
+Warning: unserialize(): Error at offset 14 of 14 bytes in %s on line %d
 bool(false)
@@ -8,5 +8,5 @@ $str = 'C:3:"GMP":4:{s:6666666666:""}';
 var_dump(unserialize($str));
 ?>
 --EXPECTF--
-Notice: unserialize(): Error at offset 13 of 29 bytes in %s on line %d
+Warning: unserialize(): Error at offset 13 of 29 bytes in %s on line %d
 bool(false)
diff --git a/ext/phar/tests/phar_metadata_write3.phpt b/ext/phar/tests/phar_metadata_write3.phpt
@@ -79,7 +79,7 @@ Calling getMetadata with too low max_depth
 
 Warning: Phar::getMetadata(): Maximum depth of 1 exceeded. The depth limit can be changed using the max_depth unserialize() option or the unserialize_max_depth ini setting in %sphar_metadata_write3.php on line 39
 
-Notice: Phar::getMetadata(): Error at offset 34 of 59 bytes in %sphar_metadata_write3.php on line 39
+Warning: Phar::getMetadata(): Error at offset 34 of 59 bytes in %sphar_metadata_write3.php on line 39
 bool(false)
 Calling getMetadata with some allowed classes
 In wakeup

@@ -40,7 +40,7 @@ function ptr2str($ptr)
 --EXPECTF--
 Warning: session_decode(): Failed to decode session object. Session has been destroyed in %s%ebug72562.php on line %d
 
-Notice: unserialize(): Error at offset 0 of 1 bytes in %s%ebug72562.php on line %d
+Warning: unserialize(): Error at offset 0 of 1 bytes in %s on line %d
 
-Notice: unserialize(): Error at offset 4 of 4 bytes in %s%ebug72562.php on line %d
+Warning: unserialize(): Error at offset 4 of 4 bytes in %s on line %d
 bool(false)
@@ -157,7 +157,7 @@ Deprecated: %s implements the Serializable interface, which is deprecated. Imple
 
 Warning: Erroneous data format for unserializing 'TestNANew' in %s005.php on line %d
 
-Notice: unserialize(): Error at offset 19 of 20 bytes in %s005.php on line %d
+Warning: unserialize(): Error at offset 19 of 20 bytes in %s on line %d
 bool(false)
 ===NANew2===
 unserializer(TestNANew2)

@@ -11,7 +11,7 @@ var_dump(unserialize('O:4:"Test":1:{}'));
 
 ?>
 --EXPECTF--
-Notice: unserialize(): Unexpected end of serialized data in %s on line %d
+Warning: unserialize(): Unexpected end of serialized data in %s on line %d
 
-Notice: unserialize(): Error at offset 14 of 15 bytes in %s on line %d
+Warning: unserialize(): Error at offset 14 of 15 bytes in %s on line %d
 bool(false)
@@ -17,41 +17,41 @@ var_dump(unserialize("s:3:\"123;"));
 var_dump(unserialize("s:0:\"123\";"));
 ?>
 --EXPECTF--
-Notice: unserialize(): Error at offset 0 of 8 bytes in %sbug25378.php on line %d
+Warning: unserialize(): Error at offset 0 of 8 bytes in %s on line %d
 bool(false)
 
-Notice: unserialize(): Error at offset 0 of 5 bytes in %sbug25378.php on line %d
+Warning: unserialize(): Error at offset 0 of 5 bytes in %s on line %d
 bool(false)
 
-Notice: unserialize(): Error at offset 13 of 19 bytes in %sbug25378.php on line %d
+Warning: unserialize(): Error at offset 13 of 19 bytes in %s on line %d
 bool(false)
 
-Notice: unserialize(): Error at offset 14 of 19 bytes in %sbug25378.php on line %d
+Warning: unserialize(): Error at offset 14 of 19 bytes in %s on line %d
 bool(false)
 
-Notice: unserialize(): Error at offset 2 of 22 bytes in %sbug25378.php on line %d
+Warning: unserialize(): Error at offset 2 of 22 bytes in %s on line %d
 bool(false)
 
-Notice: unserialize(): Error at offset 17 of 18 bytes in %sbug25378.php on line %d
+Warning: unserialize(): Error at offset 17 of 18 bytes in %s on line %d
 bool(false)
 
-Notice: unserialize(): Error at offset 24 of 33 bytes in %sbug25378.php on line %d
+Warning: unserialize(): Error at offset 24 of 33 bytes in %s on line %d
 bool(false)
 
-Notice: unserialize(): Error at offset 17 of 33 bytes in %sbug25378.php on line %d
+Warning: unserialize(): Error at offset 17 of 33 bytes in %s on line %d
 bool(false)
 
-Notice: unserialize(): Error at offset 32 of 32 bytes in %sbug25378.php on line %d
+Warning: unserialize(): Error at offset 32 of 32 bytes in %s on line %d
 bool(false)
 
-Notice: unserialize(): Error at offset 2 of 13 bytes in %sbug25378.php on line %d
+Warning: unserialize(): Error at offset 2 of 13 bytes in %s on line %d
 bool(false)
 
-Notice: unserialize(): Error at offset 2 of 11 bytes in %sbug25378.php on line %d
+Warning: unserialize(): Error at offset 2 of 11 bytes in %s on line %d
 bool(false)
 
-Notice: unserialize(): Error at offset 8 of 9 bytes in %sbug25378.php on line %d
+Warning: unserialize(): Error at offset 8 of 9 bytes in %s on line %d
 bool(false)
 
-Notice: unserialize(): Error at offset 5 of 10 bytes in %sbug25378.php on line %d
+Warning: unserialize(): Error at offset 5 of 10 bytes in %s on line %d
 bool(false)
@@ -10,5 +10,5 @@ Warning: unserialize(): %s in %sbug68044.php on line %d
 
 Warning: Insufficient data for unserializing - %d required, 1 present in %s%ebug68044.php on line 2
 
-Notice: unserialize(): Error at offset 32 of 33 bytes in %s%ebug68044.php on line 2
+Warning: unserialize(): Error at offset 32 of 33 bytes in %s on line %d
 ===DONE==
@@ -5,5 +5,5 @@ Bug #68545 NULL pointer dereference in unserialize.c:var_push_dtor
 var_dump(unserialize('a:6:{a:6:{s:3:"322";s:3:"bar";s:3:"bar";s:3:"foo";a:6:{a:6:{s:3:"322";s:3:"bar";s:3:"bar";s:3:"foo";s:3:"bar";a:6:{a:6:{s:3:"322";s:3:"bar";s:3:"bar";s:3:"foo";a:6:{a:6:{s:3:"322";s:3:"bar";s:3:"b22";s:3:"bar";s:3:"bar";s:3:"foo";s:3:"bar";a:6:{a:6:{s:3:"322";s:3:"bar";s:3:"bar";s:3:"foo";s:3:"bar";s:3:"bar";'));
 ?>
 --EXPECTF--
-Notice: unserialize(): Error at offset %d of %d bytes in %sbug68545.php on line %d
+Warning: unserialize(): Error at offset 10 of 310 bytes in %s on line %d
 bool(false)
@@ -15,7 +15,7 @@ var_dump(unserialize('a:2:{i:0;i:42;i:1;O:4:"evil":0:{}}'));
 
 ?>
 --EXPECTF--
-Notice: unserialize(): Error at offset 4 of 4 bytes in %s on line %d
+Warning: unserialize(): Error at offset 4 of 4 bytes in %s on line %d
 bool(false)
 
 Warning: unserialize(): Function evil() hasn't defined the class it was called for in %s on line %d

@@ -31,5 +31,5 @@ var_dump($data);
 --EXPECTF--
 Warning: session_decode(): Failed to decode session object. Session has been destroyed in %s on line %d
 
-Notice: unserialize(): Error at offset 55 of 56 bytes in %s on line %d
+Warning: unserialize(): Error at offset 55 of 56 bytes in %s on line %d
 bool(false)
@@ -48,8 +48,8 @@ DONE
 --EXPECTF--
 Deprecated: %s implements the Serializable interface, which is deprecated. Implement __serialize() and __unserialize() instead (or in addition, if support for old PHP versions is necessary) in %s on line %d
 
-Notice: unserialize(): Error at offset 0 of 3 bytes in %sbug70436.php on line %d
+Warning: unserialize(): Error at offset 0 of 3 bytes in %s on line %d
 
-Notice: unserialize(): Error at offset 93 of 94 bytes in %sbug70436.php on line %d
+Warning: unserialize(): Error at offset 93 of 94 bytes in %s on line %d
 bool(false)
 DONE
@@ -5,5 +5,5 @@ Bug #71840 (Unserialize accepts wrongly data)
 var_dump(unserialize('a:1:{s:0:""0a:0:{}}'));
 ?>
 --EXPECTF--
-Notice: unserialize(): Error at offset 11 of 19 bytes in %sbug71840.php on line %d
+Warning: unserialize(): Error at offset 11 of 19 bytes in %s on line %d
 bool(false)
@@ -18,7 +18,7 @@ var_dump($s);
 var_dump(unserialize($s));
 ?>
 --EXPECTF--
-Notice: serialize(): "b" is returned from __sleep() multiple times in %s on line %d
+Warning: serialize(): "b" is returned from __sleep() multiple times in %s on line %d
 string(39) "O:1:"A":1:{s:1:"b";O:8:"stdClass":0:{}}"
 object(A)#%d (1) {
   ["b"]=>

@@ -49,10 +49,10 @@ try {
 
 ?>
 --EXPECTF--
-Notice: unserialize(): Error at offset 17 of 24 bytes in %s on line %d
+Warning: unserialize(): Error at offset 17 of 24 bytes in %s on line %d
 bool(false)
 
-Notice: unserialize(): Error at offset 25 of 32 bytes in %s on line %d
+Warning: unserialize(): Error at offset 25 of 32 bytes in %s on line %d
 bool(false)
 Caught
 Caught
@@ -21,9 +21,9 @@ var_dump(unserialize($exploit));
 --EXPECTF--
 Deprecated: %s implements the Serializable interface, which is deprecated. Implement __serialize() and __unserialize() instead (or in addition, if support for old PHP versions is necessary) in %s on line %d
 
-Notice: unserialize(): Unexpected end of serialized data in %s on line %d
+Warning: unserialize(): Unexpected end of serialized data in %s on line %d
 
-Notice: unserialize(): Error at offset 49 of 50 bytes in %s on line %d
+Warning: unserialize(): Error at offset 49 of 50 bytes in %s on line %d
 
-Notice: unserialize(): Error at offset 82 of 83 bytes in %s on line %d
+Warning: unserialize(): Error at offset 82 of 83 bytes in %s on line %d
 bool(false)
@@ -12,7 +12,7 @@ session_decode($sess);
 var_dump($_SESSION);
 ?>
 --EXPECTF--
-Notice: session_decode(): Unexpected end of serialized data in %s on line %d
+Warning: session_decode(): Unexpected end of serialized data in %s on line %d
 
 Warning: session_decode(): Failed to decode session object. Session has been destroyed in %s on line %d
 array(0) {

@@ -14,5 +14,5 @@ $poc = 'O:3:"obj":1:{';
 var_dump(unserialize($poc));
 ?>
 --EXPECTF--
-Notice: unserialize(): Error at offset 13 of 13 bytes in %sbug73052.php on line %d
+Warning: unserialize(): Error at offset 13 of 13 bytes in %s on line %d
 bool(false)
@@ -20,5 +20,5 @@ unserialize($exploit);
 --EXPECTF--
 Error at offset 6 of 7 bytes
 
-Notice: ArrayObject::unserialize(): Unexpected end of serialized data in %sbug73341.php on line %d
+Warning: ArrayObject::unserialize(): Unexpected end of serialized data in %sbug73341.php on line %d
 Error at offset 24 of 34 bytes
@@ -8,5 +8,5 @@ var_dump($obj);
 --EXPECTF--
 Warning: Bad unserialize data in %sbug73825.php on line %d
 
-Notice: unserialize(): Error at offset 13 of 15 bytes in %sbug73825.php on line %d
+Warning: unserialize(): Error at offset 13 of 15 bytes in %s on line %d
 bool(false)
@@ -8,5 +8,5 @@ var_dump(unserialize($s));
 --EXPECTF--
 Warning: unserialize(): %s in %sbug74101.php on line %d
 
-Notice: unserialize(): Error at offset 46 of 74 bytes in %sbug74101.php on line %d
+Warning: unserialize(): Error at offset 46 of 74 bytes in %s on line %d
 bool(false)
@@ -5,5 +5,5 @@ Bug #74103: heap-use-after-free when unserializing invalid array size
 var_dump(unserialize('a:7:{i:0;i:04;s:1:"a";i:2;i:9617006;i:4;s:1:"a";i:4;s:1:"a";R:5;s:1:"7";R:3;s:1:"a";R:5;;s:18;}}'));
 ?>
 --EXPECTF--
-Notice: unserialize(): Error at offset %d of %d bytes in %s on line %d
+Warning: unserialize(): Error at offset 64 of 96 bytes in %s on line %d
 bool(false)
@@ -6,5 +6,5 @@ $s = 'O:8:"stdClass":00000000';
 var_dump(unserialize($s));
 ?>
 --EXPECTF--
-Notice: unserialize(): Error at offset 25 of 23 bytes in %s on line %d
+Warning: unserialize(): Error at offset 25 of 23 bytes in %s on line %d
 bool(false)
@@ -10,5 +10,5 @@ var_dump(unserialize('d:2e++2;'));
 --EXPECTF--
 float(200)
 
-Notice: unserialize(): Error at offset 0 of 8 bytes in %s on line %d
+Warning: unserialize(): Error at offset 0 of 8 bytes in %s on line %d
 bool(false)
@@ -9,4 +9,4 @@ unserialize('a:3020000000000000000000000000000001:{i:0;a:0:{}i:1;i:2;i:2;i:3;i:3
 --EXPECTF--
 Warning: unserialize(): %s in %sbug74614.php on line %d
 
-Notice: unserialize(): Error at offset %d of 113 bytes in %s on line %d
+Warning: unserialize(): Error at offset 38 of 113 bytes in %s on line %d
@@ -8,5 +8,5 @@ $poc .= '000";R:2;s:4:"0000";d:0;s:4:"0000";a:9:{s:4:"0000";';
 var_dump(unserialize($poc));
 ?>
 --EXPECTF--
-Notice: unserialize(): Error at offset 43 of 145 bytes in %s on line %d
+Warning: unserialize(): Error at offset 43 of 145 bytes in %s on line %d
 bool(false)
@@ -50,4 +50,4 @@ Serialization of 'class@anonymous' is not allowed
 Unserialization of 'MySplFileInfo' is not allowed
 Unserialization of 'MySplFileInfo' is not allowed
 
-Notice: unserialize(): Error at offset 0 of %d bytes in %s on line %d
+Warning: unserialize(): Error at offset 0 of %d bytes in %s on line %d
@@ -18,38 +18,38 @@ var_dump(unserialize('a:1:{i:0;R:-1;}'));
 
 ?>
 --EXPECTF--
-Notice: unserialize(): Error at offset 0 of 9 bytes in %s on line %d
+Warning: unserialize(): Error at offset 0 of 9 bytes in %s on line %d
 bool(false)
 
-Notice: unserialize(): Error at offset 0 of 9 bytes in %s on line %d
+Warning: unserialize(): Error at offset 0 of 9 bytes in %s on line %d
 bool(false)
 
-Notice: unserialize(): Error at offset 0 of 7 bytes in %s on line %d
+Warning: unserialize(): Error at offset 0 of 7 bytes in %s on line %d
 bool(false)
 
-Notice: unserialize(): Error at offset 0 of 7 bytes in %s on line %d
+Warning: unserialize(): Error at offset 0 of 7 bytes in %s on line %d
 bool(false)
 
-Notice: unserialize(): Error at offset 0 of 20 bytes in %s on line %d
+Warning: unserialize(): Error at offset 0 of 20 bytes in %s on line %d
 bool(false)
 
-Notice: unserialize(): Error at offset 0 of 20 bytes in %s on line %d
+Warning: unserialize(): Error at offset 0 of 20 bytes in %s on line %d
 bool(false)
 
-Notice: unserialize(): Error at offset 0 of 24 bytes in %s on line %d
+Warning: unserialize(): Error at offset 0 of 24 bytes in %s on line %d
 bool(false)
 
-Notice: unserialize(): Error at offset 0 of 24 bytes in %s on line %d
+Warning: unserialize(): Error at offset 0 of 24 bytes in %s on line %d
 bool(false)
 
-Notice: unserialize(): Error at offset 9 of 15 bytes in %s on line %d
+Warning: unserialize(): Error at offset 9 of 15 bytes in %s on line %d
 bool(false)
 
-Notice: unserialize(): Error at offset 9 of 15 bytes in %s on line %d
+Warning: unserialize(): Error at offset 9 of 15 bytes in %s on line %d
 bool(false)
 
-Notice: unserialize(): Error at offset 9 of 15 bytes in %s on line %d
+Warning: unserialize(): Error at offset 9 of 15 bytes in %s on line %d
 bool(false)
 
-Notice: unserialize(): Error at offset 9 of 15 bytes in %s on line %d
+Warning: unserialize(): Error at offset 9 of 15 bytes in %s on line %d
 bool(false)