ZF-8015: AMF0 Deserializer Reference Handling Improper

Issue Type: Bug Created: 2009-10-04T20:58:42.000+0000 Last Updated: 2012-05-17T19:10:15.000+0000 Status: Open Fix version(s): Reporter: Stephen Augenstein (warhammerkid) Assignee: Wade Arnold (wadearnold) Tags: - Zend_Amf

Related issues: Attachments:


The AMF0 deserializer adds objects to the reference array after they've been completely deserialized, which means that ALL nested objects fail to deserialize in AMF0 mode.

For example: var a:Object = {test: 'asdf'} var b:Array = [a, a];

When serialized, the ref index should be 1, for "a", however, when Zend AMF deserializes this, the reference array will only have one item in it when it reaches the reference to a, so it will crash.


Posted by Adam Lundrigan (adamlundrigan) on 2012-05-17T18:49:56.000+0000

Is this still an issue? Should it be fixed for v1.12?

Posted by Stephen Augenstein (warhammerkid) on 2012-05-17T19:10:15.000+0000

Looks like it still is an issue in 1.11.11. By adding the object to the reference cache after the contents have been read, any reference's offsets are incorrect, and it makes it impossible to deserialize circular references.

<pre class="highlight">
    public function readObject($object = null)
        if ($object === null) {
            $object = array();

        while (true) {
            $key        = $this->_stream->readUTF();
            $typeMarker = $this->_stream->readByte();
            if ($typeMarker != Zend_Amf_Constants::AMF0_OBJECTTERM ){
                //Recursivly call readTypeMarker to get the types of properties in the object
                $object[$key] = $this->readTypeMarker($typeMarker);
            } else {
                //encountered AMF object terminator
        $this->_reference[] = $object; // ***** THIS LINE SHOULD COME BEFORE ANY READING *****
        return (object) $object;

The AMF0 deserializer has several other issues with how it handles references for data structures, so it may not be worth fixing if no one has cared enough to fix it before.

Have you found an issue?

See the Overview section for more details.


© 2006-2018 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.