Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:118311
Return-Path: <tim@bastelstu.be>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 44616 invoked from network); 29 Jul 2022 15:18:47 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 29 Jul 2022 15:18:47 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id B3D391804B5
	for <internals@lists.php.net>; Fri, 29 Jul 2022 10:17:36 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS,
	T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS24940 176.9.0.0/16
X-Spam-Virus: No
X-Envelope-From: <tim@bastelstu.be>
Received: from chrono.xqk7.com (chrono.xqk7.com [176.9.45.72])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Fri, 29 Jul 2022 10:17:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bastelstu.be;
	s=mail20171119; t=1659115054;
	bh=Q/DbaSl6wAZTSrTHIphh/35d1+ufZ62KpwKQll+slNo=;
	h=Date:To:From:Subject:From;
	b=jVZ0vPngkX92iEhcXqHE8KXQrOqcWl2hgy2U+LuHA2nKF/n3BKnSllVX+5dOuW85b
	 bX3+MMqksASC6ipMHH/kii1XLByIXG+OF7e/CqDudwq0vJETwMaPAseqOSzLTjX/5r
	 XIJGHnINdp+vMLoUcWgx1L+rBUQUFThJ/CV/Ay1qn85lo4nsgdJ+3HQ0Tjt6w1zrq6
	 +lNR0FredhN98M/ELN+qGqxmkpJatmRMBS28NVSwuJ9DKNtPMHGmX0Ar67Dfa3OLsh
	 lnVvzoSMDJ3ZvBNZZjHgYcK16xVazblCSUCsbpldZIahOhaDMcR24uauEc/RLCE4xg
	 pZkCZj2UyTjfA==
Message-ID: <302000df-5c3f-a86c-a608-2a45d2726ab1@bastelstu.be>
Date: Fri, 29 Jul 2022 19:17:33 +0200
MIME-Version: 1.0
Content-Language: en-US
To: PHP internals <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Subject: What type of Exception to use for unserialize() failure?
From: tim@bastelstu.be (=?UTF-8?Q?Tim_D=c3=bcsterhus?=)

Hi!

I'm currently in the process of cleaning up the error handling of the 
new ext/random and now came across the implementation of __unserialize().

Looking through the source code for existing examples I found that the 
following is used:

- ext/gmp: Exception
- ext/hash: Exception
- ext/date: Error
- ext/spl: UnexpectedValueException
- ext/random: Currently Exception.

… all of those with different error messages. unserialize() itself will 
emit a regular 'Notice' (yes, you read that right) when encountering 
garbage data.

In the end I've opted to follow ext/date's lead and created a PR 
changing ext/random to use an Error, as unserialization failures likely 
mean that you are unserializing untrusted data which you should not do 
in the first place. Also any errors during unserializing are not really 
recoverable: You can't go and fix up the input string.

The PR can be found here:

https://github.com/php/php-src/pull/9185

During review cmb noted that using an 'Error' here might not be the best 
choice, as while it is likely to be a programmer error if unserializing 
fails, we do not want to educate users to catch(Error).

As the existing behavior already is inconsistent and the Notice really 
should be upgraded to something … more alarming in the future, I'm 
putting this topic up for discussion on the list.

My suggested path forward would be:

For 8.2:

- Update ext/random to use the ext/date wording (I like that one best):

"Invalid serialization data for <classname> object."

- Revert the change from Exception to Error in my ext/random PR #9185.
- Update ext/date to Exception (the Error for __unserialize() was added 
in 8.2, but there already was an Error for __wakeup() before).

For whatever comes after 8.2:

- Add a new UnserializationFailureException extends Exception (or 
whatever color the bikeshed should have). Any existing catch blocks 
should still match, as Exception is more general. It would break for 
ext/spl, though. Unless UnserializationFailureException extends 
UnexpectedValueException.
- Add a helper function that throws this Exception with a consistent 
wording.
- Upgrade unserialize() from Notice to UnserializationFailureException.

Opinions?

Best regards
Tim Düsterhus