Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:118683
Return-Path: <tim@bastelstu.be>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 5121 invoked from network); 21 Sep 2022 16:10:38 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 21 Sep 2022 16:10:38 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 038281804A9
	for <internals@lists.php.net>; Wed, 21 Sep 2022 09:10:38 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS,
	T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS24940 176.9.0.0/16
X-Spam-Virus: No
X-Envelope-From: <tim@bastelstu.be>
Received: from chrono.xqk7.com (chrono.xqk7.com [176.9.45.72])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Wed, 21 Sep 2022 09:10:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bastelstu.be;
	s=mail20171119; t=1663776636;
	bh=nlnADSCIq901KaMHHf/MCLN1Z61AtVH7ICWSVXazTI8=;
	h=Date:Subject:From:To:Cc:References:In-Reply-To:From;
	b=nkT/WEoxm51AW1EpZOjlHbSpy/9fA7ko1X3eT0/8CUP9mL8V2u47AdJV2VGaGkgsy
	 eKzIPQ+anH8R2qHitAg8EJvw4ztx6mb53YbMfhxBHFTMqlJSaAA0axdkaR0jg0hXKb
	 tyjix3gKicD6P92VZHChbUAJJEnH4Xe92pYiX9gk0faseC9vMfK/Yxiwn12pos1Zpo
	 R9dPJGd01ZKZC2ElmcT2fc3tVCqt7ZdwniplAJfPl5Rg5faalw6/KWFrt83G/KQS7b
	 qc5ASgHv4MPi9nZ8ghThA/cBvaTJeq8zojmclPstO0gL1A1uK22UV7Sc2L4ypAQ6jU
	 B3pN4swwhtGRw==
Message-ID: <a81f09a3-0f3d-86a5-b9b4-a097ce49da28@bastelstu.be>
Date: Wed, 21 Sep 2022 18:10:36 +0200
MIME-Version: 1.0
Content-Language: en-US
To: Nicolas Grekas <nicolas.grekas+php@gmail.com>
Cc: internals@lists.php.net
References: <530b3a9d-0ee4-6061-8c69-df672d238032@bastelstu.be>
 <CAOWwgpnQuRMv4Uv=bM+QNBPeUC8BCk4f1kYOcg8EUrYD1WoRzQ@mail.gmail.com>
 <51a57a4d-ccb5-a581-205e-e2684e4db8c8@bastelstu.be>
 <CAOWwgp=W94c4Vzkn7HZkzWESjaE6bm8yCUGTD1+X1eiHQsCTjw@mail.gmail.com>
 <81f1ceb4-1086-3f1a-942d-aebbb5c2712f@bastelstu.be>
 <CAOWwgpko4i=Af6ybAy+p5N7zEjGnWhh+ZCxYy6=nJ7J7k+KJVw@mail.gmail.com>
 <94b9c2ab-70d5-48e1-50f8-409a3073023a@bastelstu.be>
In-Reply-To: <94b9c2ab-70d5-48e1-50f8-409a3073023a@bastelstu.be>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Subject: Re: [PHP-DEV] RFC [Discussion]: Improve unserialize() error handling
From: tim@bastelstu.be (=?UTF-8?Q?Tim_D=c3=bcsterhus?=)

Hi

On 9/20/22 21:24, Tim Düsterhus wrote:
> My understanding is that this attempts to gracefully handle broken cache
> entries and force a rebuild if the payload is invalid.
> 
> This will fail if the serialized payload contains a malformed
> DateTimeImmutable, because DateTimeImmutable will throw an Error,
> instead of Exception: https://3v4l.org/eB5ZE. The 'catch' should likely
> be adjusted to catch '\Throwable'.
> 

To add onto this: "An Error could be thrown" might also happen with a 
PHP 8.2 readonly class that later removes a property. As the property no 
longer exists on the class it will be considered a dynamic property 
which is disallowed on readonly classes, thus throwing an 'Error', not 
'Exception' during unserialization:

https://3v4l.org/Xsmfu

Best regards
Tim Düsterhus