Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:118846
Return-Path: <tstarling@wikimedia.org>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 88858 invoked from network); 19 Oct 2022 04:14:13 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 19 Oct 2022 04:14:13 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id C9CE01804AC
	for <internals@lists.php.net>; Tue, 18 Oct 2022 21:14:12 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-3.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,
	RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,
	SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no
	version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <tstarling@wikimedia.org>
Received: from mail-pj1-f45.google.com (mail-pj1-f45.google.com [209.85.216.45])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Tue, 18 Oct 2022 21:14:12 -0700 (PDT)
Received: by mail-pj1-f45.google.com with SMTP id x1-20020a17090ab00100b001fda21bbc90so19384673pjq.3
        for <internals@lists.php.net>; Tue, 18 Oct 2022 21:14:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=wikimedia.org; s=google;
        h=content-transfer-encoding:in-reply-to:from:references:to
         :content-language:subject:user-agent:mime-version:date:message-id
         :from:to:cc:subject:date:message-id:reply-to;
        bh=5bMe6GqhuNfqp0/ut3T1+meJW+XKIk3NaX/9ymujPwE=;
        b=TC8rFaNr04QZRS0sbjdnGkLNDEfyL6iyFiaCbppmbbv6RiF6xFVu3O9CfoIYAF3Ffu
         uWR2QzjTrSSAK9iwjkR+iyBZa7SuPwKMyk318GHyPQmZs249hUxtYkLsDzodcx9GON5j
         X+yBB5DcRogDtJVLrE9dhfdphwlIzMKvFgxTw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-transfer-encoding:in-reply-to:from:references:to
         :content-language:subject:user-agent:mime-version:date:message-id
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=5bMe6GqhuNfqp0/ut3T1+meJW+XKIk3NaX/9ymujPwE=;
        b=rqJUu4pt4sMSX6tkx/6eh4BUntB4xes04k1mDt+KlHox5xv3GzUKVYZ12fVwq+GlCY
         MRH017Hzvqm5/h8hjhejVFAvbVUH+AIrOUD7TcCnTpESf7k+J7gw4sYhtg8h/RP62M+a
         H/znT7bjjkAc3LG2tYHLd7R7WMkODQZjOVPGsJf9ahkLyBH1MHZX9GE9tVR04Y0qBwLK
         tVf41DnZW2mSDryDZ3xw/feU86yMj3s2If7/uW9JrnSe8lDLJnW2tdu6hMAs31DkAVkl
         3KzDKbjeqSimHploQCGcucKliSavuM89cVk+Mq5oB2vt3UIEh7TPZcz9hHUuaSS4bACU
         RgNA==
X-Gm-Message-State: ACrzQf0OqGVp2TeFbMsVK6wdVRkZMU7ao4Mu7uGyRTVX/vLiXihzuwtm
	ogvyGeeQ5DMyvm4VEnIwfdeC0+Qyfxj0aQ==
X-Google-Smtp-Source: AMsMyM4FucLLeBais/DJnVOfzFV9lWd8ZZcMHRc7w/TKf0UDOLaRWl/fn889vl6WK4YANNzrcfaY3A==
X-Received: by 2002:a17:902:aa94:b0:183:f6ff:f5ba with SMTP id d20-20020a170902aa9400b00183f6fff5bamr6464504plr.81.1666152850960;
        Tue, 18 Oct 2022 21:14:10 -0700 (PDT)
Received: from [10.1.1.45] (124-149-170-192.dyn.iinet.net.au. [124.149.170.192])
        by smtp.gmail.com with ESMTPSA id d204-20020a621dd5000000b0056238741ba0sm10025432pfd.79.2022.10.18.21.14.09
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Tue, 18 Oct 2022 21:14:10 -0700 (PDT)
Message-ID: <312c7bee-2258-d4f4-a53d-892f5c66a07f@wikimedia.org>
Date: Wed, 19 Oct 2022 15:14:06 +1100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.2.2
Content-Language: en-US
To: =?UTF-8?Q?Tim_D=c3=bcsterhus?= <tim@bastelstu.be>, internals@lists.php.net
References: <22177032-fe72-c39b-63fe-fa4368a70852@bastelstu.be>
 <ef9fa4be-09e7-56a3-9552-76ded6af2e87@wikimedia.org>
 <5d5849c5-ca79-71e9-ccc8-5c69952fd408@bastelstu.be>
In-Reply-To: <5d5849c5-ca79-71e9-ccc8-5c69952fd408@bastelstu.be>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Subject: Re: [PHP-DEV] [VOTE] Improve unserialize() error handling
From: tstarling@wikimedia.org (Tim Starling)

On 18/10/22 22:32, Tim Düsterhus wrote:
>
> false is a valid value that might've been serialized. The manual 
> specifically notes:
>
>>  false is returned both in the case of an error and if 
>> unserializing the serialized false value. It is possible to catch 
>> this special case by comparing data with serialize(false) or by 
>> catching the issued E_NOTICE. 

Yes, that is fair enough.


>
> Note that your example code also errors out if the $result is an 
> empty array, an empty string or another falsy values. This might be 
> an acceptable result in your specific case, but is not the correct 
> behavior in the general case.

Right, there was no instance in the 150 callers I reviewed yesterday 
in which unserialize() was explicitly checked for errors while 
unserializing a falsy value. Most often, there is an array wrapper 
around the actual value, or the possibility is otherwise excluded.


>
> The example in the RFC was written to be correct for the general 
> case, without imposing any constraints in the input data.

As I said, if throwing was optional, like in json_decode(), I would be 
all for it. I'm just doing a cost/benefit analysis. The common case 
should be easy, while the general case should be possible.

As a matter of style, I think PHP's false returns are fine. I don't 
think we need to follow Python into making every error an exception.

-- Tim Starling