Add NOT_SERIALIZABLE to XMLWriter, XMLReader, SNMP, tidy, and tidyNode

iliaal · iliaal · commit edc4325a2aed · 2026-04-09T15:04:30.000-04:00
These classes wrap native C handles (libxml2 writer/reader, SNMP
session, libTidy document/node) that cannot survive serialization.
Unserializing produces a broken object with NULL internal pointers.
diff --git a/ext/snmp/snmp.stub.php b/ext/snmp/snmp.stub.php
@@ -181,6 +181,7 @@ function snmp_get_valueretrieval(): int {}
 
 function snmp_read_mib(string $filename): bool {}
 
+/** @not-serializable */
 class SNMP
 {
     /** @cvalue SNMP_VERSION_1 */
diff --git a/ext/snmp/snmp_arginfo.h b/ext/snmp/snmp_arginfo.h
diff --git a/ext/snmp/tests/gh21682.phpt b/ext/snmp/tests/gh21682.phpt
@@ -0,0 +1,17 @@
+--TEST--
+GH-21682 (SNMP should not be serializable)
+--EXTENSIONS--
+snmp
+--FILE--
+<?php
+$s = new SNMP(SNMP::VERSION_1, "localhost", "public");
+try {
+    serialize($s);
+    echo "ERROR: should have thrown\n";
+} catch (\Exception $e) {
+    echo $e->getMessage() . "\n";
+}
+$s->close();
+?>
+--EXPECT--
+Serialization of 'SNMP' is not allowed
diff --git a/ext/tidy/tests/gh21682.phpt b/ext/tidy/tests/gh21682.phpt
@@ -0,0 +1,26 @@
+--TEST--
+GH-21682 (tidy and tidyNode should not be serializable)
+--EXTENSIONS--
+tidy
+--FILE--
+<?php
+$t = new tidy();
+try {
+    serialize($t);
+    echo "ERROR: should have thrown\n";
+} catch (\Exception $e) {
+    echo $e->getMessage() . "\n";
+}
+
+$t->parseString("<html><body>test</body></html>");
+$node = $t->body();
+try {
+    serialize($node);
+    echo "ERROR: should have thrown\n";
+} catch (\Exception $e) {
+    echo $e->getMessage() . "\n";
+}
+?>
+--EXPECT--
+Serialization of 'tidy' is not allowed
+Serialization of 'tidyNode' is not allowed
diff --git a/ext/tidy/tidy.stub.php b/ext/tidy/tidy.stub.php
@@ -861,6 +861,7 @@ function tidy_get_head(tidy $tidy): ?tidyNode {}
 
 function tidy_get_body(tidy $tidy): ?tidyNode {}
 
+/** @not-serializable */
 class tidy
 {
     public ?string $errorBuffer = null;
@@ -973,6 +974,7 @@ public function html(): ?tidyNode {}
     public function body(): ?tidyNode {}
 }
 
+/** @not-serializable */
 final class tidyNode
 {
     public readonly string $value;
diff --git a/ext/tidy/tidy_arginfo.h b/ext/tidy/tidy_arginfo.h
diff --git a/ext/xmlreader/php_xmlreader.stub.php b/ext/xmlreader/php_xmlreader.stub.php
@@ -2,6 +2,7 @@
 
 /** @generate-class-entries */
 
+/** @not-serializable */
 class XMLReader
 {
     /* Constants for NodeType - cannot define common types to share with dom as there are differences in these types */
diff --git a/ext/xmlreader/php_xmlreader_arginfo.h b/ext/xmlreader/php_xmlreader_arginfo.h
diff --git a/ext/xmlreader/tests/gh21682.phpt b/ext/xmlreader/tests/gh21682.phpt
@@ -0,0 +1,16 @@
+--TEST--
+GH-21682 (XMLReader should not be serializable)
+--EXTENSIONS--
+xmlreader
+--FILE--
+<?php
+$r = new XMLReader();
+try {
+    serialize($r);
+    echo "ERROR: should have thrown\n";
+} catch (\Exception $e) {
+    echo $e->getMessage() . "\n";
+}
+?>
+--EXPECT--
+Serialization of 'XMLReader' is not allowed
diff --git a/ext/xmlwriter/php_xmlwriter.stub.php b/ext/xmlwriter/php_xmlwriter.stub.php
@@ -86,6 +86,7 @@ function xmlwriter_output_memory(XMLWriter $writer, bool $flush = true): string
 
 function xmlwriter_flush(XMLWriter $writer, bool $empty = true): string|int {}
 
+/** @not-serializable */
 class XMLWriter
 {
     /**
diff --git a/ext/xmlwriter/php_xmlwriter_arginfo.h b/ext/xmlwriter/php_xmlwriter_arginfo.h
diff --git a/ext/xmlwriter/tests/gh21682.phpt b/ext/xmlwriter/tests/gh21682.phpt
@@ -0,0 +1,16 @@
+--TEST--
+GH-21682 (XMLWriter should not be serializable)
+--EXTENSIONS--
+xmlwriter
+--FILE--
+<?php
+$w = new XMLWriter();
+try {
+    serialize($w);
+    echo "ERROR: should have thrown\n";
+} catch (\Exception $e) {
+    echo $e->getMessage() . "\n";
+}
+?>
+--EXPECT--
+Serialization of 'XMLWriter' is not allowed

Original file line number	Diff line number	Diff line change
`@@ -181,6 +181,7 @@ function snmp_get_valueretrieval(): int {}`
`181`	`181`
`182`	`182`	`function snmp_read_mib(string $filename): bool {}`
`183`	`183`
	`184`	`+/** @not-serializable */`
`184`	`185`	`class SNMP`
`185`	`186`	`{`
`186`	`187`	`/** @cvalue SNMP_VERSION_1 */`
Original file line number	Diff line number	Diff line change
`@@ -861,6 +861,7 @@ function tidy_get_head(tidy $tidy): ?tidyNode {}`
`861`	`861`
`862`	`862`	`function tidy_get_body(tidy $tidy): ?tidyNode {}`
`863`	`863`
	`864`	`+/** @not-serializable */`
`864`	`865`	`class tidy`
`865`	`866`	`{`
`866`	`867`	`public ?string $errorBuffer = null;`
`@@ -973,6 +974,7 @@ public function html(): ?tidyNode {}`
`973`	`974`	`public function body(): ?tidyNode {}`
`974`	`975`	`}`
`975`	`976`
	`977`	`+/** @not-serializable */`
`976`	`978`	`final class tidyNode`
`977`	`979`	`{`
`978`	`980`	`public readonly string $value;`
Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,7 @@`
`2`	`2`
`3`	`3`	`/** @generate-class-entries */`
`4`	`4`
	`5`	`+/** @not-serializable */`
`5`	`6`	`class XMLReader`
`6`	`7`	`{`
`7`	`8`	`/* Constants for NodeType - cannot define common types to share with dom as there are differences in these types */`
Original file line number	Diff line number	Diff line change
`@@ -86,6 +86,7 @@ function xmlwriter_output_memory(XMLWriter $writer, bool $flush = true): string`
`86`	`86`
`87`	`87`	`function xmlwriter_flush(XMLWriter $writer, bool $empty = true): string\|int {}`
`88`	`88`
	`89`	`+/** @not-serializable */`
`89`	`90`	`class XMLWriter`
`90`	`91`	`{`
`91`	`92`	`/**`