Database backends cannot deal with corrupt serialized data: app completey broken [#2872694]

Problem/Motivation

Some cache backends including the database implementation rely on serialization to store cached data:

    // Unserialize and return the cached data.
    if ($cache->serialized) {
      $cache->data = unserialize($cache->data);
    }

I had this situation where the container definition (that is by default stored in the database cache) could not be unserialized (there are several reasons that could lead to such a situation. I.e. a change in the environment/runtime can make something that could be previously unserialized not unserializable anymore).

In such a situation, the cache backend FAILS to provide reliable information, because it will return the stored data as FALSE (that is a completely valid cache data value).

The FALSE value propagates leading to a completely dead Drupal application:

[25-Apr-2017 15:13:32 Europe/Madrid] TypeError: Argument 1 passed to Drupal\Component\DependencyInjection\Container::__construct() must be of the type array, boolean given, called in D:\_Webs\chf_envivoui_FZd\app\web\core\lib\Drupal\Core\DrupalKernel.php on line 883 in D:\_Webs\chf_envivoui_FZd\app\web\core\lib\Drupal\Component\DependencyInjection\Container.php on line 119 #0 D:\_Webs\chf_envivoui_FZd\app\web\core\lib\Drupal\Core\DrupalKernel.php(883): Drupal\Component\DependencyInjection\Container->__construct(false)
#1 D:\_Webs\chf_envivoui_FZd\app\web\core\lib\Drupal\Core\DrupalKernel.php(461): Drupal\Core\DrupalKernel->initializeContainer()
#2 D:\_Webs\chf_envivoui_FZd\app\web\core\lib\Drupal\Core\DrupalKernel.php(651): Drupal\Core\DrupalKernel->boot()
#3 D:\_Webs\chf_envivoui_FZd\app\web\index.php(19): Drupal\Core\DrupalKernel->handle(Object(Symfony\Component\HttpFoundation\Request))
#4 {main}

Of course, in such a situation, a container rebuild will save they day. But I can imagine many other places where a corrupt serialized cache item could render the system unusable, and there would be no other solution but to completely wipe all caches - and there is no warranty that Drupal itself will be able to wipe the caches using regular mechanisms as it could be broken as in the previous situation - so you will need to do this in a more manual way.

Proposed resolution

When retrieving cache items using DatabaseCacheBackend, make sure that corrupt items are properly identified and treated as cache misses.

Currently broken items are treated as cache hits that return a FALSE as the cached data.

Remaining tasks

User interface changes

None.

API changes

None.

Data model changes

None.

Comment	File	Size	Author
#37	interdiff_18-37.txt	6.87 KB	Prem Suthar
#37	2872694-37.patch	5.12 KB	Prem Suthar
#37
#18	interdiff-15-17.txt	1.51 KB	izaaksom
#18	database_backend_broken_when_corrupt_serialized_cache_2872694-17.patch	2.49 KB	izaaksom
#18	8.5.x: PHP 7 & MySQL 5.5 22,287 pass PHP 7.1 & MySQL 5.5 22,287 pass
#15	interdiff-11-15.txt	1.24 KB	izaaksom
#15	database_backend_broken_when_corrupt_serialized_cache_2872694-15.patch	2.63 KB	izaaksom
#15	8.5.x: PHP 7.1 & MySQL 5.5 22,219 pass PHP 7 & MySQL 5.5 22,219 pass
#3	database_backend_broken_when_corrupt_serialized_cache_2872694-1.patch	698 bytes	izaaksom
#3	8.5.x: PHP 7 & MySQL 5.5 22,117 pass
#6	database_backend_broken_when_corrupt_serialized_cache_2872694-2.patch	913 bytes	izaaksom
#6	8.5.x: PHP 7.1 & MySQL 5.5 22,241 pass PHP 7 & MySQL 5.5 22,241 pass
#9	database_backend_broken_when_corrupt_serialized_cache_2872694-3.patch	2.96 KB	izaaksom
#9	8.5.x: PHP 7.1 & MySQL 5.5 22,247 pass PHP 7 & MySQL 5.5 22,247 pass
#11	interdiff-9-11.txt	1.28 KB	Ada Hernandez
#11	test-only.patch	2.07 KB	Ada Hernandez
#11	8.5.x: PHP 7 & MySQL 5.5 22,221 pass, 2 fail
#11	database_backend_broken_when_corrupt_serialized_cache_2872694-11.patch	2.96 KB	Ada Hernandez
#11	8.5.x: PHP 7 & MySQL 5.5 22,233 pass

Issue fork drupal-2872694

Show commands

Start within a Git clone of the project using the version control instructions.

Add & fetch this issue fork’s repository

Or, if you do not have SSH keys set up on git.drupalcode.org:

Add & fetch this issue fork’s repository

2872694-database-backends-cannot changes, plain diff MR !7090
Check out this branch

About issue forks

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

25 April 2017 at 14:47

david_garcia created an issue. See original summary.

Comment #2

25 April 2017 at 14:47

Version:

8.4.x-dev

» 8.5.x-dev

Drupal 8.4.0-alpha1 will be released the week of July 31, 2017, which means new developments and disruptive changes should now be targeted against the 8.5.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Comment #3

izaaksom CreditAttribution: izaaksom as a volunteer commented 3 August 2017 at 17:55

File	Size
database_backend_broken_when_corrupt_serialized_cache_2872694-1.patch	698 bytes
8.5.x: PHP 7 & MySQL 5.5 22,117 pass

Hi, I'm really glad (?) that I'm not the only one having issues with this. There should be a normalized way in Drupal to handle caches and verify that when we return FALSE we are really a getting a FALSE and not corrupt data . Temporally I add a possible fix to this.

Comment #4

david_garcia CreditAttribution: david_garcia commented 3 August 2017 at 18:50

Issue summary:	View changes
Status:	Active	» Reviewed & tested by the community

Excelent patch! Not the most elegant approach, but does the job in a concise and cost-effective manner.

Time to update the issue summary.

Comment #5

catch

he/him

English

CreditAttribution: catch at Third and Grove commented 4 August 2017 at 05:58

Status:

Reviewed & tested by the community

» Needs work

+++ b/core/lib/Drupal/Core/Cache/DatabaseBackend.php
@@ -135,7 +135,13 @@ protected function prepareItem($cache, $allow_invalid) {
-      $cache->data = unserialize($cache->data);
+      $unserialized = unserialize($cache->data);
+      if($unserialized === FALSE) {
+        if($cache->data != serialize(FALSE)){
+          return FALSE;
+        }
+      }
+      $cache->data = $unserialized;

This could use some test coverage - for example inserting some data that can't be unserialized into a cache table directly, then retrieving it via the API.

Also there's some minor code style issues, like missing spaces before parenthesis/brackets. Could use a short explanatory comment as to why we're doing this as well.

unserialize() will issue an E_NOTICE when it can't unserialize data, so I think just the comparison above is fine and patch makes sense to me overall.

Comment #6

izaaksom CreditAttribution: izaaksom as a volunteer commented 31 August 2017 at 18:05

File	Size
database_backend_broken_when_corrupt_serialized_cache_2872694-2.patch	913 bytes
8.5.x: PHP 7.1 & MySQL 5.5 22,241 pass PHP 7 & MySQL 5.5 22,241 pass

Here is another patch that solves the code-style issues mentioned by catch on #5

Comment #7

david_garcia CreditAttribution: david_garcia commented 1 September 2017 at 06:50

Status:

Needs work

» Reviewed & tested by the community

Style issues seem to be fixed.

Comment #8

Wim Leers

Ghent 🇧🇪🇪🇺

CreditAttribution: Wim Leers at Acquia commented 1 September 2017 at 10:19

Status:	Reviewed & tested by the community	» Needs work
Issue tags:		+Needs tests

Comment #9

izaaksom CreditAttribution: izaaksom as a volunteer commented 4 September 2017 at 21:04

File	Size
database_backend_broken_when_corrupt_serialized_cache_2872694-3.patch	2.96 KB
8.5.x: PHP 7.1 & MySQL 5.5 22,247 pass PHP 7 & MySQL 5.5 22,247 pass

Fixes #8

Comment #10

Wim Leers

Ghent 🇧🇪🇪🇺

CreditAttribution: Wim Leers at Acquia commented 5 September 2017 at 11:36

Issue tags:

-Needs tests

Thanks!

+++ b/core/tests/Drupal/KernelTests/Core/Cache/DatabaseBackendTest.php
@@ -29,6 +30,16 @@ protected function createCacheBackend($bin) {
+   * Gets the cache tag validator.

Comment is wrong.

+++ b/core/tests/Drupal/KernelTests/Core/Cache/DatabaseBackendTest.php
@@ -48,4 +59,29 @@ public function testSetGet() {
+   * Tests getting a FALSE when requesting the corrupt object.

s/the corrupt object/a corrupt cache item/

+++ b/core/tests/Drupal/KernelTests/Core/Cache/DatabaseBackendTest.php
@@ -48,4 +59,29 @@ public function testSetGet() {
+    // We insert a corrupted object into the cache table.

s/object/cache item/

Please also post a failing test-only patch, so that we know that the new test coverage is indeed reproducing the original problem :)

(Post both a failing test-only patch and the patch in #9 in the same comment. Then it'll be very clear what patch you want a committer to commit.)

After that, this is RTBC!

Comment #11

Ada Hernandez CreditAttribution: Ada Hernandez at MTech, LLC commented 5 September 2017 at 17:19

Status:

Needs work

» Needs review

File	Size
database_backend_broken_when_corrupt_serialized_cache_2872694-11.patch	2.96 KB
8.5.x: PHP 7 & MySQL 5.5 22,233 pass
test-only.patch	2.07 KB
8.5.x: PHP 7 & MySQL 5.5 22,221 pass, 2 fail
interdiff-9-11.txt	1.28 KB

3 files were hidden/shown/deleted

File	Size
database_backend_broken_when_corrupt_serialized_cache_2872694-1.patch	698 bytes
8.5.x: PHP 7 & MySQL 5.5 22,117 pass
database_backend_broken_when_corrupt_serialized_cache_2872694-2.patch	913 bytes
8.5.x: PHP 7.1 & MySQL 5.5 22,241 pass PHP 7 & MySQL 5.5 22,241 pass
database_backend_broken_when_corrupt_serialized_cache_2872694-3.patch	2.96 KB
8.5.x: PHP 7.1 & MySQL 5.5 22,247 pass PHP 7 & MySQL 5.5 22,247 pass

#10 done

Comment #12

5 September 2017 at 18:00

The last submitted patch, 11: test-only.patch, failed testing. View results

Comment #13

david_garcia CreditAttribution: david_garcia commented 6 September 2017 at 10:22

Status:

Needs review

» Reviewed & tested by the community

Comment #14

Wim Leers

Ghent 🇧🇪🇪🇺

CreditAttribution: Wim Leers at Acquia commented 6 September 2017 at 13:38

Status:

Reviewed & tested by the community

» Needs work

Thanks!

Sorry, one last round of nits (which I think a committer would also raise):

+++ b/core/tests/Drupal/KernelTests/Core/Cache/DatabaseBackendTest.php
@@ -29,6 +30,16 @@ protected function createCacheBackend($bin) {
+   * Gets a CacheTagsChecksum tag validator.
...
+   *   A CacheTagChecksum tag validator.

s/a/the/

+++ b/core/tests/Drupal/KernelTests/Core/Cache/DatabaseBackendTest.php
@@ -29,6 +30,16 @@ protected function createCacheBackend($bin) {
+  protected function getCacheTagsChecksum() {

The method name is missing the "validator" bit.

+++ b/core/tests/Drupal/KernelTests/Core/Cache/DatabaseBackendTest.php
@@ -48,4 +59,29 @@ public function testSetGet() {
+    $cache_tags_checksum = $this->getCacheTagsChecksum();

This is the only place this is being used. This is a test. Let's just inline the $this->container->get(…) call.

Comment #15

izaaksom CreditAttribution: izaaksom as a volunteer commented 6 September 2017 at 18:42

File	Size
database_backend_broken_when_corrupt_serialized_cache_2872694-15.patch	2.63 KB
8.5.x: PHP 7.1 & MySQL 5.5 22,219 pass PHP 7 & MySQL 5.5 22,219 pass
interdiff-11-15.txt	1.24 KB

Fixes #14

Comment #16

Wim Leers

Ghent 🇧🇪🇪🇺

CreditAttribution: Wim Leers at Acquia commented 7 September 2017 at 17:59

Status:

Needs work

» Reviewed & tested by the community

Thanks!

Comment #17

larowlan

🇦🇺🏝.au GMT+10

CreditAttribution: larowlan at PreviousNext commented 13 September 2017 at 20:27

Status:

Reviewed & tested by the community

» Needs review

An observation and a nit

+++ b/core/lib/Drupal/Core/Cache/DatabaseBackend.php
@@ -135,7 +135,16 @@ protected function prepareItem($cache, $allow_invalid) {
+      if ($unserialized === FALSE) {
+        if ($cache->data != serialize(FALSE)) {

We can combine these into a single if statement

if ($unserialized === FALSE && $cache->data !== serialize(FALSE)) {

+++ b/core/lib/Drupal/Core/Cache/DatabaseBackend.php
@@ -135,7 +135,16 @@ protected function prepareItem($cache, $allow_invalid) {
+        if ($cache->data != serialize(FALSE)) {

nit - because they're both strings - we should use !== here

+++ b/core/tests/Drupal/KernelTests/Core/Cache/DatabaseBackendTest.php
@@ -48,4 +49,30 @@ public function testSetGet() {
+  public function testCorruptCacheReturnsFalse() {

Nice work here

+++ b/core/tests/Drupal/KernelTests/Core/Cache/DatabaseBackendTest.php
@@ -48,4 +49,30 @@ public function testSetGet() {
+      'tags' => implode(' ', []),

nit: Can't we just use ''?

Comment #18

izaaksom CreditAttribution: izaaksom as a volunteer commented 9 October 2017 at 20:56

File	Size
database_backend_broken_when_corrupt_serialized_cache_2872694-17.patch	2.49 KB
8.5.x: PHP 7 & MySQL 5.5 22,287 pass PHP 7.1 & MySQL 5.5 22,287 pass
interdiff-15-17.txt	1.51 KB

5 files were hidden/shown/deleted

File	Size
database_backend_broken_when_corrupt_serialized_cache_2872694-11.patch	2.96 KB
8.5.x: PHP 7 & MySQL 5.5 22,233 pass
test-only.patch	2.07 KB
8.5.x: PHP 7 & MySQL 5.5 22,221 pass, 2 fail
interdiff-9-11.txt	1.28 KB
database_backend_broken_when_corrupt_serialized_cache_2872694-15.patch	2.63 KB
8.5.x: PHP 7.1 & MySQL 5.5 22,219 pass PHP 7 & MySQL 5.5 22,219 pass
interdiff-11-15.txt	1.24 KB

Fixes #17

Comment #19

dawehner

German

CreditAttribution: dawehner at Chapter Three commented 9 October 2017 at 21:48

There are many other places where we might have issues with serialize and we should have a look at? It might be worth looking at some followups ...

index 747186b9b7..c55a02710f 100644
--- a/core/lib/Drupal/Core/Cache/DatabaseBackend.php

--- a/core/lib/Drupal/Core/Cache/DatabaseBackend.php
+++ b/core/lib/Drupal/Core/Cache/DatabaseBackend.php

+++ b/core/lib/Drupal/Core/Cache/DatabaseBackend.php
@@ -163,7 +163,14 @@ protected function prepareItem($cache, $allow_invalid) {

In an ideal world we would document on CacheBackendInterface that each backend ideally should have such a code ...

Comment #20

david_garcia CreditAttribution: david_garcia commented 10 October 2017 at 23:57

Status:

Needs review

» Reviewed & tested by the community

Comment #21

david_garcia CreditAttribution: david_garcia commented 15 October 2017 at 20:13

It might be worth looking at some followups ...

Actually, every single call to unserialize() in Drupal's codebase should be revised to properly consider unserialization failure. I'd rather have a custom unserialize() that throws an exception upon failure, than having an "FALSE" being propagated as a successful result of unserialization.

Comment #22

catch

he/him

English

CreditAttribution: catch at Third and Grove commented 16 October 2017 at 11:56

Status:

Reviewed & tested by the community

» Needs work

+++ b/core/lib/Drupal/Core/Cache/DatabaseBackend.php
@@ -163,7 +163,14 @@ protected function prepareItem($cache, $allow_invalid) {
+      $unserialized = @unserialize($cache->data);

We shouldn't suppress the error from unserialize() with @ - that notice might be useful (for example if somehow a cache entry was always corrupted so never got successfully returned). So I'd remove that and just fix the return here.

Comment #23

16 October 2017 at 11:56

Version:

8.5.x-dev

» 8.6.x-dev

Drupal 8.5.0-alpha1 will be released the week of January 17, 2018, which means new developments and disruptive changes should now be targeted against the 8.6.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Comment #24

16 October 2017 at 11:56

Version:

8.6.x-dev

» 8.7.x-dev

Drupal 8.6.0-alpha1 will be released the week of July 16, 2018, which means new developments and disruptive changes should now be targeted against the 8.7.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Comment #25

bburg

he/him

Washington D.C.

CreditAttribution: bburg at Forum One commented 30 July 2018 at 18:36

I am currently dealing with a site with a corrupt serialized value for the system.theme.data state. The site in question seems to run fine in production, but setting up in a VM for local development runs into this error, so there may be a local environment difference triggering this. But still, it seems like serialization/unserialization should be pretty straightforward.

It seems to happen with a long set of data, maybe it's trying to unserialize a multi-byte string? https://stackoverflow.com/questions/21072727/php-unserialize-strange-iss...