Edit report at https://bugs.php.net/bug.php?id=63882&edit=1
ID: 63882 Updated by: dmi...@php.net Reported by: gynvael at coldwind dot pl Summary: zend_std_compare_objects crash on recursion -Status: Analyzed +Status: Closed Type: Bug Package: Reproducible crash Operating System: any PHP Version: 5.4.10 Assigned To: dmitry Block user comment: N Private report: N New Comment: Automatic comment on behalf of dmi...@zend.com Revision: http://git.php.net/?p=php-src.git;a=commit;h=f9e8678dd3a41ed8a100d8201153a41d6fd25f2e Log: Fixed bug #63882 (zend_std_compare_objects crash on recursion) Previous Comments: ------------------------------------------------------------------------ [2013-01-07 06:15:33] paj...@php.net hi Dmitry, Can you take a look at the patch please? btw, don't we have that already in place in the hash table for that? Wondering if we really need to add that for props as they are stored in the hash table anyway. ------------------------------------------------------------------------ [2013-01-02 19:03:05] a...@php.net The stack overflow happens only with default class properties. Non default object properties are stored in the HashTable and it's protected against recursion. The solution I'm suggesting in the patch is simple but could be binary incompatible to the stuff in the outer world. I mean the stuff like pre compiled pecl extensions, as the zend_object size changes. May be that should only go into 5.5 Another solution were quite complex - compare_function could be extended with a recursion count argument, but that would need a lot of places to be touched. ------------------------------------------------------------------------ [2013-01-02 18:53:25] a...@php.net The following patch has been added/updated: Patch Name: 63882.patch Revision: 1357152805 URL: https://bugs.php.net/patch-display.php?bug=63882&patch=63882.patch&revision=1357152805 ------------------------------------------------------------------------ [2013-01-01 19:27:30] gynvael at coldwind dot pl Description: ------------ The standard PHP object compare handler (zend_std_compare_objects) together with the == operator (compare_function) have no limit on nesting levels nor any anti- recursion protection. The array comparing function in compare_function does have this protection. It would be good to add it to the object standard compare handler as well. Test script: --------------- <?php class Test { public $x = 5; } $testobj1 = new Test; $testobj2 = new Test; $testobj1->x = $testobj1; $testobj2->x = $testobj2; $testobj1 == $testobj2; // Crash (stack exhaustion) Expected result: ---------------- PHP Fatal error: Nesting level too deep - recursive dependency? in test.php on line 9 Actual result: -------------- segmentation fault (core dumped) ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=63882&edit=1
