PHP :: Bug #49194 :: var_dump() doesn't completely protect against infinite looping

Bug #49194	var_dump() doesn't completely protect against infinite looping
Submitted:	2009-08-07 18:44 UTC	Modified:	2009-08-10 15:19 UTC
From:	gwynne@php.net	Assigned:	colder (profile)
Status:	Closed	Package:	*General Issues
PHP Version:	5.3, 6 (2009-08-07)	OS:	*
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	gwynne@php.net
New email:
PHP Version:		OS:

New/Additional Comment:

[2009-08-07 18:44 UTC] gwynne@php.net

Description:
------------
Calling var_dump() on a closure that references itself results in an infinite loop.

Reproduce code:
---------------
<?php
$f = function () use (&$f) {};
var_dump($f);
?>

Expected result:
----------------
object(Closure)#1 (1) {
  ["static"]=>
  array(1) {
    ["f"]=>
    &object(Closure)#1 (1) {
      ["static"]=>
      array(1) {
        ["f"]=>RECURSION
      }
    }
  }
}

Actual result:
--------------
object(Closure)#1 (1) {
  ["static"]=>
  array(1) {
    ["f"]=>
    &object(Closure)#1 (1) {
      ["static"]=>
      array(1) {
        ["f"]=>
        &object(Closure)#1 (1) {
          ["static"]=>
          array(1) {
            ["f"]=>
<repeats forever>

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-08-07 20:33 UTC] colder@php.net

This is an inherent problem of the get_debug_info handler.

For closures which should (I guess) remain constant across multiple var_dump calls, there is an easy solution of caching the HT.

http://patches.colder.ch/php-src/zend_closures_recursion-5.3.patch?markup

However, multiple mutable classes uses a custom debug_info handler with full control over the items, such as SPLDoublyLinkedList. The problem here seems to be impossible to fix without adapting the get_debug_info handler.

Changing it from 

HashTable *(*zend_object_get_debug_info_t)(zval *object, int *is_temp TSRMLS_DC);

to 

HashTable **(*zend_object_get_debug_info_t)(zval *object, int *is_temp TSRMLS_DC);

should be sufficient.

[2009-08-10 15:19 UTC] colder@php.net

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Found another solution which do not imply an API break.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Jun 14 07:01:49 2024 UTC