php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #54348 Crash (Call stack overflow) in ExchangeArray
Submitted: 2011-03-22 14:02 UTC Modified: 2016-02-21 12:30 UTC
Votes:2
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: decoder-php at own-hero dot net Assigned: nikic (profile)
Status: Closed Package: Reproducible crash
PHP Version: * OS: Linux x86-64
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: decoder-php at own-hero dot net
New email:
PHP Version: OS:

 

 [2011-03-22 14:02 UTC] decoder-php at own-hero dot net 
Description:
------------
Attached testcase crashes on PHP 5.3.6 due to a call stack overflow.

Test script:
---------------
<?php
$ao = new ArrayObject();
$obj = new ArrayObject($ao);
$ao->exchangeArray($obj);
?>

Actual result:
--------------
==26022== Process terminating with default action of signal 11 (SIGSEGV)
==26022==  Access not within mapped region at address 0x7FE801FF8
==26022==    at 0x80F319: zend_object_store_get_object (zend_objects_API.c:269)
==26022==    by 0x63E719: spl_array_get_hash_table (spl_array.c:86)
==26022==    by 0x63E72E: spl_array_get_hash_table (spl_array.c:87)
==26022==    by 0x63E72E: spl_array_get_hash_table (spl_array.c:87)
==26022==    by 0x63E72E: spl_array_get_hash_table (spl_array.c:87)
==26022==    by 0x63E72E: spl_array_get_hash_table (spl_array.c:87)
==26022==    by 0x63E72E: spl_array_get_hash_table (spl_array.c:87)
==26022==    by 0x63E72E: spl_array_get_hash_table (spl_array.c:87)
==26022==    by 0x63E72E: spl_array_get_hash_table (spl_array.c:87)
==26022==    by 0x63E72E: spl_array_get_hash_table (spl_array.c:87)
==26022==    by 0x63E72E: spl_array_get_hash_table (spl_array.c:87)
==26022==    by 0x63E72E: spl_array_get_hash_table (spl_array.c:87)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-12-27 09:07 UTC] stas@php.net
-Type: Security +Type: Bug
 [2014-07-13 02:52 UTC] yohgaki@php.net
-PHP Version: 5.3.6 +PHP Version: *
 [2014-07-13 02:52 UTC] yohgaki@php.net 
http://3v4l.org/LMNaW
 [2016-02-21 12:30 UTC] nikic@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: nikic
 [2016-02-21 12:30 UTC] nikic@php.net 
This has been fixed in PHP 7.0.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Tue Jul 01 21:01:35 2025 UTC