php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #72107 Infinite Recursion in Array Structure
Submitted: 2016-04-26 14:43 UTC Modified: 2021-05-31 15:33 UTC
Votes:2
Avg. Score:4.0 ± 1.0
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:2 (100.0%)
From: php at abiusx dot com Assigned:
Status: Verified Package: Arrays related
PHP Version: 7.0.5 OS: OS X
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: php at abiusx dot com
New email:
PHP Version: OS:

 

 [2016-04-26 14:43 UTC] php at abiusx dot com 
Description:
------------
By creating an array structure in the following format:

$a=[];
$a['ref']=&$a;
$a['val']=$a;

Any PHP-only attempt at discovering this recursion will fail. Also, structures like RecursiveIterators will loop infinitely, unserialize(serialize($a)) also drops out the val part.

Generally PHP behaves very weird and unexpectedly. I have not traced this in the Zend engine to see what is causing it, but my hypothesis is that accessing $a['val'] is creating a new copy of it every time (and my PHP-side tests confirm this).


Test script:
---------------
$a=['ref'=>&$a];
$a['val']=$a;
var_dump($a); //normal, as expected

var_dump(unserialize(serialize($a))); //half-arsed

foreach (new RecursiveIteratorIterator(new RecursiveArrayIterator($a)) as $k=>$v)
	echo $k,"=>",@$v,PHP_EOL; //infinite loop


Expected result:
----------------
At least RecursiveIterators should be able to distinguish this behavior, if serialize can not handle it. Or PHP internals should be changed in a way that this does not happen.
Or these examples be marked as dangerous because they can possibly break applications.

Actual result:
--------------
Infinite Loop

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-05-31 15:33 UTC] cmb@php.net
-Status: Open +Status: Verified
 [2021-05-31 15:33 UTC] cmb@php.net 
Indeed, (un)serialization doesn't look quite right[1], and the
loop hangs for me (PHP-7.4).

[1] <https://3v4l.org/eqU8f>
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Dec 21 16:01:28 2024 UTC